eIDAS certificate

Endpoint: !AutoApplyOrder

https://secure.trust-provider.com/products/!AutoApplyOrder

Use the POST method for this endpoint.

Submit parameters in the x-www-form-urlencoded format.

Request parameters

Parameter Requirement Type Max.Length Description

loginName

required

string

64 chars

Your account username.

This value is case sensitive.

loginPassword

required

string

128 chars

Your account password.

This value is case sensitive.

product

required

string

64 chars

Specifies a comma-separated string of integers for a product code.

There must be exactly one of the following integers specified:

  • eIDAS certificates issued to Natural Persons:

    • 777 — Citizen Qualified Certificate

    • 778 — Citizen Qualified Certificate QSCD

    • 779 — Employee Qualified Certificate

    • 780 — Employee Qualified Certificate QSCD

    • 791 — QWAC Natural

    • 792 — QWAC Natural Multi-Domain

  • eIDAS certificates Issued to Legal Persons:

    • 781 — Seal Qualified certificate

    • 782 — Seal Qualified certificate QSCD

    • 786 — Seal for PSD2

    • 787 — Seal for PSD2 QSCD

    • 783 — QWAC Legal

    • 784 — QWAC Legal Multi-Domain

    • 788 — QWAC Legal for PSD2

    • 789 — QWAC Legal for PSD2 Multi-Domain

QSCD in the certificate type name indicates that the private key and the related certificate must reside on a QSCD, for example, on a token that is certified and approved for being used to generate Qualified Electronic Signatures.

days

required

integer

The validity period, in days.

The years parameter has been deprecated in favor of days.

For QWAC eIDAS certificates the allowed values are:

  • 90

  • 365

For non-QWAC eIDAS certificates the allowed values are:

  • 365

  • 730

  • 1095

  • 1461

  • 1826

Sectigo allows purchase of a certificate bundle for multiple years. Two, three, four, and five-year certificates bundle can be placed by setting the days parameter to: 730, 1095, 1461 or 1826 respectively.

serverSoftware

required

integer

Specifies the server software code.

The allowed values are:

  • 2 — Apache

  • 10 — Java-based servers

  • 14 — Microsoft IIS 5.x to 6.x

  • 35 — Microsoft IIS 7.x and later

  • 36 — nginx

  • 18 — Oracle

  • 30 — Plesk

  • 31 — WHM/cPanel

  • -1 — Other

This parameter does not directly affect the certificate content. Use -1 as the default option.

primaryDomainName

optional

string

64 chars

(QWAC certificates only) The primary domain name.

One of the domain names listed in domainNames, which should appear as the Common Name in the Subject DN of the resulting multi-domain certificate.

If this parameter is omitted for multi-domain certificates, no Common Names will be included in the resulting certificate.

maxSubjectCNs

optional

integer

(QWAC certificates only) The number of Common Names (CN).

It is optional for Multi-Domain certificates. It is ignored for all other certificate types.

If omitted, the value defaults to 1, unless primaryDomainName is longer than 64 bytes in which case it defaults to 0.

If it is 1, there will only be one Common Name in the Subject DN of the resulting multi-domain certificates. This will have the value provided by primaryDomainName. In this case, primaryDomainName must have a value.

If it is 0, no Common Names will be included in the resulting certificate.

All the Domain Names listed in domainNames will always be included as dnsName components of the Subject Alternative Name (SAN) extension in the resulting multi-domain certificates.

csr

required

string

32767 chars

The Base64-encoded certificate signing request (CSR), with or without the -----BEGIN xxxxx----- and -----END xxxxx----- header and footer.

uniqueValue

optional

string

20 chars

An alphanumeric value used to ensure the Request Token is unique for HTTP_CSR_HASH and CNAME_CSR_HASH dcvMethods.

The request tokens are as defined in the CA/B Forum Baseline requirements (version 1.4.1 or later) and used in the manner described in Sectigo’s Domain Control Validation.

