All Products
Search

This Product

    Certificate Management Service:OpenAPI example

    Document Center

    Certificate Management Service:OpenAPI example

    Last Updated:Jan 23, 2026

    This topic provides a complete example of how to use an OpenAPI to query the status of a domain validated (DV) certificate application.

    Review the OpenAPI documentation

    The API overview shows that DescribeCertificateState is the OpenAPI used to query the status of a DV certificate application. Review the document to understand the required data and permissions for calling this API.

    Create a RAM user and grant permissions

    Identity

    You can call this API as an Alibaba Cloud account, a Resource Access Management (RAM) user, or a RAM role. For more information about the differences between these identities, see Identities, credentials, and authorization. In this example, a RAM user is used to call the API.

    Log on to the Resource Access Management (RAM) console, create a RAM user that can be used only for API calls, and save the AccessKey information. For more information, see Create a RAM user.

    Authorization

    1. Go to the RAM User List page. In the Actions column for the target RAM user, click Add Permissions.

    2. In the Access Policy section, search for and select the AliyunYundunCertFullAccess permission, which is used to manage the Certificate Service. Click Confirm to grant the permission.

    Credential

    An AccessKey is generated by default when you create a RAM user. You can use it directly. Alternatively, go to the details page of the RAM user. On the Authentication tab, click Create AccessKey to create a new AccessKey. For more information, see Create an AccessKey.

    Call the OpenAPI

    This topic uses Java as an example to show how to call the OpenAPI.

    Prepare the Java development environment

    Environment requirements

    Verify the version

    Open a terminal and run the java -version command to check the Java (JDK) version.

    Configure environment variables

    To avoid the security risks of hard coding an AccessKey, this example uses environment variables to manage the AccessKey. The configuration method for environment variables varies by operating system. For more information, see Configure environment variables on Linux, macOS, and Windows.

    Install dependencies

    SDK dependency

    <dependency>
  <groupId>com.aliyun</groupId>
  <artifactId>cas20200407</artifactId>
  <version>1.0.13</version>
</dependency>

    Identity verification dependency

    Use the latest version of Credentials.

    <dependency>
   <groupId>com.aliyun</groupId>
   <artifactId>credentials-java</artifactId>
   <version>LATEST</version>
</dependency>

    Download the sample code

    1. In the OpenAPI Portal, go to the API debugging page for DescribeCertificateState.

    2. In the parameter settings section, enter the OrderId. This is the ID of the certificate application order that you want to query.

    3. As shown in the following figure, click Download Complete Project to download the Java sample code package.

      image.png

    4. On your computer, decompress the sample code package. Then, open IntelliJ IDEA and import the decompressed project.

    Run the code

    Run the Java code in IntelliJ IDEA. The following output is returned:

    {
  "Type": "domain_verify",
  "Domain": "www.example.com",
  "RecordType": "TXT",
  "Certificate": "-----BEGIN CERTIFICATE----- …… -----END CERTIFICATE-----",
  "RequestId": "082FAB35-6AB9-4FD5-8750-D36673548E76",
  "RecordDomain": "_dnsauth",
  "PrivateKey": "-----BEGIN RSA PRIVATE KEY-----…… -----END RSA PRIVATE KEY-----",
  "ValidateType": "FILE",
  "RecordValue": "20200420000000223erigacv46uhaubchcm0o7spxi7i2isvjq59mlx9lucnkqcy",
  "Content": "http://example.com/.well-known/pki-validation/fileauth.txt",
  "Uri": "/.well-known/pki-validation/fileauth.txt"
}