S/MIME certificate

Endpoint: !AutoApplyOrder

https://secure.trust-provider.com/products/!AutoApplyOrder

Use the POST method for this endpoint.

Submit parameters in the x-www-form-urlencoded format.

Request parameters

Parameter Requirement Type Max.Length Description

loginName

required

string

64 chars

Your account username.

loginPassword

required

string

128 chars

Your account password.

days

required

integer

The validity period, in days.

For S/MIME certificate products the allowed values are:

  • 365

  • 730

product

required

string

64 chars

Specifies a comma-separated string of integers for a product code.

There must be exactly one of the following integers specified:

  • 794 — Mailbox-validated multipurpose certificate

  • 795 — Mailbox-validated strict certificate

  • 796 — Organization-validated multipurpose certificate

csr

optional

string

32767 chars

The Base64-encoded certificate signing request (CSR), with or without the -----BEGIN xxxxx----- and -----END xxxxx----- header and footer.

For more information, see CSR parameter structure.

CSR can be formatted in pkcs10 or spkac.

sanEmailAddress

required

string

255 chars

The email address to be included in SAN certificate field.

showCollectionCode

optional

char

1 char

Specifies whether to include the collectionCode in the response.

The allowed values are:

  • Y — The collectionCode of the S/MIME certificate will be included in the result set.

  • N — The collectionCode of the S/MIME certificate will not be included in the result set.

organizationIdentifier

optional

char

100 chars

The organization identifier or the PSD2 authorization identifier recognized by the National Competent Authority.

organizationName

conditional

string

64 chars

Specifies the organization name.

If an organization name is specified here and prioritiseCSRValues is set to N, this value will be used instead of the organization name in the CSR.

This parameter is not required if there is an organization name in the CSR. Otherwise, organizationName is a required parameter.

stateOrProvinceName

conditional

string

128 chars

The state or province in which the organization operates.

countryName

optional

string

2 chars

The ISO-3166 two-letter code for the country where the organization operates.

appRepForename

optional

string

64 chars

The applicant representative’s first name which is used for the organizational callback by Sectigo.

appRepSurname

optional

string

64 chars

The applicant representative’s last name which is used for the organizational callback by Sectigo.

appRepTelephone

optional

string

32 chars

The applicant representative’s telephone number, used for the organizational callback by Sectigo.

appRepEmailAddress

required

string

255 chars

The email address of the customer to action the callback.

callbackMethod

optional

char

1 char

The callback method for verification of the applicant representative’s identity.

The allowed values are:

  • T — The applicant representative’s telephone number (appRepTelephone) is used to perform a callback verification. A verification code is communicated during the call to confirm the identity of the applicant representative.

  • E — An email, containing a callback verification code, is sent to the applicant representative.

smimeSubjectEmail

optional

string

255 chars

The email address in the subject:EmailAddress.

smimeSubjectCN

optional

char

1 char

Specifies whether to include the organization name in the subject:commonName.

The allowed values are:

  • Y — Organization name will be included in the subject:commonName.

  • N — Organization name will not be included in the subject:commonName.

If omitted, the value defaults to N.

streetAddress1

conditional

string

128 chars

The street address where the organization operates.

streetAddress2

optional

string

128 chars

The second part of the company’s street address (if necessary).

streetAddress3

optional

string

128 chars

The third part of the company’s street address (if necessary).

localityName

optional

string

128 chars

The city in which the organization operates.

postalCode

conditional

string

40 chars

The company’s postal code.

dunsNumber

optional

string

20 chars

A unique nine-digit identifier for businesses, provided by the company Dun & Bradstreet.

companyNumber

optional

string

64 chars

The registration number of the organization provided for validation purposes.

businessCategory

optional

char

1 char

The legal classification of the organization.

The allowed values are:

  • b — Private organization.

  • c — Government entity.

  • d — Business entity.

validationEmailAddress

optional

string

255 chars

The validation email address.

If specified, Sectigo will validate that this is the email address of the end customer. Sectigo will not send any emails to this email address. Instead Sectigo will trust you, the Partner, to forward emails to this end customer as appropriate.

contactEmailAddress

optional

string

255 chars

The contact email address.