If the uniqueValue parameter is omitted, and the same CSR was previously submitted, a uniqueValue is automatically generated and returned.

If the uniqueValue parameter is provided, it must be unique for the given CSR. Reusing the same CSR and uniqueValue combination will result in error code -55. For more information, see Error codes

prioritiseCSRValues

optional

char

1 char

Specifies which values to use if there are duplicates. For example, if a postal code is specified in both the CSR and as a separate variable.

The allowed values are:

  • Y — Prioritise values in CSR over parameters.

  • N — Prioritise parameters over CSR values.

  • P — Only use values from parameters, ignore any CSR values.

  • C — Only use values from CSR and ignore any parameters.

If omitted, the value defaults to Y.

organizationName

conditional

string

64 chars

Specifies the organization name.

If an organization name is specified here and prioritiseCSRValues is set to N, this value will be used instead of the organization name in the CSR.

This parameter is not required if there is an organization name in the CSR. Otherwise, organizationName is a required parameter.

postOfficeBox

optional

string

40 chars

The organization post office box.

If a post office box is specified here and in the CSR, prioritiseCSRValues indicates which value will be used.

streetAddress1

conditional

string

128 chars

The street address where the organization operates.

If a street address is specified here and in the CSR, prioritiseCSRValues indicates which value will be used.

If there is a street address in the CSR, streetAddress1 is optional.

streetAddress2

optional

string

128 chars

The second part of the company’s street address (if necessary).

If the second part of the street address is specified here and in the CSR, prioritiseCSRValues indicates which value will be used.

streetAddress3

optional

string

128 chars

The third part of the company’s street address (if necessary).

If the third part of the street address is specified here and in the CSR, prioritiseCSRValues indicates which value will be used.

localityName

conditional

string

128 chars

The city in which the organization operates.

Providing it in any product request that requires organization validation can help speed up the validation process. If a locality name is specified here and in the CSR, prioritiseCSRValues indicates which value will be used.

If there is a locality name in the CSR, localityName is optional.

stateOrProvinceName

conditional

string

128 chars

The state or province in which the organization operates.

If a state or province name is specified here and in the CSR, prioritiseCSRValues indicates which value will be used.

If there is a state or province name in the CSR, stateOrProvinceName is optional.

postalCode

conditional

string

40 chars

The company’s postal code.

If a postal code is specified here and in the CSR, prioritiseCSRValues indicates which value will be used.

If there is a postal code in the CSR, postalCode is optional.

countryName

conditional

string

2 chars

An ISO 3166 two-character country code.

If a country name is specified here and prioritiseCSRValues is set to N, this value will be used instead of the country name in the CSR.

If there is a country name in the CSR, countryName is optional.

dunsNumber

optional

string

20 chars

A unique nine-digit identifier for businesses, provided by the company Dun & Bradstreet.

companyNumber

optional

string

64 chars

The registration number of the organization provided for validation purposes.

businessCategory

optional

char

1 char

The legal classification of the organization.

The allowed values are:

  • b — Private organization.

  • c — Government entity.

  • d — Business entity.

emailAddress

optional

string

255 chars

The alternative issuance email address.

If specified, the certificate will be emailed to this email address rather than the applicant’s admin email address.

If the value specified is 'none', no certificate issuance email will be sent at all.

validationEmailAddress

optional

string

255 chars

The validation email address.

If specified, Sectigo will validate that this is the email address of the end customer. Sectigo will not send any emails to this email address. Instead Sectigo will trust you, the Partner, to forward emails to this end customer as appropriate.

contactEmailAddress

optional

string

255 chars

The contact email address.

If specified, this email address will be the only email address that Sectigo validation department will correspond with during the processing of this order.

dcvMethod

optional

string

32 chars

(QWAC certificates only) The Domain Control Validation method.

