Endpoint: !AutoReplaceMC

https://secure.trust-provider.com/products/!AutoReplaceMC

The AutoReplaceMC API action enables you to replace an issued mark certificate associated with the specified order. If the mark certificate for the order has not been issued yet, this API allows you to update the order details during validation.

Use the POST method for this endpoint.

Submit parameters in the x-www-form-urlencoded format.

The following table lists the required and optional parameters.

Parameter Type Requirement Max. Length Description

loginName

string

required

64 chars

Your account username.

This value is case sensitive.

loginPassword

string

required

128 chars

Your account password.

This value is case sensitive.

orderNumber

integer

optional

The order number of the mark certificate to be replaced or the details to be updated.

domainNames

string

required

32767 chars

A comma-separated list of domain names.

dcvEmailAddresses

conditional

string

32767 chars

A comma or white-space-separated list of DCV email addresses and/or DCV methods to be used for validating the domains specified in the domainNames parameter.

The order in which these email addresses are listed must be exactly the same as the order of the domain names in the certificate request. For more information, see the preceding domainNames parameter.

Continued use of email-based DCV methods is discouraged. In line with CA/B Forum Ballot SC-090, all email-based DCV methods are on a deprecation path, with full industry deprecation expected by early 2028.

Plan to migrate to DNS-based or HTTP-based validation methods.

Alternative DCV methods can also be specified in this parameter. You can pass the following values for each relevant domain:

  • HTTPCSRHASH

  • CNAMECSRHASH

  • DNSTXTRNDVAL

For HTTP-based and DNS-based DCV methods (HTTP_CSR_HASH, CNAME_CSR_HASH), the validation value is no longer derived from the CSR.

A random validation value is generated and must be used for domain validation.

Each value in this list must correspond to the domain at the same position in the domainNames list. Supported DCV methods include email addresses (for example, [email protected]), HTTP_CSR_HASH, and CNAME_CSR_HASH. To validate a.com by email ([email protected]), b.com by HTTP_CSR_HASH, and c.com by CNAME_CSR_HASH, specify:

  • domainNames=a.com,b.com,c.com

  • dcvEmailAddresses=[email protected], HTTP_CSR_HASH, CNAME_CSR_HASH

If this parameter is specified, validationTokens is not required.

validationTokens

conditional

string

32767 chars

A comma or white-space-separated list of DCV email addresses to be used to perform Domain Control Validation for each domain in this certificate. The order in which these email addresses are listed must be exactly the same as the order of the domain names in the certificate request. For more information, see the preceding domainNames parameter.

Alternative DCV mechanisms are now available. For more information, see Domain Control Validation.

The allowed values for each domain:

  • HTTPCSRHASH

  • CNAMECSRHASH

  • DNSTXTRNDVAL

You can use one of the following magic tokens:

  • ALLHTTPCSRHASH

  • ALLCNAMECSRHASH

  • ALLDNSTXTRNDVAL

The magic token must be the only value passed to the parameter for it to work.

If this parameter is specified, dcvEmailAddresses is not required.

csr

conditional

string

32767 chars

Your Base64 URL-encoded certificate signing request (CSR).

A CSR is not required for domain validation when using email-based or non-email-based DCV methods.

If specified, the CSR must not contain domain names other than those provided in the domainNames parameter value.

markLogo

string

required

32000 chars

Your Base64 URL-encoded trademark logo.

trademarkCountryName

string

required

2 chars

(VMC only) The two-letter ISO country code where the trademark is registered.

trademarkOffice

string

required

128 chars

(VMC only) The trademark office where the trademark is registered.

trademarkIdentifier

string

required

64 chars

(VMC only) The trademark registration number or serial number.

organizationName

string

required

64 chars

The organization name requested for inclusion in the resulting certificate.

postOfficeBox

string

optional

40 chars

The organization post office box.

streetAddress1

string

required

128 chars

The street address of the organization provided for validation purposes.

streetAddress2

string

optional

128 chars

The second part of the organization’s street address (if necessary).

streetAddress3

string

optional

128 chars

The third part of the organization’s street address (if necessary).