If specified, this email address will be the only email address that Sectigo validation department will correspond with during the processing of this order.

appRepTitle

optional

string

64 chars

The applicant representative’s job title which is used for the organizational callback by Sectigo.

languageName

optional

string

2 chars

The language name, specified using ISO639-1 two-character language code.

If omitted, the default language is English.

An account can contain multiple email templates in different languages for callback, Enterprise Authentication for the instant issuance, S/MIME request processing, or the missing shipping details request.

You may specify exactly one of the following values:

  • en — English

  • zh — Chinese-Mandarin

  • da — Danish

  • nl — Dutch

  • fr — French

  • de — German

  • it — Italian

  • ja — Japanese

  • ko — Korean

  • pt — Portuguese

  • ru — Russian

  • es — Spanish

  • sv — Swedish

  • tr — Turkish

If provided, the following parameters override languageName:

  • callBackTemplateID

  • maCreationTemplateID

  • SMIMEVerificationTemplateID

  • SMIMERequestTemplateID

  • SMIMECollectionTemplateID

  • shippingTemplateID

  • agreementTemplateID

SMIMEVerificationTemplateID

optional

integer

Specifies whether to override Sectigo’s default choice of S/MIME Verification Email template to be used to validate this certificate.

An account can contain multiple email templates. Contact Support for the S/MIME Mailbox Control Validation Email templates.

Contact your account manager if you would like to set up one or more of your own DCV email templates that can be referenced by this parameter.

SMIMERequestTemplateID

optional

integer

Specifies whether to override Sectigo’s default choice of S/MIME Request Email template to be used to process the order.

An account can contain multiple email templates. Contact Support for the S/MIME Request Email templates.

SMIMERequestTemplateID prevails over languageName if both of these parameters are provided.

Contact your account manager if you would like to set up one or more of your own S/MIME Request Email templates that can be referenced by this parameter.

SMIMECollectionTemplateID

optional

integer

Specifies whether to override Sectigo’s default choice of S/MIME Collection Email template to be used to collect the issued certificate.

An account can contain multiple email templates. Please contact Support for the S/MIME Collection Email templates.

SMIMECollectionTemplateID prevails over languageName if both of these parameters are provided.

Contact your account manager if you would like to set up one or more of your own S/MIME Collection Email templates that can be referenced by this parameter.

callBackTemplateID

optional

integer

Specifies whether to override Sectigo’s default choice of callback email template to be used to validate this certificate.

An account can contain multiple callback email templates. Contact Support for the callback template.

callBackTemplateID prevails over languageName if both of these parameters are provided.

Contact your account manager if you would like to set up one or more of your own callback email templates that can be referenced by this parameter.

maCreationTemplateID

optional

integer

If specified, this parameter overrides Sectigo’s default choice of email template for Enterprise Authentication for the instant issuance to be used to validate this certificate.

An account can contain multiple email templates for Enterprise Authentication for the instant issuance. Contact Support for the templates for Enterprise Authentication for the instant issuance.

maCreationTemplateID prevails over languageName if both of these parameters are provided.

Contact your account manager if you would like to set up one or more of your own email templates of aforesaid type that can be referenced by this parameter.

shippingTemplateID

optional

integer

Specifies whether to override Sectigo’s default choice of shipping Email template to be used to process the order.

An account can contain multiple email templates. Contact Support for the shipping email templates.

shippingTemplateID prevails over languageName if both of these parameters are provided.

Contact your account manager if you would like to set up one or more of your own shipping mail templates that can be referenced by this parameter.

agreementTemplateID

optional

integer

Specifies the Subscriber Agreement email template ID to be used for the order.

agreementTemplateID prevails over languageName if both of these parameters are provided.

isCustomerValidated

required

char

1 char

Specifies whether the customer will validate the customer’s documents.

The allowed values are:

  • Y — The customer validates the customer’s documents.

  • N — The customer does not validate the customer’s documents.

isAppRepValidated

optional

char

1 char

Specifies who will verify the applicant representative’s contact details before the callback is performed.

The allowed values are:

  • Y — The Partner Reseller has verified that the applicant representative’s contact details are legitimate, using a data source other than the applicant. Only Partner Resellers with sufficient RA privileges may specify Y.

  • N — Sectigo will verify the applicant representative’s contact details before performing the callback using the method specified by callbackMethod.

isCallbackCompleted

optional

char

1 char

Specifies who will perform the callback.

