Request

Endpoint: CollectPAC

https://secure.trust-provider.com/products/download/CollectPAC

Use the POST method for this endpoint.

Submit parameters in the x-www-form-urlencoded format.

Request parameters

The following table displays the required, optional, and conditional parameters.

Parameter Requirement Type Max.Length Description

Parameter	Requirement	Type	Max.Length	Description
`loginName`	required	string	64 chars	Your account username. This value is case sensitive.
`loginPassword`	required	string	128 chars	Your account password. This value is case sensitive.
`orderNumber`	optional	integer		The order number previously returned to your account (for example, from the `PlaceOrder` call).
`collectionCode`	required	string	16 chars	The collection code provided in the collection email. If specified, `CollectPAC` may be called over `HTTP` instead of `HTTPS`.
`queryType`	required	integer		Specifies the type of query. The allowed values are: `0` — Return the status only. `1` — Return the status and the certificate data and intermediates/roots if ready for collection. `2` — Return the status and the certificate only (no intermediates/roots) (crt). `3` — Return the status and intermediates/roots only (cabundle).
`responseType`	optional	integer		Specifies the format of the returned certificate data. The allowed values are: `1` — Netscape Certificate Sequence. `queryType` must be `1`. `2` — PKCS7. `queryType` must be `1`. `3` — Individually encoded. `4` — CMMF. `queryType` must be `1`. If omitted, the value defaults to `3`.
`responseEncoding`	optional	integer		Specifies the encoding of the returned certificate data. The allowed values are: `0` — Base64-encoded. `1` — Binary encoded. `queryType` must be `1`; `responseType` must be `0` or `2`. `2` — Javascript variable declarations (`g_ccc` contains the `BASE64` structure requested by `responseType`; `g_errorCode` contains the status code; `g_errorMessage` contains an error message). For more information, see Error codes. If omitted, the value defaults to `0`.
`responseMimeType`	optional	string	255 chars	For `responseEncoding=2`, the default value (if this parameter is omitted) is `text/javascript`. For other `responseEncoding` value, the default value is `text/plain`. Any MIME type can be used (for example, `application/x-x509-user-cert`).
`showValidityPeriod`	optional	char	1 char	Specifies the validity period of the certificate. The allowed values are: `Y` — Show the validity period. `N` — Do not show the validity period. If omitted, the value defaults to `N`.

loginName

required

string

64 chars

Your account username.

This value is case sensitive.

loginPassword

required

string

128 chars

Your account password.

This value is case sensitive.

orderNumber

optional

integer

The order number previously returned to your account (for example, from the PlaceOrder call).

collectionCode

required

string

16 chars

The collection code provided in the collection email.

If specified, CollectPAC may be called over HTTP instead of HTTPS.

queryType

required

integer

Specifies the type of query.

The allowed values are:

0 — Return the status only.
1 — Return the status and the certificate data and intermediates/roots if ready for collection.
2 — Return the status and the certificate only (no intermediates/roots) (crt).
3 — Return the status and intermediates/roots only (cabundle).

responseType

optional

integer

Specifies the format of the returned certificate data.

The allowed values are:

1 — Netscape Certificate Sequence. queryType must be 1.
2 — PKCS7. queryType must be 1.
3 — Individually encoded.
4 — CMMF. queryType must be 1.

If omitted, the value defaults to 3.

responseEncoding

optional

integer

Specifies the encoding of the returned certificate data.

The allowed values are:

0 — Base64-encoded.
1 — Binary encoded. queryType must be 1; responseType must be 0 or 2.
2 — Javascript variable declarations (g_ccc contains the BASE64 structure requested by responseType; g_errorCode contains the status code; g_errorMessage contains an error message).

For more information, see Error codes.

If omitted, the value defaults to 0.

responseMimeType

optional

string

255 chars

For responseEncoding=2, the default value (if this parameter is omitted) is text/javascript.

For other responseEncoding value, the default value is text/plain.

Any MIME type can be used (for example, application/x-x509-user-cert).

showValidityPeriod

optional

char

1 char

Specifies the validity period of the certificate.

The allowed values are:

Y — Show the validity period.
N — Do not show the validity period.

