Skip to content

Latest commit

 

History

History
342 lines (254 loc) · 19.4 KB

README.md

File metadata and controls

342 lines (254 loc) · 19.4 KB

Go API client for openapi

Welcome to the DigiCert ONE Enterprise PKI Manager REST API. The Enterprise PKI Manager API service provides operations for managing enrollments and certificates for users and devices, retrieving certificate profiles and seats, and account event reporting.

Base URL

The base URL path for endpoints in the Enterprise PKI Manager REST API is: {server}/mpki/api/v1.

Replace {server} with the hostname of your DigiCert ONE instance. For example, if you are using the DigiCert ONE hosted cloud solution, your {server} is https://one.digicert.com.

Authentication

API clients can authenticate to endpoints in the Enterprise PKI Manager REST API using these methods:

  • Header-based API token authentication.
  • Authentication using a client authentication certificate.

API token

To authenticate with an API token, include the custom HTTP header x-api-key in your request. Use one of these values in the x-api-key header:

  • A Service user token ID (recommended).
  • An API token bound to a DigiCert ONE administrator.

Note: We recommend that you dedicate a Service user token ID to API operations as this distinguishes API requests from administrator actions in your account audit logs.

Service user token ID

  • Service users are API tokens that are not associated with a specific user.

  • When you create a service user, you assign only the permissions needed for the API integration.

  • There are two ways to create a new service user:

    • 1- Use the Account Manager in DigiCert ONE:

      1. Navigate to the DigiCert ONE Account Manager.
      2. Select Access from the left menu.
      3. Select Service User from the left menu.
      4. Select Create service user and follow the remaining prompts.

    • 2- Make a request to the /account/api/v1/user endpoint in the DigiCert ONE Account Manager API service.

Administrator API token

  • Standard users (administrators) can create API tokens in DigiCert ONE.

  • API tokens have the same permissions and access scope as the administrator that created them.

  • Actions linked to the API token are logged under the administrator's name in event audit logs.

  • To generate a new API token:

    1. Navigate to the DigiCert ONE Account Manager.
    2. Select Access from the left menu.
    3. Select Administrators.
    4. Select the administrator you wish to create an API token for from the list.
    5. Scroll down to the API Tokens section on the administrator page.
    6. Select Create API token and follow the remaining prompts.

Client authentication certificate

When authenticating with a client authentication certificate, you present a trusted certificate in your request. Both DigiCert ONE administrators and service users can use client authentication certificates.

To generate a client authentication certificate:

  1. Navigate to the DigiCert ONE Account Manager.
  2. Select Access from the left menu.
  3. Search for and select your Service user.
  4. Scroll to the Authentication certificates section and select Create authentication certificate.
  5. Enter a Nickname and select an End date for the certificate.
  6. Select Generate certificate. Copy the password that is displayed (this is only displayed once and is required to decrypt the PKCS12 certificate file) and select Download certificate.
  7. Confirm that you have downloaded the certificate file (Certificate_pkcs12.p12) and that you can successfully decrypt it with the provided password, then click Close in the certificate download dialog box.
  8. Review the permissions you wish to provide to the Service user that the certificate is associated with.

Note: We recommend that you assign permissions according to the principle of least privilege, i.e. you assign the minimum permissions needed to perform the required tasks.

To use a client authentication certificate:

  • Include the certificate in your API request.
  • In the base URL for the endpoint path, add the prefix clientauth. For example: https://clientauth.one.digicert.com
  • Omit the x-api-key header.

Requests

The Enterprise PKI Manager API service accepts REST calls on HTTP/HTTPS ports 80/443. All requests are submitted using RESTful URLs and REST features, including header-based authentication and JSON request types. The data character set encoding for requests is UTF-8.

A well-formed request uses port 443 and specifies the user-agent and content-length HTTP headers. Each request consists of a method and an endpoint. Some requests also include a request payload if relevant to the operation being performed.

Method

The Enterprise PKI Manager API uses these standard HTTP methods:

  • GET
  • POST
  • PUT
  • DELETE

Body and content type

All requests that accept a body require passing in JSON formatted data with the Content-Type header set to application/json.

GET requests do not require passing formatted data in the request payload. However, some GET operations allow you to filter the results by providing additional path parameters or URL query strings (appended to the endpoint URL, e.g. ?limit=50).

Responses

Each response consists of a header and a body. The body is formatted based on the content type requested in the Accept header.

Note: Enterprise PKI Manager API endpoints only support responses with a content type of application/json. Requests that use the Accept header to specify a different content type will fail.

Headers

Each response includes a header with a response code based on RFC 2616 specifications.

  • HTTP codes in the 200-399 range describe a successful request. Response bodies for HTTP codes in this range include the response data associated with the operation.
  • HTTP codes in the 400+ range describe an error.

Unsuccessful requests return a list with one or more errors. Each error object includes a code and a message describing the problem with the request.

Example error response

{
  \"error\": {
    \"code\": \"no_access\",
    \"message\": \"User has no access to the Business unit with id = xxxxx or such Business unit does not exist\"
  }
}

Overview

This API client was generated by the OpenAPI Generator project. By using the OpenAPI-spec from a remote server, you can easily generate an API client.

  • API version: 1.0.0
  • Package version: 1.0.0
  • Build package: org.openapitools.codegen.languages.GoClientCodegen

Installation

Install the following dependencies:

go get github.com/stretchr/testify/assert
go get golang.org/x/oauth2
go get golang.org/x/net/context

Put the package under your project folder and add the following in import:

import openapi "github.com/GIT_USER_ID/GIT_REPO_ID"

To use a proxy, set the environment variable HTTP_PROXY:

os.Setenv("HTTP_PROXY", "http://proxy_name:proxy_port")

Configuration of Server URL

Default configuration comes with Servers field that contains server objects as defined in the OpenAPI specification.