The allowed values are:

  • Y — The Partner has completed the callback and verified the identity of the applicant representative. Only Partner Resellers with sufficient RA privileges may specify Y. If isCallbackCompleted=Y is specified, then isAppRepValidated=Y must also be specified.

  • N — Sectigo will perform the callback using the method specified by callbackMethod.

foreignOrderNumber

optional

char

64 chars

The external order number.

This identifier can be returned by some of our other APIs to aid in integration with partner systems.

checkFONIsUnique

optional

char

1 char

Specifies whether to check that the foreignOrderNumber parameter is unique for this account.

The allowed values are:

  • Y — The foreignOrderNumber parameter if specified must not have already been used for any order placed by this account.

  • N —  The foreignOrderNumber parameter is not checked for uniqueness.

signerTitle

optional

string

64 chars

(OV S/MIME certificates only) The title of a natural person who is either the Applicant, employed by the applicant, or an authorized agent who has authority on behalf of the applicant to sign subscriber agreements.

This parameter is optional and may be omitted if the Applicant Representative and the Signer are the same individual.

This should be a person with legal authority to accept the Subscriber Agreement on behalf of the organization named in the certificate.

signerForename

optional

string

64 chars

(OV S/MIME certificates only) The first name of a natural person who is either the applicant, employed by the applicant, or an authorized agent who has authority on behalf of the applicant to sign subscriber agreements.

This parameter is optional and may be omitted if the Applicant Representative and the Signer are the same individual.

This should be a person with legal authority to accept the Subscriber Agreement on behalf of the organization named in the certificate.

signerSurname

optional

string

64 chars

(OV S/MIME certificates only) The surname of a natural person who is either the applicant, employed by the applicant, or an authorized agent who has authority on behalf of the applicant to sign subscriber agreements.

This parameter is optional and may be omitted if the Applicant Representative and the Signer are the same individual.

This should be a person with legal authority to accept the Subscriber Agreement on behalf of the organization named in the certificate.

signerEmailAddress

optional

string

255 chars

(OV S/MIME certificates only) The email address of a natural person who is either the applicant, employed by the applicant, or an authorized agent who has authority on behalf of the applicant to sign subscriber agreements.

This parameter is optional and may be omitted if the Applicant Representative and the Signer are the same individual.

This should be a person with legal authority to accept the Subscriber Agreement on behalf of the organization named in the certificate.

signerTelephone

optional

string

32 chars

(OV S/MIME certificates only) The phone number of a natural person who is either the applicant, employed by the applicant, or an authorized agent who has authority on behalf of the applicant to sign subscriber agreements.

This parameter is optional and may be omitted if the Applicant Representative and the Signer are the same individual.

This should be a person with legal authority to accept the Subscriber Agreement on behalf of the organization named in the certificate.

responseFormat

optional

char

1 char

Specifies the response format.

The allowed values are:

  • 0 — Newline-delimited parameters.

  • 1 — URL-encoded parameters.

If omitted, the value defaults to 0.

test

optional

char

1 char

Specifies whether this is a test order.

The allowed values are:

  • Y — The account will not be charged and the order will be processed as a test order.

  • N — The order will be processed as a live order.

If omitted, the value defaults to N.

showCertificateID

optional

char

1 char

Specifies whether to include the certificate ID in the response.

The allowed values are:

  • Y — The certificate ID of the certificate generated by the order is also part of the result set.

  • N — The certificate ID is not included in the result set.

If omitted, the value defaults to N.

showCertificateState

optional

char

1 char

Specifies whether to include the certificate state in the response.

  • The allowed values are:

  • Y — The state of the certificate generated by the order will be a part of the result set.

  • N — The state of the certificate generated by the order will not be a part of the result set.