The allowed values are:

  • EMAIL

  • HTTP_CSR_HASH

  • HTTPS_CSR_HASH

  • CNAME_CSR_HASH

  • DNSTXT_RANDOM_VALUE

If omitted, the value defaults to EMAIL.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

For more information, see Domain Control Validation.

Continued use of email-based DCV methods is discouraged. In line with CA/B Forum Ballot SC-090, all email-based DCV methods are on a deprecation path, with full industry deprecation expected by early 2028. Plan for earlier enforcement and migrate to DNS-based or HTTP-based validation methods in advance.

dcvTemplateID

optional

integer

Specifies whether to override Sectigo’s default choice of DCV email template to be used to validate the called certificate.

An account can contain multiple DCV email templates, for example, in different languages.

Contact your account manager to arrange the creation of one or more custom DCV email templates that can be referenced through this parameter.

languageName

optional

string

2 chars

The language name, specified using ISO639-1 two-character language code.

If omitted, the default language is English.

An account can contain multiple email templates in different languages for callback, Enterprise Authentication for the instant issuance, S/MIME request processing, or the missing shipping details request.

You may specify exactly one of the following values:

  • en — English

  • zh — Chinese-Mandarin

  • da — Danish

  • nl — Dutch

  • fr — French

  • de — German

  • it — Italian

  • ja — Japanese

  • ko — Korean

  • pt — Portuguese

  • ru — Russian

  • es — Spanish

  • sv — Swedish

  • tr — Turkish

If provided, the following parameters override languageName:

  • callBackTemplateID

  • maCreationTemplateID

  • shippingTemplateID

  • agreementTemplateID

callBackTemplateID

optional

integer

Specifies whether to override Sectigo’s default choice of callback email template to be used to validate this certificate.

An account can contain multiple callback email templates. Contact Support for the callback template.

callBackTemplateID prevails over languageName if both of these parameters are provided.

Contact your account manager if you would like to set up one or more of your own callback email templates that can be referenced by this parameter.

maCreationTemplateID

optional

integer

(QWAC Legal/Legal PSD2 only) If specified, this parameter overrides Sectigo’s default choice of email template for Enterprise Authentication for the instant issuance to be used to validate this certificate.

An account can contain multiple email templates for Enterprise Authentication for the instant issuance. Contact Support for the templates for Enterprise Authentication for the instant issuance.

maCreationTemplateID prevails over languageName if both of these parameters are provided.

Contact your account manager if you would like to set up one or more of your own email templates of aforesaid type that can be referenced by this parameter.

agreementTemplateID

optional

integer

Specifies the Subscriber Agreement email template ID to be used for the order.

agreementTemplateID prevails over languageName if both of these parameters are provided.

shippingTemplateID

optional

integer

Specifies whether to override Sectigo’s default choice of shipping email template to be used to process the order.

An account can contain multiple email templates. Contact Support for the shipping email templates.

shippingTemplateID prevails over languageName if both of these parameters are provided.

Contact your account manager if you would like to set up one or more of your own shipping mail templates that can be referenced by this parameter.

isCustomerValidated

required

char

1 char

Specifies whether the customer will validate the customer’s documents.

The allowed values are:

  • Y — The customer validates the customer’s documents.

  • N — The customer does not validate the customer’s documents.

showCertificateID

optional

char

1 char

Specifies whether to include the certificate ID in the response.

The allowed values are:

  • Y — The certificate ID of the certificate generated by the order is also part of the result set.

  • N — The certificate ID is not included in the result set.

If omitted, the value defaults to N.

foreignOrderNumber

optional

char

64 chars

The external order number.

This identifier can be returned by some of our other APIs to aid in integration with partner systems.

checkFONIsUnique

optional

char

1 char

Specifies whether to check that the foreignOrderNumber parameter is unique for this account.

The allowed values are:

  • Y — The foreignOrderNumber parameter if specified must not have already been used for any order placed by this account.

