SSL certificates
Endpoint: !AutoApplyOrder
https://secure.trust-provider.com/products/!AutoApplyOrderUse the POST method for this endpoint.
Submit parameters in the x-www-form-urlencoded format.
Request parameters
| Parameter | Requirement | Type | Max.Length | Description | ||
|---|---|---|---|---|---|---|
|
required |
string |
64 chars |
Your account username. |
||
|
required |
string |
128 chars |
Your account password. |
||
|
required |
string |
64 chars |
Specifies a comma-separated string of integers for a product code. There must be exactly one of the following integers specified:
|
||
|
required |
integer |
The validity period, in days. The allowed values are:
Sectigo allows purchase of a certificate bundle for multiple years.
Two, three, four, and five-year certificates bundle can be placed by setting the
|
|||
|
required |
char |
1 char |
Specifies whether the customer will validate the customer’s documents. The allowed values are:
|
||
|
required |
integer |
Specifies the server software code. The allowed values are:
This parameter does not directly affect the certificate content.
Use |
|||
|
required |
string |
32767 chars |
The Base64‑encoded certificate signing request (CSR) with or without the For more information, see CSR parameter structure. |
||
|
optional |
string |
32 chars |
Specifies the domain control validation (DCV) method. The allowed values are:
If omitted, the value defaults to |
||
|
conditional |
string |
255 chars |
(Single-domain SSL certificates only) The domain control validation email address. If specified, this email address must be an acceptable email address with which to perform Domain Control Validation (DCV) for this certificate.
For more information, see Alternative DCV mechanisms are available. For more information, see Domain Control Validation. |
||
|
conditional |
string |
32767 chars |
(Multi-domain SSL certificates only) The comma or white-space-separated list of DCV email addresses to be used to perform Domain Control Validation for each domain in this certificate. The order in which these email addresses are listed must be exactly the same as the order of the domain names in the certificate request.
For more information, see the preceding Alternative DCV methods can also be specified in this parameter. You can pass the following values for each relevant domain:
The allowed magic tokens if all domains in the order need to be set to the same alternative DCV method:
|
||
|
optional |
string |
32767 chars |
(EV and OV Multi-domain SSL certificates only) Specifies DCV using token-based validation. Allowed values include:
|
||
|
optional |
string |
64 chars |
(Single-domain SSL certificates only) The primary domain name. |
||
|
optional |
string |
32767 chars |
(Multi-domain SSL certificates only) List of domains included in the certificate. |
||
|
optional |
string |
64 chars |
(Multi-domain SSL certificates only) The primary domain (Common Name). |
||
|
optional |
integer |
(Multi-domain SSL certificates only) Number of Common Names included in the subject. |
|||
|
conditional |
string |
64 chars |
(OV/EV certificates only) Organization name to be included in the certificate. |
||
|
conditional |
string |
128 chars |
(OV/EV certificates only) Organization street address. |
||
|
conditional |
string |
128 chars |
The city in which the organization operates. Providing it in any product request that requires organization validation can help speed up the validation process.
If a locality name is specified here and in the CSR, If there is a locality name in the CSR, |
||
|
conditional |
string |
128 chars |
The state or province in which the organization operates. If a state or province name is specified here and in the CSR, If there is a state or province name in the CSR, |
||
|
conditional |
string |
40 chars |
The company’s postal code. If a postal code is specified here and in the CSR, If there is a postal code in the CSR, |
||
|
conditional |
string |
2 chars |
An ISO 3166 two-character country code. If a country name is specified here and If there is a country name in the CSR, |
||
|
optional |
char |
1 char |
The legal classification of the organization. The allowed values are:
|
||
|
optional |
string |
20 chars |
A unique nine-digit identifier for businesses, provided by the company Dun & Bradstreet. |
||
|
optional |
string |
64 chars |
The registration number of the organization provided for validation purposes. |
||
|
required |
string |
2 chars |
(EV certificates only) Jurisdiction country. |
||
|
optional |
string |
128 chars |
(EV certificates only) Jurisdiction state or province. |
||
|
optional |
string |
128 chars |
(EV certificates only) Jurisdiction city. |
||
|
optional |
string |
10 chars |
(EV certificates only) The date of incorporation ( |
||
|
optional |
string |
64 chars |
(EV certificates only) An optional name under which the organization operates that is different from its legal name. This is a so-called DBA (doing business as) name for the company (if any). |
||
|
required |
string |
255 chars |
