Code Signing

Endpoint: !AutoApplyOrder

https://secure.trust-provider.com/products/!AutoApplyOrder

Use the POST method for this endpoint.

Submit parameters in the x-www-form-urlencoded format.

Request parameters

Parameter Requirement Type Max.Length Description

loginName

required

string

64 chars

Your account username.

loginPassword

required

string

128 chars

Your account password.

product

required

string

64 chars

Specifies a comma-separated string of integers for a product code.

The following product IDs are used:

  • 8 — Code Signing certificate

  • 530 — EV Code Signing certificate

  • 551 — Legacy Code Signing certificate

Add these values to EV or OV Code Signing include the eToken and eToken shipping for a token-based certificate, separated by a comma, such as:

  • 706

  • 577

  • 163

days

required

integer

The validity period, in days.

For Code Signing certificate products the allowed values are:

  • 365

  • 730

  • 1095

isCustomerValidated

required

char

1 char

Specifies whether the customer will validate the customer’s documents.

The allowed values are:

  • Y — The customer validates the customer’s documents.

  • N — The customer does not validate the customer’s documents.

appRepEmailAddress

required

string

255 chars

The applicant representative’s email address which is used for organizational callback by Sectigo.

isAppRepValidated

optional

char

1 char

Specifies who will verify the applicant representative’s contact details before the callback is performed.

The allowed values are:

  • Y — The Partner Reseller has verified that the applicant representative’s contact details are legitimate, using a data source other than the applicant. Only Partner Resellers with sufficient RA privileges may specify Y.

  • N — Sectigo will verify the applicant representative’s contact details before performing the callback using the method specified by callbackMethod.

contactEmailAddress

optional

string

255 chars

The contact email address.

If specified, this email address will be the only email address that Sectigo’s validation department will correspond with during the processing of this order.

sanEmailAddress

optional

string

255 chars

The email address of the Subject Alternative Names (SAN).

If specified, this email address will be included in the SAN field of the resulting certificate.

organizationName

conditional

string

64 chars

Specifies the organization name.

If an organization name is specified here and prioritiseCSRValues is set to N, this value will be used instead of the organization name in the CSR.

This parameter is not required if there is an organization name in the CSR. Otherwise, organizationName is a required parameter.

organizationalUnitName

optional

string

64 chars

(Private certificates only) The organizational department name.

If an organizational unit name is specified here and in the CSR, prioritiseCSRValues indicates which value will be used.

streetAddress1

conditional

string

128 chars

The street address where the organization operates.

If a street address is specified here and in the CSR, prioritiseCSRValues indicates which value will be used.

If there is a street address in the CSR, streetAddress1 is optional.

localityName

conditional

string

128 chars

The city in which the organization operates.

Providing it in any product request that requires organization validation can help speed up the validation process. If a locality name is specified here and in the CSR, prioritiseCSRValues indicates which value will be used.

If there is a locality name in the CSR, localityName is optional.

stateOrProvinceName

conditional

string

128 chars

The state or province in which the organization operates.

If a state or province name is specified here and in the CSR, prioritiseCSRValues indicates which value will be used.

If there is a state or province name in the CSR, stateOrProvinceName is optional.

postalCode

conditional

string

40 chars

The company’s postal code.

If a postal code is specified here and in the CSR, prioritiseCSRValues indicates which value will be used.

If there is a postal code in the CSR, postalCode is optional.

countryName

conditional

string

2 chars

An ISO 3166 two-character country code.

If a country name is specified here and prioritiseCSRValues is set to N, this value will be used instead of the country name in the CSR.

If there is a country name in the CSR, countryName is optional.

companyNumber

optional

string

64 chars

The registration number of the organization provided for validation purposes.

appRepTitle

optional

string

64 chars

(OV/EV certificates only) The applicant representative’s job title which is used for the organizational callback by Sectigo.

Required when Sectigo will perform the organizational callback.

appRepForename

optional

string

64 chars

The applicant representative’s name which is used for the organizational callback by Sectigo.

Required when Sectigo will perform the organizational callback.

appRepSurname

optional

string

64 chars

The applicant representative’s last name which is used for the organizational callback by Sectigo.

Required when Sectigo will perform the organizational callback.

csr

required

string

32767 chars

The Base64-encoded certificate signing request (CSR), with or without the -----BEGIN xxxxx----- and -----END xxxxx----- header and footer.

For more information, see CSR parameter structure.

keyAttestation

optional

string

32767 chars

Proof that the keypair has been generated and stored in secure hardware.

