Authentication
All SCM Admin API methods require authentication.
The API supports Oauth2.0 and it is the recommended authentication method.
OAuth 2.0 Authentication
If you use OAuth 2.0, your base URL must be:https://admin.{instance}.sectigo.com/.
You must obtain a Bearer token using your client ID and client secret from SCM.
The Bearer token can be obtained from the authentication server using the OAuth 2.0 client credentials flow.
The required client ID and client secret can be obtained in SCM. You must provide these values to the authentication server to receive a Bearer token.
You can use the code examples in the Create access token page to generate an access token on your local machine.
If the request is successful, the response includes an access_token field.
Use this value as the bearer token in the Authorization header of subsequent API calls.
The expires_in parameter in the response indicates the lifetime of the access token in seconds.
Security is maintained because the access token is generated locally, and all API requests using the token are sent directly from your browser.
For more details, see Client Credentials and Making Authenticated Requests.
Header-based Authentication
The Admin API also supports header-based authentication.
If you choose this method, you should use https://cert-manager.com/ as your base url.
Note:
All endpoint pages in this API reference use the base URLhttps://admin.{instance}.sectigo.com/and require OAuth 2.0 authentication.
User login via password
The password login is used by most API endpoints using the base URL https://cert-manager.com/.
The following headers are required:
login: user login namepassword: user passwordcustomerUri: customer identifier
User login via certificate
Certificate login is required for some /private/api/... endpoints.
Requests must use URLs containing /private, such as:https://cert-manager.com/private/api/ssl/v1/types
The following headers are required:
login: user login namecustomerUri: customer identifier
Updated about 14 hours ago