Sample request

curl --location 'https://secure.trust-provider.com/products/!AutoApplyOrder' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'loginName=login_name' \
--data-urlencode 'loginPassword=login_password' \
--data-urlencode 'product=796' \
--data-urlencode 'days=365' \
--data-urlencode 'csr=-----BEGIN CERTIFICATE REQUEST-----
MIIBbTCCARQCAQAwUjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWEx
FDASBgNVBAcMC0xvcyBBbmdlbGVzMRgwFgYDVQQKDA9WUFMgQ29tcGFueSBMVEQw
...
KoZIzj0EAwIDRwAwRAIgFXw3dHxg+LXujer93tive8DB1IgNXmSKHB3C4b2wTWsC
IFXk0PYSJ2GuQfZ71KX0Pyn8ngNloZZQ+eqHabZerssX
-----END CERTIFICATE REQUEST-----' \
--data-urlencode '[email protected]' \
--data-urlencode 'stateOrProvinceName=CA' \
--data-urlencode 'countryName=US' \
--data-urlencode 'organizationName=Company Custom 2280295' \
--data-urlencode 'appRepForename=John' \
--data-urlencode 'appRepSurname=Doe' \
--data-urlencode 'organizationIdentifier=COMPANY-123456789' \
--data-urlencode 'appRepTelephone=+18882666361' \
--data-urlencode 'callbackMethod=T' \
--data-urlencode '[email protected]' \
--data-urlencode 'isCustomerValidated=N' \
--data-urlencode 'streetAddress1=Elm Street 12'

Response

The request is successful when the server returns a response with the error code 0.

Any error code less than 0 indicates an error condition, and the error message provides additional details.

Error responses are returned in application/x-www-form-urlencoded format.

Response format 0 (Plain text)

The MIME type will be text/plain for responseFormat=0 (by default).

The first line of the response contains a status code.

Whether 0 or 1 is returned for successful orders depends on how your account is configured with Sectigo. Usually, you will take payment from your customer and Sectigo will debit your account funds when you place the order. However, in special circumstances it can be arranged for Sectigo to take payment from your customer on your behalf.

If the status code is less than 0, the second line of the response contains an error message describing the error.

If the status code is greater than or equal to 0, the response can contain the following lines which provide:

Line Possible Value Description

Line 1

The status of the order. For more information, see Error codes.

The status code.

Line 2

An integer.

The second line contains an order number.

Line 3

  • If the status code = 0, it contains the debited amount.

  • If the status code = 1, it contains the required amount, not including UK VAT (if required).

The amount in your account’s native currency, without a currency symbol.

Line 4

The expected delivery time.

This value can be ignored and has been deprecated for S/MIME certificates.

Line 5 (if applicable)

The internal certificate ID of the certificate purchased by this order.

The certificate ID, up to 16 digits. Returned if showCertificateID=Y.

Line 5 or 6 (if applicable)

A unique alphanumeric value up to 20 characters long.

The certificate state. Returned if showCertificateState=Y.

Response format 1 (URL-encoded)

Most of Sectigo’s API endpoints use URL-encoded responses. AutoApplyOrder can return responses in the same format by specifying responseFormat=1 in the request.

The MIME type will be application/x-www-form-urlencoded for responseFormat=1.

The following table displays the various parameters that can appear for responseFormat=1.

Parameter Description

errorCode

A numeric code that identifies the type of error and is always present in the response.

For more information, see Error codes.

errorMessage

A description of the error.

errorMessage is not present when the status code = 0.

orderNumber

An integer. This parameter is only present when errorCode=0.

totalCost

The amount in your account’s native currency, without a currency symbol. This parameter is only present when errorCode=0.

expectedDeliveryTime

The expected number of hours before this order will be completed. This value can be ignored and has been deprecated for S/MIME certificates.

This parameter is only present when errorCode=0.

certificateID

The internal certificate ID of the certificate purchased by this order. This parameter is only present when showCertificateID=Y and errorCode=0.

сertificateStatus

The status of the certificate purchased by this order. This parameter is only present when showCertificateState=Y and errorCode=0.

Sample success response

0
987654321
210.00
Output Details

0

The successful response.

987654321

The Sectigo order number.

210.00

The amount debited to the account — $210.00.

Displayed price is for sample purposes only.

Sample error response

errorCode=-16&errorMessage=Incorrect+login+details%2C+account+is+locked%2C+password+has+expired+or+your+source+IP+is+blocked.

Error codes

Error Code Error Message Description

-1

Request was not made over HTTPS!

The request must use HTTPS protocol.

-2

'xxxx' is an unrecognized argument!

The provided argument is not recognized.

-3

The 'xxxx' argument is missing!