localityName

string

required

128 chars

The city or town where the organization resides.

stateOrProvinceName

string

required

128 chars

The state or province in which the organization operates.

postalCode

string

required

40 chars

The postal code at which the organization operates.

countryName

string

required

2 chars

The country in which the organization operates.

companyNumber

string

required

64 chars

The registration number of the organization provided for validation purposes.

dunsNumber

string

optional

20 chars

A unique nine-digit identifier for businesses, provided by the company Dun & Bradstreet.

joiLocalityName

string

optional

128 chars

The city or locality where the organization is incorporated or registered.

joiStateOrProvinceName

string

optional

128 chars

The state or province where the organization is incorporated or registered.

joiCountryName

string

required

2 chars

The country in which the organization is incorporated.

assumedName

string

optional

64 chars

An optional name under which the organization operates that is different from its legal name. This is a so-called DBA (doing business as) name for the company (if any).

dateOfIncorporation

string

optional

10 chars

The date when the organization was officially incorporated (YYYY-MM-DD).

businessCategory

char

required

1 char

The legal classification of the organization.

The possible values are:

  • b — Private

  • c — Government

  • d — Business Entity

appRepTitle

string

required

64 chars

The applicant representative’s job title.

appRepForename

string

required

64 chars

The applicant representative’s first name.

appRepSurname

string

required

64 chars

The applicant representative’s last name.

appRepEmailAddress

string

required

255 chars

The applicant representative’s email address.

appRepTelephone

string

required

32 chars

The contact phone number of the applicant representative.

appRepFax

string

optional

32 chars

The applicant representative’s fax number.

appRepOrganizationName

string

optional

64 chars

The applicant representative’s organization name.

appRepOrganizationalUnitName

string

optional

64 chars

The applicant representative’s organizational unit name.

appRepPostOfficeBox

string

optional

40 chars

The applicant representative’s post office box.

appRepStreetAddress1

string

optional

128 chars

The street address where the applicant representative does business.

appRepStreetAddress2

string

optional

128 chars

The second part of the applicant representative’s street address (if necessary).

appRepStreetAddress3

string

optional

128 chars

The third part of the applicant representative’s street address (if necessary).

appRepLocalityName

string

optional

128 chars

The city in which the applicant representative does business.

appRepStateOrProvinceName

string

optional

128 chars

The state or province in which the applicant representative does business.

appRepPostalCode

string

optional

40 chars

The postal code at which the applicant representative does business.

appRepCountryName

string

optional

2 chars

Applicant representative’s country code.

logoPriorUseDomainName

string

required

255 chars

(CMC only) The domain name where the logo was previously used. It must coincide with the domain name the certificate is requested for.

logoHostedByCA

string

optional

1 char

Indicates whether the logo and certificates are hosted on the CA basis or not.

The possible options are:

  • Y - yes

  • N - no

If omitted, its value defaults to Y.

updateOrgDetails

char

optional

1 char

Indicates how organization and address details are handled.

  • Y — Sectigo will update the organizationName and address parameters (such as, localityName, countryName, etc.), and the corresponding subject fields.

  • N — Sectigo will use newly provided values for these parameters to create a new address.

If omitted, its value defaults to N.

Sample request

curl --location --request POST 'https://secure.trust-provider.com/products/!AutoReplaceMC' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'loginName=yourLoginName' \
--data-urlencode 'loginPassword=yourPassword' \
--data-urlencode 'orderNumber=123456' \
--data-urlencode 'isCustomerValidated=Y' \
--data-urlencode 'domainNames=example.com,www.example.com' \
--data-urlencode '[email protected]' \
--data-urlencode 'csr=BASE64_ENCODED_CSR' \
--data-urlencode 'markLogo=BASE64_ENCODED_LOGO' \
--data-urlencode 'trademarkCountryName=US' \
--data-urlencode 'trademarkOffice=USPTO' \
--data-urlencode 'trademarkIdentifier=123456789' \
--data-urlencode 'organizationName=Example Corp' \
--data-urlencode 'streetAddress1=123 Main St' \
--data-urlencode 'localityName=Anytown' \
--data-urlencode 'stateOrProvinceName=CA' \
--data-urlencode 'postalCode=12345' \
--data-urlencode 'countryName=US' \
--data-urlencode 'companyNumber=987654321' \
--data-urlencode 'joiCountryName=US' \
--data-urlencode 'businessCategory=b' \
--data-urlencode 'appRepTitle=Manager' \
--data-urlencode 'appRepForename=John' \
--data-urlencode 'appRepSurname=Doe' \
--data-urlencode 'appRepTelephone=+1-555-1234' \
--data-urlencode 'logoPriorUseDomainName=example.com'

Response

The request is successful when the server returns a response with the status code equals 0.