(OV/EV certificates only) The applicant representative’s email address which is used for the organizational callback by Sectigo. Used for critical customer communications:
|
||
|
conditional |
string |
64 chars |
(OV/EV certificates only) The applicant representative’s name which is used for the organizational callback by Sectigo. Required when Sectigo will perform the organizational callback and/or when HackerGuardian, HackerProof and products with additional HackerGuardian license are involved with your order. |
||
|
conditional |
string |
64 chars |
(OV/EV certificates only) The applicant representative’s last name which is used for the organizational callback by Sectigo. Required when Sectigo will perform the organizational callback and/or when HackerGuardian, HackerProof and products with additional HackerGuardian license are involved with your order. |
||
|
optional |
string |
32 chars |
(OV/EV certificates only) The applicant representative’s email address which is used for the organizational callback by Sectigo. Required when Sectigo will perform the organizational callback. |
||
|
optional |
char |
1 char |
Specifies who will verify the applicant representative’s contact details before the callback is performed. The allowed values are:
|
||
|
optional |
char |
1 char |
(OV/EV certificates only) The callback method for verification of the applicant representative’s identity. The allowed values are:
|
||
|
optional |
string |
2 chars |
The language name, specified using ISO639-1 two-character language code. If omitted, the default language is English. An account can contain multiple email templates in different languages for callback, Enterprise Authentication for the instant issuance, S/MIME request processing, or the missing shipping details request. You may specify exactly one of the following values:
If provided, the following parameters override
|
||
|
optional |
integer |
Specifies whether to override Sectigo’s default choice of callback email template to be used to validate this certificate. An account can contain multiple callback email templates. Contact Support for the callback template.
Contact your account manager if you would like to set up one or more of your own callback email templates that can be referenced by this parameter. |
|||
|
optional |
integer |
(OV/EV SSL only) If specified, this parameter overrides Sectigo’s default choice of email template for Enterprise Authentication for the instant issuance to be used to validate this certificate. An account can contain multiple email templates for Enterprise Authentication for the instant issuance. Contact Support for the templates for Enterprise Authentication for the instant issuance.
Contact your account manager if you would like to set up one or more of your own email templates of aforesaid type that can be referenced by this parameter. |
|||
|
optional |
integer |
(OV/EV SSL) Specifies the Subscriber Agreement email template ID to be used for the order.
|
|||
|
optional |
string |
20 chars |
An alphanumeric value used to ensure the Request Token is unique for The request tokens are as defined in the CA/B Forum Baseline requirements (version 1.4.1 or later) and used in the manner described in Sectigo’s Domain Control Validation. If the If the |
||
|
optional |
char |
1 char |
Specifies which values to use when the same field is present in both the CSR and the request parameters. The allowed values are:
If omitted, the value defaults to |
||
|
optional |
integer |
Specifies a particular issuing CA certificate. |
|||
|
optional |
char |
1 char |
Specifies whether to include the certificate ID in the response. |
||
|
optional |
char |
1 char |
Specifies whether to include the certificate state in the response. |
||
|
optional |
char |
1 char |
(Single-domain SSL certificates only) Specifies whether an additional FQDN is included in the certificate. The allowed values are:
If omitted, the value defaults to |
||
|
optional |
char |
1 char |
Specifies whether the SiteLock bundle is excluded from the SSL certificate order. The allowed values are:
If omitted, the value defaults to |
||
|
optional |
char |
1 char |
(OV/EV certificates only) Specifies whether to ignore the master account settings for Enterprise Authentication for the instant issuance for this order. The allowed values are:
If omitted, the value defaults to |
||
|
optional |
string |
255 chars |
(Identity Authority product only) An email address to add to IdAuthority for display in TrustLogo popups. Applicable if a TrustLogo is being ordered. |
||
|
optional |
string |
32 chars |
(Identity Authority product only) A telephone number to add to IdAuthority for display in TrustLogo popups. Applicable if a TrustLogo is being ordered. |
||
|
optional |
string |
32 chars |
(Identity Authority product only) A fax number to add to IdAuthority for display in TrustLogo popups. Applicable if a TrustLogo is being ordered. |
||
|
optional |
string |
255 chars |
The alternative issuance email address. If specified, the certificate will be emailed to this email address rather than the applicant’s admin email address. If the value specified is 'none', no certificate issuance email will be sent at all.