  • N —  The foreignOrderNumber parameter is not checked for uniqueness.

responseFormat

optional

char

1 char

Specifies the response format.

The allowed values are:

  • 0 — Newline-delimited parameters.

  • 1 — URL-encoded parameters.

If omitted, the value defaults to 0.

test

optional

char

1 char

Specifies whether this is a test order.

The allowed values are:

  • Y — The account will not be charged and the order will be processed as a test order.

  • N — The order will be processed as a live order.

If omitted, the value defaults to N.

appRepEmailAddress

required

string

255 chars

The applicant representative’s email address which is used for the organizational callback by Sectigo.

Used for critical customer communications:

  • Validation for QWAC Legal certificates.

  • Communicating any warnings regarding platform alerts, malware alerts and blacklist monitoring.

callbackMethod

optional

char

1 char

The callback method for verification of the applicant representative’s identity.

The allowed values are:

  • T — The applicant representative’s telephone number (appRepTelephone) is used to perform a callback verification. A verification code is communicated during the call to confirm the identity of the applicant representative.

  • E — An email, containing a callback verification code, is sent to the applicant representative.

isAppRepValidated

optional

char

1 char

Specifies who will verify the applicant representative’s contact details before the callback is performed.

The allowed values are:

  • Y — The Partner Reseller has verified that the applicant representative’s contact details are legitimate, using a data source other than the applicant. Only Partner Resellers with sufficient Registration Authority (RA) privileges may specify Y.

  • N — Sectigo will verify the applicant representative’s contact details before performing the callback using the method specified by callbackMethod.

isCallbackCompleted

optional

char

1 char

Specifies who will perform the callback.

The allowed values are:

  • Y — The Partner has completed the callback and verified the identity of the applicant representative. Only Partner Resellers with sufficient Registration Authority (RA) privileges may specify Y. If isCallbackCompleted=Y is specified, then isAppRepValidated=Y must also be specified.

  • N — Sectigo will perform the callback using the method specified by callbackMethod.

showCertificateState

optional

char

1 char

Specifies whether to include the certificate state in the response.

The allowed values are:

  • Y — The state of the certificate generated by the order will be a part of the result set.

  • N — The state of the certificate generated by the order will not be a part of the result set.

omitAdditionalFQDN

optional

char

1 char

(QWAC certificates only) Specifies whether to omit additional fully qualified domain names (FQDN) from the certificate.

The allowed values are:

  • N — Sectigo will add an additional FQDN for www.<domain> if the certificate was requested for <domain>. If the certificate was requested for www.<domain>, then <domain> will be added as an additional FQDN.

  • Y — An additional FQDN will not be added.

If omitted, the value defaults to N.

appRepLoginName

conditional

string

50 chars

Specifies the applicant representative’s login name.

Required for HackerGuardian, HackerProof and products with additional HackerGuardian license.

offerType

optional

integer

(Token-based certificates where shipping is involved only) Specifies the type of shipping offer.

The allowed values are:

  • 22 — Standard shipping.

  • 23 — Expedited shipping.

  • 24 — International shipping.

SmartCardBased

optional

char

1 char

(non-QSCD eIDAS certificates only) Indicates whether you wish to get a certificate installed on a token.

The allowed values are:

  • Y — The certificate will be installed on a token.

  • N — The certificate will not be installed on a token.

If omitted, the value defaults to N.

This parameter is not applicable to QSCD eIDAS, and eIDAS QWAC certificates.

shippingOrganizationName

optional

string

64 chars

(Token-based certificates only) The organization name for shipping purposes.

If no parameters for shipping address are provided, the shipping address defaults to the organization address.

Although shipping parameters are optional, certain fields are required for physical delivery. If required shipping details are missing, Sectigo will request the information by email.

The parameters related to shipping details include this parameter and the following 14 ones starting with 'shipping'.