The value should be a base64-encoded HSM-specific attestation package/blob.

Required for both OV and EV Code Signing certificate when SmartCardBased=N or omitted.

hsmType

optional

string

20 chars

The hardware type used to generate the keypair in a non-exportable format, CSR and key attestation.

The allowed values are:

  • YUBIKEY

  • LUNA

  • MARVELL_GOOGLE

  • FORTANIX

  • YUBIHSM2

  • NSHIELD

Required for both OV and EV Code Signing certificate when SmartCardBased=N or omitted.

prioritiseCSRValues

optional

char

1 char

Specifies which values to use if there are duplicates. For example, if a postal code is specified in both the CSR and as a separate variable.

The allowed values are:

  • Y — Prioritise values in CSR over parameters.

  • N — Prioritise parameters over CSR values.

  • P — Only use values from parameters, ignore any CSR values.

  • C — Only use values from CSR and ignore any parameters.

If omitted, the value defaults to Y.

SmartCardBased

optional

char

1 char

Indicates whether you wish to get a certificate installed on a token.

The allowed values are:

  • Y — The certificate will be installed on a token.

  • N — The certificate will not be installed on a token.

If omitted, the value defaults to N.

offerType

conditional

integer

Specifies the shipping option.

The allowed values are:

  • 22 — Standard shipping.

  • 23 — Expedited shipping.

  • 24 — International shipping.

Required when SmartCardBased=Y. Include eToken and shipping IDs in the product parameter in this case.

shippingStreetAddress1

conditional

string

128 chars

The street address where the organization operates for shipping purposes.

If no parameters for shipping address are provided, the shipping address defaults to the organization address.

Required when SmartCardBased=Y.

shippingLocalityName

conditional

string

128 chars

The city in which the organization operates for shipping purposes.

If no parameters for shipping address are provided, the shipping address defaults to the organization address.

Required when SmartCardBased=Y.

shippingStateOrProvinceName

conditional

string

128 chars

The state or province in which the organization operates for shipping purposes.

If no parameters for shipping address are provided, the shipping address defaults to the organization address.

Required when SmartCardBased=Y.

shippingPostalCode

conditional

string

40 chars

The organization’s postal code for shipping purposes.

If no parameters for shipping address are provided, the shipping address defaults to the organization address.

Required when SmartCardBased=Y.

shippingCountryName

conditional

string

2 chars

An ISO 3166 two-character country code.

If no parameters for shipping address are provided, the shipping address defaults to the organization address.

Required when SmartCardBased=Y.

shippingForename

conditional

string

64 chars

The name of a natural person who should be specified as a contact person in the courier shipping document.

Required when SmartCardBased=Y.

shippingSurname

conditional

string

64 chars

The surname of a natural person who should be specified as a contact person in the courier shipping document.

Required when SmartCardBased=Y.

shippingEmailAddress

conditional

string

255 chars

The email address of a natural person who should be specified as a contact person in the courier shipping document.

Required when SmartCardBased=Y.

shippingTelephone

conditional

string

32 chars

The contact phone number of a natural person who should be specified as a contact person in the courier shipping document.

Required when SmartCardBased=Y.

privateKeyFilename/pvkFilename

optional

string

1024 chars

The .pvk filename. It should always be provided when .spc or .pvk files are being used instead of storing the certificate and private key in the CSP.

caCertificateID

optional

integer

Use a particular CA certificate and key.

If specified, the caCertificateID parameter overrides Sectigo’s default choice of CA certificate and key to be used to issue this certificate.

This functionality is only available by special agreement with Sectigo.

cspName

optional

string

255 chars

The cryptographic service provider.

If omitted, the value defaults to 'Microsoft Enhanced Cryptographic Provider v1.0'.

joiLocalityName

optional

string

128 chars

(EV Code Signing with product ID = 530) The jurisdiction of the city in which the organization operates.

joiStateOrProvinceName

optional

string

128 chars

(EV Code Signing with product ID = 530) The jurisdiction of the state or province in which the organization operates.

joiCountryName

required

string

2 chars

(EV Code Signing with product ID = 530) The jurisdiction of the country in which the company operates.

signerTitle

optional

string

64 chars

(OV/EV Code Signing only) The title of a natural person who is either the applicant, employed by the applicant, or an authorized agent who has authority on behalf of the applicant to sign subscriber agreements.

This parameter is optional and may be omitted if the Applicant Representative and the Signer are the same individual.