It is useful if you intend to collect the certificate with |
||
|
optional |
char |
64 chars |
The external order number. This identifier can be returned by some of our other APIs to aid in integration with partner systems. |
||
|
optional |
char |
1 char |
Specifies whether to check that the The allowed values are:
|
||
|
optional |
string |
64 chars |
(OV/EV SSL only) The title of a natural person who is either the Applicant, employed by the applicant, or an authorized agent who has authority on behalf of the applicant to sign subscriber agreements. This parameter is optional and may be omitted if the Applicant Representative and the Signer are the same individual.
|
||
|
optional |
string |
64 chars |
(OV/EV SSL only) The first name of a natural person who is either the applicant, employed by the applicant, or an authorized agent who has authority on behalf of the applicant to sign subscriber agreements. This parameter is optional and may be omitted if the Applicant Representative and the Signer are the same individual.
|
||
|
optional |
string |
64 chars |
(OV/EV SSL only) The surname of a natural person who is either the applicant, employed by the applicant, or an authorized agent who has authority on behalf of the applicant to sign subscriber agreements. This parameter is optional and may be omitted if the Applicant Representative and the Signer are the same individual.
|
||
|
optional |
string |
255 chars |
(OV/EV SSL only) The email address of a natural person who is either the applicant, employed by the applicant, or an authorized agent who has authority on behalf of the applicant to sign subscriber agreements. This parameter is optional and may be omitted if the Applicant Representative and the Signer are the same individual.
|
||
|
optional |
string |
32 chars |
(OV/EV SSL only) The phone number of a natural person who is either the applicant, employed by the applicant, or an authorized agent who has authority on behalf of the applicant to sign subscriber agreements. This parameter is optional and may be omitted if the Applicant Representative and the Signer are the same individual.
|
||
|
optional |
string |
255 chars |
The cryptographic service provider (CSP). If omitted, the value defaults to 'Microsoft Enhanced Cryptographic Provider v1.0'. |
||
|
optional |
char |
1 char |
Specifies the response format. The allowed values are:
If omitted, the value defaults to |
||
|
optional |
char |
1 char |
Specifies whether this is a test order. The allowed values are:
If omitted, the value defaults to |
curl --location 'https://secure.trust-provider.com/products/!AutoApplyOrder' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'loginName=login_name' \
--data-urlencode 'loginPassword=login_password' \
--data-urlencode 'days=365' \
--data-urlencode 'product=287' \
--data-urlencode 'responseFormat=1' \
--data-urlencode 'serverSoftware=-1' \
--data-urlencode 'csr=-----BEGIN CERTIFICATE REQUEST-----
MIIC0DCCAbgCAQAwSDETMBEGA1UEAwwKdnBzLXFhLmNvbTELMAkGA1UEBhMCUk8x
FTATBgNVBAgMDElhyJlpIENvdW50eTENMAsGA1UEBwwESWFzaTCCASIwDQYJKoZI
...
LPo1p2nDNJ31Y+ZCRYczmaD7Vhw9n5IVSReiTF/1cq7zoUzhtc93v3DQBTP5jMAB
6twg2O/KReq9Z/Wsud7CC0ABxzpiGg0E7o4iZeIzid+lZ9h4g5W2nhXnUQSuNY1y
79muBw==
-----END CERTIFICATE REQUEST-----' \
--data-urlencode 'isCustomerValidated=N' \
--data-urlencode '[email protected]'Response
The request is successful when the server returns a response with the error code 0.
Any error code less than 0 indicates an error condition, and the error message provides additional details.
Error responses are returned in application/x-www-form-urlencoded format.
Response format 0 (Plain text)
The MIME type will be text/plain for responseFormat=0 (by default).
The first line of the response contains a status code.
Whether 0 or 1 is returned for successful orders depends on how your account is configured with Sectigo.
Usually, you will take payment from your customer and Sectigo will debit your account funds when you place the order.
However, in special circumstances it can be arranged for Sectigo to take payment from your customer on your behalf.
|
If the status code is less than 0, the second line of the response contains an error message describing the error.