If required shipping details are not provided before the token is ready for shipment, the token will be shipped to the verified organization address with the applicant representative being specified as a contact person.

shippingOrganizationalUnitName

optional

string

64 chars

(Token-based certificates only) The organizational department name for shipping purposes.

If no parameters for shipping address are provided, the shipping address defaults to the organization address.

shippingStreetAddress1

optional

string

128 chars

(Token-based certificates only) The street address where the organization operates for shipping purposes.

If no parameters for shipping address are provided, the shipping address defaults to the organization address.

shippingStreetAddress2

optional

string

128 chars

(Token-based certificates only) The second part of the company’s street address for shipping purposes (if necessary).

If no parameters for shipping address are provided, the shipping address defaults to the organization address.

shippingStreetAddress3

optional

string

128 chars

(Token-based certificates only) The third part of the company’s street address for shipping purposes (if necessary).

If no parameters for shipping address are provided, the shipping address defaults to the organization address.

shippingLocalityName

optional

string

128 chars

(Token-based certificates only) The city in which the organization operates for shipping purposes.

Required for shipping.

If no parameters for shipping address are provided, the shipping address defaults to the organization address.

shippingStateOrProvinceName

optional

string

128 chars

(Token-based certificates only) The state or province in which the organization operates for shipping purposes.

Required for shipping.

If no parameters for shipping address are provided, the shipping address defaults to the organization address.

shippingPostalCode

optional

string

40 chars

(Token-based certificates only) The organization’s postal code for shipping purposes.

Required for shipping.

If no parameters for shipping address are provided, the shipping address defaults to the organization address.

shippingCountryName

optional

string

2 chars

(Token-based certificates only) An ISO 3166 two-character country code.

Required for shipping.

If no parameters for shipping address are provided, the shipping address defaults to the organization address.

shippingTitle

optional

string

64 chars

(Token-based certificates only) Title of a natural person who should be specified as a contact person in the courier shipping document.

shippingForename

optional

string

64 chars

(Token-based certificates only) The first name of a natural person who should be specified as a contact person in the courier shipping document.

Required for shipping.

shippingSurname

optional

string

64 chars

(Token-based certificates only) The surname of a natural person who should be specified as a contact person in the courier shipping document.

Required for shipping.

shippingEmailAddress

optional

string

255 chars

(Token-based certificates only) The email address of a natural person who should be specified as a contact person in the courier shipping document.

Required for shipping.

shippingTelephone

optional

string

32 chars

(Token-based certificates only) The contact phone number of a natural person who should be specified as a contact person in the courier shipping document.

Required for shipping.

privateKeyFilename

optional

string

1024 chars

The .pvk filename. It should always be provided when .spc or .pvk files are being used instead of storing the certificate and private key in the CSP.

cspName

optional

string

255 chars

The cryptographic service provider.

If omitted, the value defaults to 'Microsoft Enhanced Cryptographic Provider v1.0'.

organizationIdentifier

optional

char

100 chars

The organization identifier or the PSD2 authorization identifier recognized by the National Competent Authority.

This parameter is relevant and optional for the following certificate products:

  • eIDAS Employee

  • Seal (including for PSD2)

  • QWAC-legal (including for PSD2) Qualified certificate profiles with the product IDs 779, 780, 781, 782, 783, 784, 786, 787, 788, 789;

For more information, see organizationIdentifier parameter structure.

personalIdentifier

conditional

char

100 chars

The semantics information for attributes stored in the subject field related to the natural person.

This parameter has a deprecated synonym — semanticsIdentifier which is preserved for backwards compatibility.

This parameter is required for Citizen, Employee and QWAC Natural Qualified certificate profiles with product IDs 777, 778, 779, 780, 791, 792.

The information specified in the personalIdentifier parameter is not included in the certificate. It is used to assist the Validation team.

ncaIdentifier

conditional

char

100 chars

An abbreviated unique identifier of the National Competent Authority.