A required argument is missing from the request.

-4

The value of the 'xxxx' argument is invalid!

The argument value does not meet validation requirements.

-5

The CSR’s Common Name may NOT contain a wildcard!

The Common Name in the certificate signing request (CSR) must not include a wildcard character.

-6

The CSR’s Common Name MUST contain ONE wildcard!

The Common Name in the CSR must include exactly one wildcard character.

-7

'xx' is not a valid ISO-3166 country!

The specified country code is not valid according to the ISO-3166 standard.

-8

The CSR is missing a required field!

The CSR does not include all required fields.

-9

The CSR is not valid Base-64 data!

The CSR must be encoded in valid Base-64 format.

-10

The CSR cannot be decoded!

The CSR could not be decoded properly.

-11

The CSR uses an unsupported algorithm!

The CSR’s algorithm is not supported.

-12

The CSR has an invalid signature!

The signature on the CSR is invalid.

-13

The CSR uses an unsupported key size!

The key size in the CSR is not supported.

-14

An unknown error occurred!

An unknown error occurred.

-15

Not enough credit!

The account does not have sufficient credit.

-16

Permission denied! Contact Sectigo Support to have your account enabled for the !AutoApplyOrder API.

The user does not have permission to access the AutoApplyOrder API.

-17

Request used GET rather than POST!

The request method should be POST.

-18

The CSR’s Common Name may not be a Fully-Qualified Domain Name!

Common Names must not be a fully qualified domain name (FQDN).

-19

The CSR’s Common Name may not be an Internet-accessible IP Address!

Common Name must not be an Internet-accessible IP address.

-35

The CSR’s Common Name may not be an IP Address!

Common Name must not be an Internet-accessible IP address.

-40

The CSR uses a key that is believed to have been compromised!

The CSR’s key is on the compromised key list.

-47

'domainName' is already validated!

The specified domain name has already been validated.

-65

PlanID for this product not found.

The specified PlanID for the product could not be found.

-68

Argument 'xxxx' can be used just with License products!

The specified parameter can only be used with license products.

-70

Invalid Email Address!

The provided email address is not valid.

-82

The order must have only one Web Package product!

The order can include only one Web Package product.

-83

'xxxx' is not applicable to this order!

The specified argument is not applicable for the current order.

-84

The order should include 'xxxx'!

The order must include the specified item.

-90

Permission denied 'Context'

The user does not have permission for the specified context.

-91

Permission denied 'Context'

The user does not have permission for the specified context.

-110

CSR decoding Internal Error

An internal error occurred while decoding the CSR.

-111

Tier1 Credit/Debit internal Error

The Tier1 credit/debit processing encountered an internal error.

-112

Tier1 Credit/Debit internal Error

The Tier1 credit/debit processing encountered an internal error.

-113

Tier1 Credit/Debit internal Error

The Tier1 credit/debit processing encountered an internal error.

-114

Unknown autoApply Type

The specified autoApply type is not recognized.

-115

No price found for 'xxx'! Contact Support!

No price information available for the specified item.

-116

Wrong Item Cost! Contact Support!

The provided item cost is incorrect.

-117

Wrong Item Cost! Contact Support!

The provided item cost is incorrect.

-118

Wrong product Identifier!

The specified product identifier is incorrect.

-119

Internal error occured!

An internal error occurred.

-120

'Role' arguments are missing for PSD2 certificate type!

The required role arguments for PSD2 certificate type are missing.

-121

"TAX" value is deprecated. The value "TIN" should be used instead'

Semantic error.

TAX is no longer a valid value.

Use TIN instead.

-121

Wrong format of 'xxxx' identifier.

Semantic error.

The format of the provided identifier is incorrect.

-121

Wrong country code value in 'xxxx' identifier.

Semantic error.

The country code in the provided identifier is incorrect.

-129

Error in key attestation verification 'Context'

An error occurred during key attestation verification for the specified context.

-150

Insufficient privileges to order this type of product

The user does not have sufficient privileges to order the specified product type.

-161

Parameter 'xxxx' is not applicable to this type of product!

The specified parameter is not valid for this product type.

-162

The CSR must not contain domain names that are not in the "domainNames" parameter!

The CSR contains domain names not listed in the domainNames parameter.