API standards and multilingual preset SDKs
The OpenAPI of this product (cas/2020-04-07) uses the RPC signature style. We have encapsulated SDKs for common programming languages for developers. Developers can download the SDK to directly call this product's OpenAPI without worrying about technical details. If the existing SDK does not meet your needs, you can use the signature mechanism for self-signing integration. Since the details of self-signing are very complex, it may take around 5 business days. Therefore, we recommend joining our DingTalk service group (147535001692) and conducting signature integration under expert guidance.
Before using the API, you need to prepare your identity account and access key (AccessKey) to effectively access the API through client tools (such as SDK and CLI). For details, see Obtain an AccessKey.
Custom signature scenarios
If your business scenario has special requirements and you need to integrate the API through self-signing, we recommend consulting our technical support team first (DingTalk service group: 147535001692) to obtain professional guidance and ensure efficient integration.
Account and security preparation
Alibaba Cloud accounts have full administrative permissions over all resources. Once an AccessKey is compromised, all associated resources will be at risk of unauthorized access. To ensure security, it is recommended to create a RAM user with only API access permissions and configure its AccessKey, while configuring RAM policies based on the principle of least privilege (PoLP). Use the Alibaba Cloud account only in specific scenarios where Alibaba Cloud account permissions are explicitly required.
Subscription instances
|
API |
Title |
Description |
| ListInstances | List instances | Retrieves a list of instances. |
| UpdateInstance | UpdateInstance | Updates the configuration of a Certificate Management Service instance. |
| GetInstanceDetail | Get instance details | Queries the details of an instance. |
| DeleteInstance | DeleteInstance | Deletes a Certificate Management Service instance. |
| RefundInstance | Refund an instance | Refunds an instance within 7 days. |
| GetInstanceSummary | GetInstanceSummary | Queries the summary statistics of Certificate Management Service instances, such as certificate counts by status. |
| ApplyCertificate | ApplyCertificate | Submits a certificate application for a Certificate Management Service instance. |
| GetTaskAttribute | GetTaskAttribute | Queries the processing result and status of a submitted certificate application. |
| CancelPendingCertificate | Revoke a certificate application | Revokes a certificate application. |
| ListCertificates | ListCertificates | Queries the certificates managed by Certificate Management Service. |
| RevokeCertificate | Revoke a certificate | Revokes a certificate. |
| GetCertificateDetail | GetCertificateDetail | Retrieves certificate details, excluding the certificate body and private key. |
| GetUserCertificateDetail | GetUserCertificateDetail | Retrieves certificate details, including the basic information, certificate body, and private key. You can also use this operation to download the certificate content and private key. |
| DeleteUserCertificate | DeleteUserCertificate | Deletes an expired, revoked, or manually uploaded certificate from Certificate Management Service. |
| UploadUserCertificate | UploadUserCertificate | Uploads a certificate and its private key to Certificate Management Service. Both SM and non-SM certificates are supported. |
Certificate contacts
|
API |
Title |
Description |
| MoveResourceGroup | MoveResourceGroup | Changes the resource group to which a certificate or certificate order belongs. |
Resource groups
|
API |
Title |
Description |
| CreateDeploymentJob | CreateDeploymentJob | Creates a certificate deployment task to deploy an SSL certificate to one or more Alibaba Cloud services immediately or at a scheduled time. |
| UpdateDeploymentJobStatus | UpdateDeploymentJobStatus | Updates the status of a certificate deployment task, such as changing from editing to pending execution. |
| ListDeploymentJob | ListDeploymentJob | Queries the certificate deployment tasks that are created in your account. |
| UpdateDeploymentJob | UpdateDeploymentJob | Updates the configuration of a certificate deployment task, such as the certificates or target resources. |
| DescribeDeploymentJob | DescribeDeploymentJob | Retrieves information about a certificate deployment task, including the task status, target resources, and certificates. |
| ListWorkerResource | ListWorkerResource | Queries the worker tasks of a deployment task. Each worker task deploys a certificate to a specific cloud resource in a cloud service. |
| DescribeDeploymentJobStatus | DescribeDeploymentJobStatus | Queries the execution status summary of a certificate deployment task, including the number of succeeded and failed workers. |
| ListDeploymentJobResource | ListDeploymentJobResource | Queries the cloud resources associated with a deployment task. An empty list indicates that the resources are invalid and must be re-associated. |
| ListContact | Retrieve contact list | Retrieves a list of contacts. |
| ListDeploymentJobCert | ListDeploymentJobCert | Queries the certificates associated with a deployment task, such as the certificate instance ID, type, and name. |
| UpdateWorkerResourceStatus | UpdateWorkerResourceStatus | Rolls back or re-executes a worker task in a certificate deployment task. |