Required for PSD2 Qualified certificate profiles with product IDs 786, 787, 788, 789.

This parameter must contain information using the following structure in the presented order:

  • The two-character ISO 3166-1 [8] country code representing the NCA country.

  • The hyphen-minus '-' (0x2D (ASCII), U+002D (UTF-8)).

  • 2-8 character NCA identifier without country code, A-Z uppercase only, no separator.

ncaName

conditional

char

100 chars

The name of National Competent Authority in English that registered the payment service provider.

Required for PSD2 Qualified certificate profiles with product IDs 786, 787, 788, 789.

If omitted, the value is defined automatically based on the ncaIdentifier value provided in the request.

accountServicingRole

conditional

char

1 char

Specifies one of possible roles of the payment service provider.

The allowed values are:

  • Y — Assign the role.

  • N — Do not assign the role.

Required for PSD2 Qualified certificate profiles with product IDs 786, 787, 788, 789.

At least one PSD role should be set to Y.

paymentInitiationRole

conditional

char

1 char

Specifies one of possible roles of the payment service provider.

The allowed values are:

  • Y — Assign the role.

  • N — Do not assign the role.

Required for PSD2 Qualified certificate profiles with product IDs 786, 787, 788, 789.

accountInformationRole

conditional

char

1 char

Specifies one of possible roles of the payment service provider.

The allowed values are:

  • Y — Assign the role.

  • N — Do not assign the role.

Required for PSD2 Qualified certificate profiles with product IDs 786, 787, 788, 789.

paymentServiceRole

conditional

char

1 char

Specifies one of possible roles of the payment service provider.

The allowed values are:

  • Y — Assign the role.

  • N — Do not assign the role.

Required for PSD2 Qualified certificate profiles with product IDs 786, 787, 788, 789

joiCountryName

required

string

2 chars

(QWAC Legal only) Jurisdiction country.

joiStateOrProvinceName

optional

string

128 chars

(QWAC Legal only) Jurisdiction state or province.

joiLocalityName

optional

string

128 chars

(QWAC Legal only) Jurisdiction city.

dateOfIncorporation

optional

string

10 chars

(QWAC Legal only) The date of incorporation (YYYY-MM-DD) of the company. This is useful information for validation purposes.

assumedName

optional

string

64 chars

(QWAC Legal only) An optional name under which the organization operates that is different from its legal name. This is a so-called DBA (doing business as) name for the company (if any).

Sample request

curl --location --request POST 'https://secure.trust-provider.com/products/!AutoApplyOrder' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'product=777' \
--data-urlencode 'days=365' \
--data-urlencode 'loginName=login_name' \
--data-urlencode 'loginPassword=login_password' \
--data-urlencode 'serverSoftware=2' \
--data-urlencode 'csr=-----BEGIN CERTIFICATE REQUEST-----
MIIDCzCCAfMCAQAwgcUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQHDAZNdW5pY2gxHTAb
BgNVBAoMFG1hdXJ1cy5uZXR3b3JrcyBHbWJIMSIwIAYDVQQLDBlDQVNTRVJWRVIg
...
3MqcpjtP+hvqRXMUHBCohIvJLYF9i5xwLiyYQNxqFzr3qIuN48/HOnjoNVCFQLOE
dMHZl3k/9zp0py1AZ6HCjKKCmWHEajnHvcllW9+uQldEE8f3pIlBxq1bt+h5jORP
EONR3ey/VUm50nIwnNQ/
-----END CERTIFICATE REQUEST-----' \
--data-urlencode 'dunsNumber=060704780' \
--data-urlencode 'businessCategory=b' \
--data-urlencode 'isCustomerValidated=N' \
--data-urlencode 'personalIdentifier=1234567890' \
--data-urlencode 'SmartCardBased=Y' \
--data-urlencode 'offerType=22' \
--data-urlencode '[email protected]'

Response

The request is successful when the server returns a response with the error code 0.