Any status code less than 0 indicates an error condition.

The MIME type will be text/plain for responseFormat=0 (by default).

The first line of the response represents a status code.

If the status code is less than 0, the second line contains an error message describing the error.

If the status code equals 0, the response can contain the following lines which provide:

  • The certificate state if showCertificateState=Y. The certificate state is the status of the certificate generated by this replacement.

  • The amount debited if showTotalCost=Y. The maximum possible value is 99999999.99.

  • The product term start timestamp and product term end timestamp with a space between the dates. The product term timestamps are returned if showValidityPeriod=Y. They are expressed as UNIX time values.

    1052870400 1084406400
  • The replacement order number — The order number generated by this replacement. The replacement order number is returned if showReplacedOrderNumber=Y.

The MIME type will be application/x-www-form-urlencoded for responseFormat=1.

Response parameters

The response can contain the following parameters:

Parameter Possible Value

errorCode

A numeric code that identifies the type of error.

Always present in the response.

For more information, see Error codes.

errorMessage

A description of the error.

This parameter is absent when errorCode=0.

certificateStatus

The status of the SSL certificate generated by this replacement.

This parameter is only present when showCertificateState=Y and errorCode=0.

productTermStartDate

The timestamp when the product term has started.

It is expressed as a UNIX time value.

This parameter is only present when showValidityPeriod=Y.

productTermEndDate

The timestamp when the product term will end.

It is expressed as a UNIX time value.

This parameter is only present when showValidityPeriod=Y.

productTermDuration

The product duration in days.

This parameter is only present when showValidityPeriod=Y.

replOrderNumber

The order number generated by this replacement.

This parameter is only present when showReplOrderNumber=Y and errorCode=0.

Sample success response

errorCode=0

Sample error response

-160%0AFailed%20to%20replace%20order%20%231234567890.

Error codes

The following table outlines error responses returned by the AutoReplaceMC API endpoint. Each error response consists of an errorCode and an errorMessage indicating why the request failed.

Error code Error message Description

-1

Request was not made over https!

The request must use HTTPS protocol.

-2

Unrecognised argument!

The provided argument is not recognized.

-3

The 'xxxx' argument is missing!

The required argument is missing from the request.

-4

The value of the 'xxxx' argument is invalid!

The argument value does not meet validation requirements.

-7

'xx' is not a valid ISO-3166 country!

The specified country code is not valid according to the ISO-3166 standard.

-14

An unknown error occurred!

An unknown error occurred.

-15

Not enough credit!

The account does not have sufficient credit.

-16

Incorrect login details, account is locked, password has expired or your source IP is blocked.

Authentication failed due to incorrect login details, a locked account, an expired password, or a blocked source IP address.

-17

Request used GET rather than POST!

The request method should be POST.

-36

The certificate has already expired!

The certificate cannot be replaced because it has expired.

-91

Permission denied 'xxxx'

The user does not have permission for the specified context.

-110

CSR decoding Internal Error

An internal error occurred while decoding the CSR.

-115

No price found for 'xxxx'

No price information available for the specified item.

-160

Failed to replace order #'xxxx'.

The order replacement failed due to a general error.

-161

Parameter 'xxxx' is not applicable to this type of product!

The specified parameter is not valid for this product type.

-162

The CSR must not contain domain names that are not in the 'domainNames' parameter!

The CSR contains domain names not listed in the domainNames parameter.

-163

The CSR must not contain domain names that are not in the list of certificate domain names!

The CSR contains domain names not listed in the certificate’s domain names.