If the status code is greater than or equal to 0, the response can contain the following lines which provide:
| Line | Possible Value | Description |
|---|---|---|
Line 1 |
The status of the order. For more information, see Error codes. |
The status code. |
Line 2 |
An integer. |
The second line contains an order number. |
Line 3 |
|
The amount in your account’s native currency, without a currency symbol. |
Line 4 |
The possible values are:
|
The expected delivery time. |
Line 5 (if applicable) |
The internal certificate ID of the certificate purchased by this order. |
The certificate ID, up to 16 digits.
Returned if |
Line 5 or 6 (if applicable) |
A unique alphanumeric value up to 20 characters long. |
The certificate state.
Returned if |
Line 5, 6 or 7 (if applicable) |
A unique alphanumeric value up to 20 characters long. |
The unique value.
Returned if the |
Response format 1 (URL-encoded)
Most of Sectigo’s API endpoints use URL-encoded responses. AutoApplySSL can return responses in the same format by specifying responseFormat=1 in the request.
The MIME type will be application/x-www-form-urlencoded for responseFormat=1.
The following table displays the various parameters that can appear for responseFormat=1.
| Parameter | Description |
|---|---|
|
A numeric code that identifies the type of error and is always present in the response. For more information, see Error codes. |
|
A description of the error.
|
|
An integer.
This parameter is only present when |
|
The amount in your account’s native currency, without a currency symbol.
This parameter is only present when |
|
The expected number of hours before this order will be completed.
This parameter is only present when The possible values are:
|
|
The internal certificate ID of the certificate purchased by this order.
This parameter is only present when |
|
The status of the certificate purchased by this order.
This parameter is only present when |
|
A unique alphanumeric value up to 20 characters long.
Only returned if the |
Sample success response
0
123456789
35.00
ImWhh1J1| Output | Details | ||
|---|---|---|---|
|
The successful response. |
||
|
The Sectigo order number. |
||
|
The amount debited to the account — $35.00.
|
||
|
A |
Error codes
| Error Code | Error Message | Description |
|---|---|---|
|
|
The request must use HTTPS protocol. |
|
|
The provided argument is not recognized. |
|
|
A required argument is missing from the request. |
|
|
The argument value does not meet validation requirements. |
|
|
The Common Name in the certificate signing request (CSR) must not include a wildcard character. |
|
|
The Common Name in the CSR must include exactly one wildcard character. |
|
|
The specified country code is not valid according to the ISO-3166 standard. |
|
|
The CSR does not include all required fields. |
|
|
The CSR must be encoded in valid Base-64 format. |
|
|
The CSR could not be decoded properly. |
|
|
The CSR’s algorithm is not supported. |
|
|
The signature on the CSR is invalid. |
|
|
The key size in the CSR is not supported. |
|
|
An unknown error occurred. |
|
|
The account does not have sufficient credit. |
|
|
The user does not have permission to access the |
|
|
The request method should be POST. |
|
|
Common Names must not be a fully qualified domain name (FQDN). |
|
|
Common Name must not be an Internet-accessible IP address. |
|
|
Common Name must not be an Internet-accessible IP address. |
|
|
The CSR’s key is on the compromised key list. |
|
|
The specified domain name has already been validated. |
|
|
The provided request token has already been used. |
|
|
The specified PlanID for the product could not be found. |
|
|
The specified parameter can only be used with license products. |
|
|
The provided email address is not valid. |
|
|
The account has already ordered this specific SWP product. |
|
|
The order can include only one Web Package product. |
|
|
The specified argument is not applicable for the current order. |
|
|
The order must include the specified item. |
|
|
The user does not have permission for the specified context. |
|
|
The user does not have permission for the specified context. |
|
|
An internal error occurred while decoding the CSR. |
|
|
The Tier1 credit/debit processing encountered an internal error. |
|
|
The Tier1 credit/debit processing encountered an internal error. |
|
|
The Tier1 credit/debit processing encountered an internal error. |
|
|
The specified |
|
|
No price information available for the specified item. |
|
|
The provided item cost is incorrect. |
|
|
The provided item cost is incorrect. |
|
|
The specified product identifier is incorrect. |
|
|
An internal error occurred. |
|
|
Semantic error. TAX is no longer a valid value. Use TIN instead. |
|
|
Semantic error. The format of the provided identifier is incorrect. |
|
|
Semantic error. The country code in the provided identifier is incorrect. |
|
|
The user does not have sufficient privileges to order the specified product type. |
|
|
The specified parameter is not valid for this product type. |
|
|
The CSR contains domain names not listed in the |