Any error code less than 0 indicates an error condition, and the error message provides additional details.

Error responses are returned in application/x-www-form-urlencoded format.

Response format 0 (Plain text)

The MIME type will be text/plain for responseFormat=0 (by default).

The first line of the response contains a status code.

Whether 0 or 1 is returned for successful orders depends on how your account is configured with Sectigo. Usually, you will take payment from your customer and Sectigo will debit your account funds when you place the order. However, in special circumstances it can be arranged for Sectigo to take payment from your customer on your behalf.

If the status code is less than 0, the second line of the response contains an error message describing the error.

If the status code is greater than or equal to 0, the response can contain the following lines which provide:

Line Possible Value Description

Line 1

The status of the order. For more information, see Error codes.

The status code.

Line 2

An integer.

The second line contains an order number.

Line 3

  • If the status code = 0, it contains the debited amount.

  • If the status code = 1, it contains the required amount, not including UK VAT (if required).

The amount in your account’s native currency, without a currency symbol.

Line 4

The expected delivery time.

This value can be ignored and has been deprecated for Document Signing.

Line 5 (if applicable)

The internal certificate ID of the certificate purchased by this order.

The certificate ID, up to 16 digits. Returned if showCertificateID=Y.

Line 5 or 6 (if applicable)

A unique alphanumeric value up to 20 characters long.

The certificate state. Returned if showCertificateState=Y.

Line 5, 6 or 7 (if applicable)

A unique alphanumeric value up to 20 characters long.

The unique value. Returned if the uniqueValue parameter was passed in to this API, or if uniqueValue has been generated by Sectigo for this order.

Response format 1 (URL-encoded)

Most of Sectigo’s API endpoints use URL-encoded responses. AutoApplyOrder can return responses in the same format by specifying responseFormat=1 in the request.

The MIME type will be application/x-www-form-urlencoded for responseFormat=1.

The following table displays the various parameters that can appear for responseFormat=1.

Parameter Description

errorCode

A numeric code that identifies the type of error and is always present in the response.

For more information, see Error codes.

errorMessage

A description of the error.

errorMessage is not present when the status code = 0.

orderNumber

An integer. This parameter is only present when errorCode=0.

totalCost

The amount in your account’s native currency, without a currency symbol. This parameter is only present when errorCode=0.

expectedDeliveryTime

The expected number of hours before this order will be completed. This value can be ignored and has been deprecated for eIDAS certificates.

This parameter is only present when errorCode=0.

certificateID

The internal certificate ID of the certificate purchased by this order. This parameter is only present when showCertificateID=Y and errorCode=0.

сertificateStatus

The status of the certificate purchased by this order. This parameter is only present when showCertificateState=Y and errorCode=0.

Sample success response

0
123456789
210.00
Output Details

0

The successful response.

123456789

The Sectigo order number.

210.00

The amount debited to the account — $210.00.

Displayed price is for sample purposes only.

Sample error response

errorCode=-3&errorMessage=The+%27loginName%27+argument+is+missing%21

Error codes

Error Code Error Message Description

-1

Request was not made over HTTPS!

The request must use HTTPS protocol.

-2

'xxxx' is an unrecognized argument!

The provided argument is not recognized.

-3

The 'xxxx' argument is missing!

A required argument is missing from the request.

-4

The value of the 'xxxx' argument is invalid!

The argument value does not meet validation requirements.

-5

The CSR’s Common Name may NOT contain a wildcard!

The Common Name in the certificate signing request (CSR) must not include a wildcard character.

-6

The CSR’s Common Name MUST contain ONE wildcard!

The Common Name in the CSR must include exactly one wildcard character.

-7

'xx' is not a valid ISO-3166 country!

The specified country code is not valid according to the ISO-3166 standard.

-8

The CSR is missing a required field!

The CSR does not include all required fields.