This should be a person with legal authority to accept the Subscriber Agreement on behalf of the organization named in the certificate.

signerForename

optional

string

64 chars

(OV/EV Code Signing only) The first name of a natural person who is either the applicant, employed by the applicant, or an authorized agent who has authority on behalf of the applicant to sign subscriber agreements.

This parameter is optional and may be omitted if the Applicant Representative and the Signer are the same individual.

This should be a person with legal authority to accept the Subscriber Agreement on behalf of the organization named in the certificate.

signerSurname

optional

string

64 chars

(OV/EV Code Signing only) The surname of a natural person who is either the applicant, employed by the applicant, or an authorized agent who has authority on behalf of the applicant to sign subscriber agreements.

This parameter is optional and may be omitted if the Applicant Representative and the Signer are the same individual.

This should be a person with legal authority to accept the Subscriber Agreement on behalf of the organization named in the certificate.

signerEmailAddress

optional

string

255 chars

(OV/EV Code Signing only) The email address of a natural person who is either the applicant, employed by the applicant, or an authorized agent who has authority on behalf of the applicant to sign subscriber agreements.

This parameter is optional and may be omitted if the Applicant Representative and the Signer are the same individual.

This should be a person with legal authority to accept the Subscriber Agreement on behalf of the organization named in the certificate.

signerTelephone

optional

string

32 chars

(OV/EV Code Signing only) The phone number of a natural person who is either the applicant, employed by the applicant, or an authorized agent who has authority on behalf of the applicant to sign subscriber agreements.

This parameter is optional and may be omitted if the Applicant Representative and the Signer are the same individual.

This should be a person with legal authority to accept the Subscriber Agreement on behalf of the organization named in the certificate.

languageName

optional

string

2 chars

The language name, specified using ISO639-1 two-character language code.

If omitted, the default language is English.

An account can contain multiple email templates in different languages for callback, Enterprise Authentication for the instant issuance, or the missing shipping details request.

You may specify exactly one of the following values:

  • en — English

  • zh — Chinese-Mandarin

  • da — Danish

  • nl — Dutch

  • fr — French

  • de — German

  • it — Italian

  • ja — Japanese

  • ko — Korean

  • pt — Portuguese

  • ru — Russian

  • es — Spanish

  • sv — Swedish

  • tr — Turkish

If provided, the following parameters override languageName:

  • callBackTemplateID

  • shippingTemplateID

  • agreementTemplateID

callBackTemplateID

optional

integer

Specifies whether to override Sectigo’s default choice of callback email template to be used to validate this certificate.

An account can contain multiple callback email templates. Contact Support for the callback template.

callBackTemplateID prevails over languageName if both of these parameters are provided.

Contact your account manager if you would like to set up one or more of your own callback email templates that can be referenced by this parameter.

shippingTemplateID

optional

integer

Specifies whether to override Sectigo’s default choice of shipping email template to be used to process the order.

An account can contain multiple email templates. Contact Support for the shipping email templates.

shippingTemplateID prevails over languageName if both of these parameters are provided.

Contact your account manager if you would like to set up one or more of your own shipping mail templates that can be referenced by this parameter.

agreementTemplateID

optional

integer

Specifies the Subscriber Agreement email template ID to be used for the order.

agreementTemplateID prevails over languageName if both of these parameters are provided.

validationEmailAddress

optional

string

255 chars

The validation email address.

If specified, Sectigo will validate that this is the email address of the end customer. Sectigo will not send any emails to this email address. Instead Sectigo will trust you, the Partner, to forward emails to this end customer as appropriate.

test

optional

char

1 char

Specifies whether this is a test order.

The allowed values are:

  • Y — The account will not be charged and the order will be processed as a test order.

  • N — The order will be processed as a live order.

If omitted, the value defaults to N.

responseFormat

optional

char

1 char

Specifies the response format.

The allowed values are:

  • 0 — Newline-delimited parameters.

  • 1 — URL-encoded parameters.

showCertificateID

optional

char

1 char

Specifies whether to include the certificate ID in the response.

The allowed values are:

  • Y — The certificate ID of the certificate generated by the order is also part of the result set.

  • N — The certificate ID is not included in the result set.

If omitted, the value defaults to N.

showCertificateState

optional

char

1 char

Specifies whether to include the certificate state in the response.

  • The allowed values are:

  • Y — The state of the certificate generated by the order will be a part of the result set.

  • N — The state of the certificate generated by the order will not be a part of the result set.