| DeleteWorkerResource | DeleteWorkerResource | Deletes a worker task from a certificate deployment task. |
| DeleteDeploymentJob | DeleteDeploymentJob | Deletes a certificate deployment task. |
| DescribeCloudResourceStatus | DescribeCloudResourceStatus | Queries the number of cloud resources on which certificates were deployed by using a multi-cloud deployment task. |
| ListCloudResources | ListCloudResources | Queries the cloud resources on which certificates are deployed, such as Server Load Balancer (SLB) instances and CDN domains. |
| ListCloudAccess | ListCloudAccess | Queries the AccessKey pairs that are configured for multi-cloud certificate deployment. |
Deployment tasks
|
API |
Title |
Description |
| GetCertWarehouseQuota | GetCertWarehouseQuota | Queries the remaining quota for certificate application repository operations. |
| ListCertWarehouse | ListCertWarehouse | Queries the certificate application repositories in your account. |
| ListCert | ListCert | This API queries certificates in the certificate store. |
| Sign | Sign | This operation creates a digital signature with a PCA certificate from a certificate repository. |
| Verify | Verify | Verifies a data signature by using a private certificate in a certificate application repository. |
| Encrypt | Encrypt | Encrypts data by using a certificate in a certificate application repository. |
| Decrypt | Decrypt | Decrypts data that was encrypted by using a certificate in a certificate application repository. |
| UploadPCACert | UploadPCACert | Uploads a PCA certificate to a certificate warehouse. |
| DeletePCACert | DeletePCACert | Deletes a private certificate from a certificate application repository. |
| CreateWHClientCertificate | CreateWHClientCertificate | Issues a single client certificate from the general user certificate repository. |
| RevokeWHClientCertificate | RevokeWHClientCertificate | Revokes a client certificate from the certificate repository. |
Certificate repository
|
API |
Title |
Description |
| ListCsr | ListCsr | Queries the certificate signing requests (CSRs) in your account. |
| CreateCsr | CreateCsr | Creates a certificate signing request (CSR) that contains information about an SSL certificate to apply for, such as the domain names and the certificate holder. You must provide a CSR when you submit a certificate application to a certificate authority (CA). |
| UploadCsr | UploadCsr | Uploads an existing certificate signing request (CSR) to Certificate Management Service. After the upload, you can use the CSR to apply for certificates. |
| GetCsrDetail | GetCsrDetail | Queries the content of a certificate signing request (CSR). |
| UpdateCsr | UpdateCsr | Updates the private key associated with a certificate signing request (CSR). |
| DeleteCsr | DeleteCsr | Deletes a certificate signing request (CSR). |
CSR management
|
API |
Title |
Description |
| DescribePackageState | DescribePackageState | Queries the quota and usage of domain validated (DV) certificate packages. |
| ListUserCertificateOrder | ListUserCertificateOrder | Queries the SSL certificates and certificate orders in your account. |
| CreateCertificateForPackageRequest | CreateCertificateForPackageRequest | Submits a certificate application by using a purchased certificate package quota. |
| CancelCertificateForPackageRequest | CancelCertificateForPackageRequest | Revokes an issued certificate or cancels a pending certificate order and restores the quota. |
| CancelOrderRequest | CancelOrderRequest | Cancels a certificate application order that is pending domain verification or under review. |
| RenewCertificateOrderForPackageRequest | RenewCertificateOrderForPackageRequest | Submits a renewal application for an issued SSL certificate. |
Orders (V1.0)
|
API |
Title |
Description |
| DescribeCertificateState | DescribeCertificateState | Queries the status of a certificate application order, such as domain validation progress. |
| CreateCertificateWithCsrRequest | CreateCertificateWithCsrRequest | Purchases, applies for, and issues a domain validated (DV) certificate by using a custom certificate signing request (CSR) file. |
| CreateCertificateRequest | CreateCertificateRequest | Purchases, applies for, and issues a domain validated (DV) certificate by using extended certificate services. |
| DeleteCertificateRequest | DeleteCertificateRequest | Deletes a failed domain validated (DV) certificate application order. |
Certificate requests (V1.0)
|
API |
Title |
Description |
| AddCloudAccess | AddCloudAccess | Adds an AccessKey for authorization. |
| CreateWarehouse | CreateWarehouse | Creates a certificate warehouse. |
| DeleteCloudAccess | DeleteCloudAccess | Deletes an access key. |
| DeleteWarehouse | DeleteWarehouse | Deletes a certificate warehouse. |
| DescribeWarehouseCert | DescribeWarehouseCert | Retrieves the details of a certificate stored in a certificate warehouse. |
| GetAssetCount | GetAssetCount | Queries the total number of certificate-related assets, such as websites and cloud resources. |
| GetRiskCount | GetRiskCount | Queries the number of assets with certificate-related risks, such as expired or soon-to-expire certificates. |
| ListAssetCount | ListAssetCount | Queries the certificate deployment statistics by cloud service type. |
| ListWarehouse | ListWarehouse | Lists warehouses. |
| BatchUpdateNoticeStatus | Updates the status of message notification | Updates the notification status in batches |
| GetMatchedResources | Retrieve matched resources for a certificate | Retrieves the resources that match a certificate. |