Changelog

This page contains a record of changes made to the PlaceOrder endpoint for Affiliates.

Version Description

Version	Description
v26.5	Converted the document from `.pdf` to web format.
v1.39 (March 2026)	Added: Support for Document Signing certificates for remote provisioning. The `x_keyAttestation` and `x_hsmType` request parameters are now applicable to these certificate types. New possible values for the `x_hsmType` request parameter: `FORTANIX`, `YUBIHSM2`, `NSHIELD`. A note that continued use of email-based DCV methods is discouraged, in line with CA/B Forum Ballot SC-090.
v1.38 (June 2024)	Removed the `shippingPostOfficeBox` request parameter as delivery to PO box by courier is impossible. This parameter will be ignored if included in the request.
v1.37 (June 2024)	Added: `MARELL_GOOGLE` possible value for `x_hsmType` request parameter to support key attestation generated by Google Cloud Platform KMS. The support for inclusion of Microsoft certificate template extension in publicly-trusted S/MIME certificates, if provided in the CSR.
v1.36 (May 2024)	Added: The `shippingTitle` request parameter. The `shippingForename` request parameter. The `shippingSurname` request parameter. The `shippingEmailAddress` request parameter. The `shippingTelephone` request parameter. The `shippingTemplateID` request parameter.
v1.35 (February 2024)	Added: The `SMIMEVerificationTemplateID` request parameter. The `SMIMERequestTemplateID` request parameter. The `SMIMECollectionTemplateID` request parameter. The `languageName` request parameter.
v1.34 (October 2023)	Added: New request parameters for providing shipping address details for token-based certificate orders. The `rsonalIdentifier` request parameter as a synonym of `semanticsIdentifier` request parameter.
v1.33 (August 2023)	Added: The `x_smimeEmailAddresses` request parameter. The `x_smimeSubjectCN` request parameter. The `x_smimeSubjectEmail` request parameter. Updated the `organizationIdentifier` parameter to be relevant for organization-validated S/MIME certificates.
v1.32 (May 2023)	Added the support for token-based OV Code Signing certificates. The `x_SmartCardBased` parameter is now relevant for (OV) Code Signing certificates. The eToken and Shipping codes are now relevant and required for this product type.
v1.31 (April 2023)	Added: The `x_hsmType` parameter. The `x_keyAttestation` parameter. The error code `-129`.
v1.30 (November 2022)	Removed the deprecated `x_applicationName` parameter.
v1.29 (September 2022)	Removed the support for provisioning of (OV) Code Signing Certificates onto the etokens due to ballot CSCWG 17. eToken, Shipping codes and `x_SmartCardBased` parameter are no longer relevant for (OV) Code Signing certificates.
v1.28 (September 2022)	Changed the etokens, eToken, shipping codes, and `x_SmartCardBased` parameter to make them applicable to (OV) Code Signing certificates following the added support for provisioning these certificates.
v1.27 (August 2022)	Added: The `x_webserverSoftwareID` parameter. The `joiCountryName` parameter. The `joistateorProvinceName` parameter. The `joiLocalityName` parameter. The `AssumedName` parameter. The `BusinessCategory` parameter. The `dateOfIncorporation` parameter.
v1.26 (April 2022)	Added the `x_dcvEmailAddress` and `x_IPAddress` parameters.
v1.25 (January 2022)	Added: eIDAS certificates and new request parameters relevant for these products only. The error codes `-44`, `-45`, `-53`, `-54`, `-56`, `-57`, `-58`, `-59`, `-60`, `-61`, `-62`, `-63`, `-64`, `-65`, `-66`, `-67`, `-69`, `-70`, `-72`, `-83`, `-120`, `-126`, `-127`, `-128`.
v1.24 (November 2021)	Added: The `domainName` request parameter (SiteLock products only). The error code `-124`.
v1.23 (September 2021)	Changed the maximum length of `companyNumber` to 64 characters. Previously the maximum length of `companyNumber` was 25 characters.
v1.22 (July 2021)	Added the error code -`13`.
v1.21 (April 2021)	Added the `x_smartCardBased` parameter.
v1.20 (January 2021)	Added the error code `-73`.
v1.19 (October 2020)	Added the error codes `-91` and `-97`. Updated the error message for error code `-16`.
v1.18 (September 2020)	Added the `disableSWP` parameter.
v1.17 (July 2020)	Changed the requirement so that when a company address is needed, either `localityName` or the state or province name must be provided, both are no longer required.
v1.16	Removed the `vatStatus` parameter. The VAT status is automatically determined by the Sectigo server.
v1.15	Added: The `x_visibility` parameter. The error code `-39`.
v1.14	Added the error code `-38`.
v1.13	Changed this API to be just for Affiliates. There is now a separate 'PlaceOrder API for Resellers' document.
v1.12	Added the `1isReturningCustomer1` and `1offerCode1` parameters.
v1.11	Added the NobelPay payment gateway (default for most USD transactions).
v1.10	Changed `loginPassword` to be optional when `paymentStatus=0`.
v1.09	Changed: `paymentID` is only required for certain `paymentMethods` when `paymentStatus=0`. `subTotal` and `taxTotal` parameters removed from the list of parameters passed to `confirmURL` as they can be derived. `totalCostInUSD` has been removed from the response for `paymentStatus=2`. Added missing max lengths. Clarified that `paymentStatus=1` must be used for items requiring regular payments.
v1.08	Added the `paymentStatus` and `mailingListOptIn` parameters. Removed the `deferPayment` parameter. `paymentStatus=2` should be used instead. Changed the `licenceCode` parameter so that it is no longer required to be relevant to a previous order.
v1.07	Added: `confirmURL` `deferPayment` Clarified that `loginName` and `loginPassword` cannot be added to accounts created without these parameters.
v1.06	Added the `licenceCode` parameter.
v1.05	Added the error code `-33`.
v1.04	Clarified the `successURL` and `errorURL` behavior. Added `cancelURL`.
v1.03	Added: Missing Types and Max. Lengths. Default value for `country`/`countryName`.
v1.02	Clarified that the Sectigo server distinguishes between new/returning customers based on `emailAddress`.
v1.01	Added example calls.
v1.00	Original version.