Select Server Configuration

For using other server than the one defined on index 0 set context value sw.ContextServerIndex of type int.

ctx := context.WithValue(context.Background(), openapi.ContextServerIndex, 1)

Templated Server URL

Templated server URL is formatted using default variables from configuration or from context value sw.ContextServerVariables of type map[string]string.

ctx := context.WithValue(context.Background(), openapi.ContextServerVariables, map[string]string{
	"basePath": "v2",
})

Note, enum values are always validated and all unused variables are silently ignored.

URLs Configuration per Operation

Each operation can use different server URL defined using OperationServers map in the Configuration. An operation is uniquely identified by "{classname}Service.{nickname}" string. Similar rules for overriding default operation server index and variables applies by using sw.ContextOperationServerIndices and sw.ContextOperationServerVariables context maps.

ctx := context.WithValue(context.Background(), openapi.ContextOperationServerIndices, map[string]int{
	"{classname}Service.{nickname}": 2,
})
ctx = context.WithValue(context.Background(), openapi.ContextOperationServerVariables, map[string]map[string]string{
	"{classname}Service.{nickname}": {
		"port": "8443",
	},
})

Documentation for API Endpoints

All URIs are relative to https://one.digicert.com

Class Method HTTP request Description
CertificatesApi MpkiApiV1CertificateEscrowApproveSerialNumberPost Post /mpki/api/v1/certificate/escrow/approve/{serial_number} Approve escrowed certificate recovery
CertificatesApi MpkiApiV1CertificateEscrowRecoverSerialNumberGet Get /mpki/api/v1/certificate/escrow/recover/{serial_number} Recover escrowed certificate by serial number
CertificatesApi MpkiApiV1CertificateImportPost Post /mpki/api/v1/certificate-import Import certificate
CertificatesApi MpkiApiV1CertificatePost Post /mpki/api/v1/certificate Issue certificate
CertificatesApi MpkiApiV1CertificateSearchGet Get /mpki/api/v1/certificate-search Search certificates
CertificatesApi MpkiApiV1CertificateSerialNumberGet Get /mpki/api/v1/certificate/{serial_number} Get certificate by serial number
CertificatesApi MpkiApiV1CertificateSerialNumberRenewPost Post /mpki/api/v1/certificate/{serial_number}/renew Renew certificate
CertificatesApi MpkiApiV1CertificateSerialNumberRevokeDelete Delete /mpki/api/v1/certificate/{serial_number}/revoke Resume suspended certificate
CertificatesApi MpkiApiV1CertificateSerialNumberRevokePut Put /mpki/api/v1/certificate/{serial_number}/revoke Revoke certificate
EnrollmentsApi MpkiApiV1EnrollmentDetailsGet Get /mpki/api/v1/enrollment-details/ List enrollments
EnrollmentsApi MpkiApiV1EnrollmentDetailsIdentifierGet Get /mpki/api/v1/enrollment-details/{identifier} Get enrollment details by ID
EnrollmentsApi MpkiApiV1EnrollmentEnrollmentCodeGet Get /mpki/api/v1/enrollment/{enrollmentCode} Get enrollment details by enrollment code
EnrollmentsApi MpkiApiV1EnrollmentPost Post /mpki/api/v1/enrollment Create enrollment
EnrollmentsApi MpkiApiV1EnrollmentRedeemPost Post /mpki/api/v1/enrollment/redeem Redeem enrollment
ProfilesApi MpkiApiV1ProfileGet Get /mpki/api/v1/profile List profiles
ProfilesApi MpkiApiV1ProfileProfileIdGet Get /mpki/api/v1/profile/{profile_id} Get profile by ID
ReportingApi MpkiApiV1AuditLogGet Get /mpki/api/v1/audit-log List audit logs
ReportingApi MpkiApiV1AuditLogIdGet Get /mpki/api/v1/audit-log/{id} Get audit log event by ID
ReportingApi MpkiApiV1ReportEnrollmentCodeGet Get /mpki/api/v1/report/enrollment-code Get enrollment code report
SeatsApi MpkiApiV1SeatPost Post /mpki/api/v1/seat Create seat
SeatsApi MpkiApiV1SeatSeatIdDelete Delete /mpki/api/v1/seat/{seat_id} Delete seat
SeatsApi MpkiApiV1SeatSeatIdGet Get /mpki/api/v1/seat/{seat_id} Get seat by ID
SeatsApi MpkiApiV1SeatSeatIdPut Put /mpki/api/v1/seat/{seat_id} Update seat
SeatsApi MpkiApiV1SeatTypesGet Get /mpki/api/v1/seat-types Get available seat types
ServiceStatusApi MpkiApiV1HealthExtensiveGet Get /mpki/api/v1/health/extensive Query service health
ServiceStatusApi MpkiApiV1HelloGet Get /mpki/api/v1/hello Query service status

Documentation For Models

Documentation For Authorization

ApiKeyAuth

  • Type: API key
  • API key parameter name: X-API-Key
  • Location: HTTP header

Note, each API key must be added to a map of map[string]APIKey where the key is: X-API-Key and passed in as the auth context for each request.

Documentation for Utility Methods

Due to the fact that model structure members are all pointers, this package contains a number of utility functions to easily obtain pointers to values of basic types. Each of these functions takes a value of the given basic type and returns a pointer to it:

  • PtrBool
  • PtrInt
  • PtrInt32
  • PtrInt64
  • PtrFloat
  • PtrFloat32
  • PtrFloat64
  • PtrString
  • PtrTime

Author