If omitted, the value defaults to N.

If the order was placed without providing loginName and LoginPassword, the Reseller with the PAC privilege set to 2 (set by default) can collect the certificate using their login and password.

Sample request

curl --location 'https://secure.trust-provider.com/products/download/CollectSMIME' \
--data-urlencode 'loginName=login_name' \
--data-urlencode 'loginPassword=login_password' \
--data-urlencode 'orderNumber=order_number' \
--data-urlencode 'queryType=2'

Response

The request is successful when the server returns a response with the status code is greater than or equal to 0:

2 — Certificates attached.
1 — Certificates available.
0 — Being processed by Sectigo.

Any status code less than 0 indicates an error condition.

The list of codes and their descriptions can be found in Error codes.

The first line of the response represents a status code.

If the status code is less than 0, the second line is a textual representation of an error message.

If the status code is greater than 0 AND showValidityPeriod=Y, the second line is the certificate validity period in the format not before DD/MM/YYYY and not after DD/MM/YYYY with a space between the dates.

14/05/2013 13/05/2014

Certificates issued by Sectigo always have a 'not before' time of 00:00:00 GMT and a 'not after' time of 23:59:59 GMT.

If the status code equals 2, the response contains the encoded certificate(s):

----- BEGIN CERTIFICATE -----
Encoded Root Certificate
----- END CERTIFICATE -----
----- BEGIN CERTIFICATE -----
Encoded Intermediate Certificate
----- END CERTIFICATE -----
----- BEGIN CERTIFICATE -----
Encoded End Entity Certificate
---- END CERTIFICATE -----

If responseEncoding=2, the output will be Javascript variable declarations.

If responseEncoding=1, the certificate(s) are available, and no error occurs, the output will consist simply of the requested binary structure.

If responseEncoding=0, the output will be formatted like one of the following:

If the status code is greater than 0, the output will be displayed as the value of responseMimeType (or text/plain).
If the status code is less than or equal to 0, the output will be displayed as the text/plain.

Sample success response

1
Certificates Available

Sample error response

-3
The 'queryType' argument is missing!

Error codes

The following table outlines error responses returned by the CollectPAC API endpoint. Each error response consists of an errorCode and an errorMessage indicating why the request failed.

Error Code Error Message Description

Error Code	Error Message	Description
`-1`	`Request was not made over https!`	The request must use HTTPS protocol.
`-2`	`Unrecognised argument!`	The provided argument is not recognized.
`-3`	`The 'xxxx' argument is missing!`	The required argument is missing from the request.
`-4`	`The value of the 'xxxx' argument is invalid!`	The provided value for the 'xxxx' argument is invalid.
`-14`	`An unknown error occurred!`	An unknown error occurred.
`-16`	`Incorrect login details, account is locked, password has expired or your source IP is blocked.`	Authentication has failed due to one of the specified reasons. Verify your login credentials or check account restrictions.
`-17`	`Request used GET rather than POST!`	The request method should be POST.
`-20`	`The certificate request has been rejected!`	The requested certificate is in the rejected state.
`-21`	`The certificate has been revoked!`	The requested certificate is in the revoked state.
`-22`	`Still awaiting payment!`	The payment for the order is still pending.
`-91`	`Permission Denied for wrong status`	The user does not have permission to perform the specified action.

-1

Request was not made over https!

The request must use HTTPS protocol.

-2

Unrecognised argument!

The provided argument is not recognized.

-3

The 'xxxx' argument is missing!

The required argument is missing from the request.

-4

The value of the 'xxxx' argument is invalid!

The provided value for the 'xxxx' argument is invalid.

-14

An unknown error occurred!

An unknown error occurred.

-16

Incorrect login details, account is locked, password has expired or your source IP is blocked.

Authentication has failed due to one of the specified reasons.

Verify your login credentials or check account restrictions.

-17

Request used GET rather than POST!

The request method should be POST.

-20

The certificate request has been rejected!

The requested certificate is in the rejected state.

-21

The certificate has been revoked!

The requested certificate is in the revoked state.

-22

Still awaiting payment!

The payment for the order is still pending.

-91

Permission Denied for wrong status

The user does not have permission to perform the specified action.