v26.5

Converted the document from .pdf to web format.

v1.39 (March 2026)

Added:

Support for Document Signing certificates for remote provisioning. The x_keyAttestation and x_hsmType request parameters are now applicable to these certificate types.
New possible values for the x_hsmType request parameter: FORTANIX, YUBIHSM2, NSHIELD.
A note that continued use of email-based DCV methods is discouraged, in line with CA/B Forum Ballot SC-090.

v1.38 (June 2024)

Removed the shippingPostOfficeBox request parameter as delivery to PO box by courier is impossible. This parameter will be ignored if included in the request.

v1.37 (June 2024)

Added:

MARELL_GOOGLE possible value for x_hsmType request parameter to support key attestation generated by Google Cloud Platform KMS.
The support for inclusion of Microsoft certificate template extension in publicly-trusted S/MIME certificates, if provided in the CSR.

v1.36 (May 2024)

Added:

The shippingTitle request parameter.
The shippingForename request parameter.
The shippingSurname request parameter.
The shippingEmailAddress request parameter.
The shippingTelephone request parameter.
The shippingTemplateID request parameter.

v1.35 (February 2024)

Added:

The SMIMEVerificationTemplateID request parameter.
The SMIMERequestTemplateID request parameter.
The SMIMECollectionTemplateID request parameter.
The languageName request parameter.

v1.34 (October 2023)

Added:

New request parameters for providing shipping address details for token-based certificate orders.
The rsonalIdentifier request parameter as a synonym of semanticsIdentifier request parameter.

v1.33 (August 2023)

Added:

The x_smimeEmailAddresses request parameter.
The x_smimeSubjectCN request parameter.
The x_smimeSubjectEmail request parameter.