-9

The CSR is not valid Base-64 data!

The CSR must be encoded in valid Base-64 format.

-10

The CSR cannot be decoded!

The CSR could not be decoded properly.

-11

The CSR uses an unsupported algorithm!

The CSR’s algorithm is not supported.

-12

The CSR has an invalid signature!

The signature on the CSR is invalid.

-13

The CSR uses an unsupported key size!

The key size in the CSR is not supported.

-14

An unknown error occurred!

An unknown error occurred.

-15

Not enough credit!

The account does not have sufficient credit.

-16

Permission denied! Contact Sectigo Support to have your account enabled for the !AutoApplyOrder API.

The user does not have permission to access the AutoApplyOrder API.

-17

Request used GET rather than POST!

The request method should be POST.

-18

The CSR’s Common Name may not be a Fully-Qualified Domain Name!

Common Names must not be a fully qualified domain name (FQDN).

-19

The CSR’s Common Name may not be an Internet-accessible IP Address!

Common Name must not be an Internet-accessible IP address.

-35

The CSR’s Common Name may not be an IP Address!

Common Name must not be an Internet-accessible IP address.

-40

The CSR uses a key that is believed to have been compromised!

The CSR’s key is on the compromised key list.

-47

'domainName' is already validated!

The specified domain name has already been validated.

-55

This Request Token is not unique!

The provided request token has already been used.

-65

PlanID for this product not found.

The specified PlanID for the product could not be found.

-68

Argument 'xxxx' can be used just with License products!

The specified parameter can only be used with license products.

-70

Invalid Email Address!

The provided email address is not valid.

-71

The previous order must have a license of the same type!

The previous order must include a license of the same type.

-81

The order must have a Document-Signing Certificate!

The order must include a document signing certificate.

-82

The order must have only one Web Package product!

The order can include only one Web Package product.

-83

'xxxx' is not applicable to this order!

The specified argument is not applicable for the current order.

-84

The order should include 'xxxx'!

The order must include the specified item.

-90

Permission denied 'Context'

The user does not have permission for the specified context.

-91

Permission denied 'Context'

The user does not have permission for the specified context.

-110

CSR decoding Internal Error

An internal error occurred while decoding the CSR.

-111

Tier1 Credit/Debit internal Error

The Tier1 credit/debit processing encountered an internal error.

-112

Tier1 Credit/Debit internal Error

The Tier1 credit/debit processing encountered an internal error.

-113

Tier1 Credit/Debit internal Error

The Tier1 credit/debit processing encountered an internal error.

-114

Unknown autoApply Type

The specified autoApply type is not recognized.

-115

No price found for 'xxx'! Contact Support!

No price information available for the specified item.

-116

Wrong Item Cost! Contact Support!

The provided item cost is incorrect.

-117

Wrong Item Cost! Contact Support!

The provided item cost is incorrect.

-118

Wrong product Identifier!

The specified product identifier is incorrect.

-119

Internal error occured!

An internal error occurred.

-120

'Role' arguments are missing for PSD2 certificate type!

The required role arguments for PSD2 certificate type are missing.

-121

"TAX" value is deprecated. The value "TIN" should be used instead'

Semantic error.

TAX is no longer a valid value.

Use TIN instead.

-121

Wrong format of 'xxxx' identifier.

Semantic error.

The format of the provided identifier is incorrect.

-121

Wrong country code value in 'xxxx' identifier.

Semantic error.

The country code in the provided identifier is incorrect.

-129

Error in key attestation verification 'Context'

An error occurred during key attestation verification for the specified context.

-150

Insufficient privileges to order this type of product

The user does not have sufficient privileges to order the specified product type.

-161

Parameter 'xxxx' is not applicable to this type of product!

The specified parameter is not valid for this product type.

-162

The CSR must not contain domain names that are not in the "domainNames" parameter!

The CSR contains domain names not listed in the domainNames parameter.