Welcome to the DigiCert® Account Manager API reference documentation! The DigiCert® Account Manager API provides operations for managing DigiCert ONE users and accounts.

Base URL

The base URL path for endpoints in the DigiCert® Account Manager API is: {server}/account.

Replace {server} with the hostname of your DigiCert ONE instance. For example, if you are using the hosted version of DigiCert ONE, your {server} is https://one.digicert.com.

Authentication

API clients can authenticate to endpoints in the DigiCert® Account Manager API using these methods:

• Header-based API token authentication
• Authentication using a client authentication certificate

API token

To authenticate with an API token, include the custom HTTP header x‑api‑key in your request. Use one of these values in the x-api-key header:

• API token belonging to a DigiCert ONE administrator
• Service user token ID

Administrator API token:

• Standard users (administrators) can create API tokens for themselves.
• API tokens have the same permissions and access scope as the administrator that creates them.
• Actions linked to the API token are logged under the administrator's username.
• Learn how to generate an API token: Add and manage API tokens

Service user token ID

• Service users are nonuser-related API tokens that don't belong to or inherit a specific user's permissions.
• When you create a service user, you assign only the permission needed for the API integration.
• There are two ways to create a new service user:
  • Use the DigiCert® Account Manager console. Learn more: Service users
  • Use the POST /account/api/v1/user endpoint in the DigiCert® Account Manager API.

Client authentication certificate

When authenticating with a client authentication certificate, you present a trusted certificate in your request instead of using an API token. DigiCert ONE administrators and service users can both use client authentication certificates.

To use a client authentication certificate:

• Include the certificate in your API request.
• In the base URL for the endpoint path, add the prefix clientauth. For example: https://clientauth.one.digicert.com
• Omit the x-api-key header.

Requests

The DigiCert® Account Manager API accepts REST calls on the default ports 80/443. All requests are submitted using RESTful URLs and REST features, including header-based authentication and JSON request types. The data character set encoding for requests is UTF-8.

A well-formed request uses port 443 and specifies the user-agent and content-length HTTP headers. Each request consists of a method and an endpoint. Some requests also include a body if relevant to the operation being performed.

Method

The DigiCert® Account Manager API uses these standard HTTP methods:

• GET
• POST
• PUT
• DELETE

Body and content type

All requests that accept a body require passing in JSON formatted data with the Content-Type header set to application/json.

GET requests do not require passing formatted data in the request payload. However, some GET operations allow you to filter the results by providing additional path parameters or URL query strings.

Responses

Each response consists of a header and a body. The body is formatted based on the content type requested in the Accept header.

Note: The DigiCert® Account Manager API only supports responses with a content type of application/json. Requests that use the Accept header to specify a different content type will fail.

Headers

Each response includes a header with a response code based on RFC 2616 specifications.

• HTTP codes in the 200-399 range describe a successful request. Response bodies for HTTP codes in this range include the response data associated with the operation.
• HTTP codes in the 400+ range describe an error.

Unsuccessful requests return a list with one or more errors. Each error object includes a code and a message describing the problem with the request.

Example error response

{
  "errors": [
    {
      "code": "duplicate_error",
      "message": "Nickname api_service_user_3 already exists. Enter a different nickname."
    }
  ]
}