Updated the organizationIdentifier parameter to be relevant for organization-validated S/MIME certificates.

v1.32 (May 2023)

Added the support for token-based OV Code Signing certificates. The x_SmartCardBased parameter is now relevant for (OV) Code Signing certificates. The eToken and Shipping codes are now relevant and required for this product type.

v1.31 (April 2023)

Added:

The x_hsmType parameter.
The x_keyAttestation parameter.
The error code -129.

v1.30 (November 2022)

Removed the deprecated x_applicationName parameter.

v1.29 (September 2022)

Removed the support for provisioning of (OV) Code Signing Certificates onto the etokens due to ballot CSCWG 17. eToken, Shipping codes and x_SmartCardBased parameter are no longer relevant for (OV) Code Signing certificates.

v1.28 (September 2022)

Changed the etokens, eToken, shipping codes, and x_SmartCardBased parameter to make them applicable to (OV) Code Signing certificates following the added support for provisioning these certificates.

v1.27 (August 2022)

Added:

The x_webserverSoftwareID parameter.
The joiCountryName parameter.
The joistateorProvinceName parameter.
The joiLocalityName parameter.
The AssumedName parameter.
The BusinessCategory parameter.
The dateOfIncorporation parameter.

v1.26 (April 2022)

Added the x_dcvEmailAddress and x_IPAddress parameters.

v1.25 (January 2022)

Added:

eIDAS certificates and new request parameters relevant for these products only.
The error codes -44, -45, -53, -54, -56, -57, -58, -59, -60, -61, -62, -63, -64, -65, -66, -67, -69, -70, -72, -83, -120, -126, -127, -128.

v1.24 (November 2021)

Added:

The domainName request parameter (SiteLock products only).
The error code -124.

v1.23 (September 2021)

Changed the maximum length of companyNumber to 64 characters. Previously the maximum length of companyNumber was 25 characters.

v1.22 (July 2021)

Added the error code -13.

v1.21 (April 2021)

Added the x_smartCardBased parameter.

v1.20 (January 2021)

Added the error code -73.

v1.19 (October 2020)

Added the error codes -91 and -97.

Updated the error message for error code -16.

v1.18 (September 2020)

Added the disableSWP parameter.

v1.17 (July 2020)

Changed the requirement so that when a company address is needed, either localityName or the state or province name must be provided, both are no longer required.

v1.16

Removed the vatStatus parameter. The VAT status is automatically determined by the Sectigo server.

v1.15

Added:

The x_visibility parameter.
The error code -39.

v1.14

Added the error code -38.

v1.13

Changed this API to be just for Affiliates. There is now a separate 'PlaceOrder API for Resellers' document.

v1.12

Added the 1isReturningCustomer1 and 1offerCode1 parameters.

v1.11

Added the NobelPay payment gateway (default for most USD transactions).

v1.10

Changed loginPassword to be optional when paymentStatus=0.

v1.09

Changed:

paymentID is only required for certain paymentMethods when paymentStatus=0.
subTotal and taxTotal parameters removed from the list of parameters passed to confirmURL as they can be derived.
totalCostInUSD has been removed from the response for paymentStatus=2.

Added missing max lengths.

Clarified that paymentStatus=1 must be used for items requiring regular payments.

v1.08

Added the paymentStatus and mailingListOptIn parameters.

Removed the deferPayment parameter. paymentStatus=2 should be used instead.

Changed the licenceCode parameter so that it is no longer required to be relevant to a previous order.

v1.07

Added:

confirmURL
deferPayment

Clarified that loginName and loginPassword cannot be added to accounts created without these parameters.

v1.06

Added the licenceCode parameter.

v1.05

Added the error code -33.

v1.04

Clarified the successURL and errorURL behavior.

Added cancelURL.

v1.03

Added:

Missing Types and Max. Lengths.
Default value for country/countryName.

v1.02

Clarified that the Sectigo server distinguishes between new/returning customers based on emailAddress.

v1.01

Added example calls.

v1.00

Original version.