Sample request

curl --location 'https://secure.trust-provider.com/products/!AutoApplyOrder' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'loginName=custom-webhost-reseller' \
--data-urlencode 'loginPassword=7*a!ktypmv6z' \
--data-urlencode 'days=365' \
--data-urlencode 'product=8' \
--data-urlencode 'isCustomerValidated=N' \
--data-urlencode 'csr=-----BEGIN CERTIFICATE REQUEST-----
MIHlMIGNAgEAMBoxGDAWBgNVBAMMD2VjY3AyNTYteXViaWtleTBZMBMGByqGSM49
...
HSFDCrmSAiB1JLQujdteQXnXoYPhg9RjgmWjisGkBedFZPYaMJi9bg==
-----END CERTIFICATE REQUEST-----' \
--data-urlencode 'organizationName="VABC Company"' \
--data-urlencode 'organizationalUnitName=DELL' \
--data-urlencode 'streetAddress1=Elm Street 12' \
--data-urlencode 'localityName=Los Angeles' \
--data-urlencode 'stateOrProvinceName=California' \
--data-urlencode 'postalCode=77777' \
--data-urlencode 'countryName=US' \
--data-urlencode 'appRepTitle=mr' \
--data-urlencode 'appRepForename=John' \
--data-urlencode 'appRepSurname=Doe' \
--data-urlencode 'responseFormat=1' \
--data-urlencode '[email protected]' \
--data-urlencode '[email protected]' \
--data-urlencode '[email protected]' \
--data-urlencode 'hsmType=YUBIKEY' \
--data-urlencode 'keyAttestation=LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNWVENDQVQyZ0F3SUJBZ0lRQVlKUk9qa1dh
MEoveDhWSkV3VmFEakFOQmdrcWhraUc5dzBCQVFzRkFEQWgKTVI4d0hRWURWUVFEREJaWmRXSnBZ
...
cUVzcjFQdDVJZmtZNTh6MzFUdXJpZC84cnJtckJkVHdnd0l4enUwVHprUmdNbHJWOWJ1QysxbVll
CnFraDJpTVNxQUhXajJoYUViaWVleHA4PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=='

Response

The request is successful when the server returns a response with the error code 0.

Any error code less than 0 indicates an error condition, and the error message provides additional details.

Error responses are returned in application/x-www-form-urlencoded format.

Response format 0 (Plain text)

The MIME type will be text/plain for responseFormat=0 (by default).

The first line of the response contains a status code.

Whether 0 or 1 is returned for successful orders depends on how your account is configured with Sectigo. Usually, you will take payment from your customer and Sectigo will debit your account funds when you place the order. However, in special circumstances it can be arranged for Sectigo to take payment from your customer on your behalf.

If the status code is less than 0, the second line of the response contains an error message describing the error.

If the status code is greater than or equal to 0, the response can contain the following lines which provide:

Line Possible Value Description

Line 1

The status of the order. For more information, see Error codes.

The status code.

Line 2

An integer.

The second line contains an order number.

Line 3

The amount in your account’s native currency, without a currency symbol.

  • If the status code = 0, it contains the debited amount.

  • If the status code = 1, it contains the required amount, not including UK VAT (if required).

Line 4

The expected delivery time.

This value can be ignored and has been deprecated for Code Signing.

Line 5 (if applicable)

The internal certificate ID of the certificate purchased by this order.

The certificate ID, up to 16 digits. Returned if showCertificateID=Y.

Line 5 or 6 (if applicable)

A unique alphanumeric value up to 20 characters long.

The certificate state. Returned if showCertificateState=Y.

Response format 1 (URL-encoded)

Most of Sectigo’s API endpoints use URL-encoded responses. AutoApplyOrder can return responses in the same format by specifying responseFormat=1 in the request.

The MIME type will be application/x-www-form-urlencoded for responseFormat=1.

The following table displays the various parameters that can appear for responseFormat=1.

Parameter Description

errorCode

A numeric code that identifies the type of error and is always present in the response.

For more information, see Error codes.

errorMessage

A description of the error.

errorMessage is not present when the status code = 0.

orderNumber

An integer. This parameter is only present when errorCode=0.

totalCost

The amount in your account’s native currency, without a currency symbol. This parameter is only present when errorCode=0.

expectedDeliveryTime

This value can be ignored and has been deprecated for Code Signing.

expectedDeliveryTime is only present when the status code = 0.

certificateID

The internal certificate ID of the certificate purchased by this order. This parameter is only present when showCertificateID=Y and errorCode=0.

certificateStatus

The status of the certificate purchased by this order. This parameter is only present when showCertificateState=Y and errorCode=0.

Sample success response

0
123456789
210.00
Output Details

0

The successful response.

123456789

The Sectigo order number.

210.00

The amount debited to the account — $210.00.

Displayed price is for sample purposes only.

Sample error response

errorCode=-3&errorMessage=The+%27loginName%27+argument+is+missing%21

Error codes

Error Code Error Message Description

-1

Request was not made over HTTPS!

The request must use HTTPS protocol.

-2

'xxxx' is an unrecognized argument!

The provided argument is not recognized.

-3

The 'xxxx' argument is missing!

A required argument is missing from the request.

-4

The value of the 'xxxx' argument is invalid!

The argument value does not meet validation requirements.

-5

The CSR’s Common Name may NOT contain a wildcard!

The Common Name in the certificate signing request (CSR) must not include a wildcard character.

-6

The CSR’s Common Name MUST contain ONE wildcard!

The Common Name in the CSR must include exactly one wildcard character.

-7

'xx' is not a valid ISO-3166 country!

The specified country code is not valid according to the ISO-3166 standard.

-8

The CSR is missing a required field!

The CSR does not include all required fields.

-9

The CSR is not valid Base-64 data!

The CSR must be encoded in valid Base-64 format.

-10

The CSR cannot be decoded!

The CSR could not be decoded properly.

-11

The CSR uses an unsupported algorithm!

The CSR’s algorithm is not supported.

-12

The CSR has an invalid signature!

The signature on the CSR is invalid.

-13

The CSR uses an unsupported key size!

The key size in the CSR is not supported.

-14

An unknown error occurred!

An unknown error occurred.

-15

Not enough credit!

The account does not have sufficient credit.

-16

Permission denied! Contact Sectigo Support to have your account enabled for the !AutoApplyOrder API.

The user does not have permission to access the AutoApplyOrder API.

-17

Request used GET rather than POST!

The request method should be POST.

-18

The CSR’s Common Name may not be a Fully-Qualified Domain Name!

Common Names must not be a fully qualified domain name (FQDN).

-19

The CSR’s Common Name may not be an Internet-accessible IP Address!

Common Name must not be an Internet-accessible IP address.

-35

The CSR’s Common Name may not be an IP Address!

Common Name must not be an Internet-accessible IP address.

-40

The CSR uses a key that is believed to have been compromised!

The CSR’s key is on the compromised key list.

-65

PlanID for this product not found.

The specified PlanID for the product could not be found.

-68

Argument 'xxxx' can be used just with License products!

The specified parameter can only be used with license products.

-70

Invalid Email Address!

The provided email address is not valid.

-82

The order must have only one Web Package product!

The order can include only one Web Package product.

-83

'xxxx' is not applicable to this order!

The specified argument is not applicable for the current order.

-84

The order should include 'xxxx'!

The order must include the specified item.

-90

Permission denied 'Context'

The user does not have permission for the specified context.

-91

Permission denied 'Context'

The user does not have permission for the specified context.

-110

CSR decoding Internal Error

An internal error occurred while decoding the CSR.

-111

Tier1 Credit/Debit internal Error

The Tier1 credit/debit processing encountered an internal error.

-112

Tier1 Credit/Debit internal Error

The Tier1 credit/debit processing encountered an internal error.

-113

Tier1 Credit/Debit internal Error

The Tier1 credit/debit processing encountered an internal error.

-114

Unknown autoApply Type

The specified autoApply type is not recognized.

-115

No price found for 'xxx'! Contact Support!

No price information available for the specified item.

-116

Wrong Item Cost! Contact Support!

The provided item cost is incorrect.

-117

Wrong Item Cost! Contact Support!

The provided item cost is incorrect.

-118

Wrong product Identifier!

The specified product identifier is incorrect.

-119

Internal error occured!

An internal error occurred.

-121

"TAX" value is deprecated. The value "TIN" should be used instead'

Semantic error.

TAX is no longer a valid value.

Use TIN instead.

-121

Wrong format of 'xxxx' identifier.

Semantic error.

The format of the provided identifier is incorrect.

-121

Wrong country code value in 'xxxx' identifier.

Semantic error.

The country code in the provided identifier is incorrect.

-129

Error in key attestation verification 'Context'

An error occurred during key attestation verification for the specified context.

-150

Insufficient privileges to order this type of product

The user does not have sufficient privileges to order the specified product type.

-161

Parameter 'xxxx' is not applicable to this type of product!

The specified parameter is not valid for this product type.