Logo
Akamai APIs API Documentation

Certificate Provisioning System API v2

Number of APIs: 18


Use the Certificate Provisioning System (CPS) API to manage the full lifecycle of SSL/TLS certificates for your Akamai Secure Delivery Network applications. CPS ensures secure delivery of content to and from your website. CPS generates and stores a private key for each certificate, which then authenticates the browser's secure connection when delivering content.

With this API, you can: - Request new certificates. - Modify existing certificates. - Renew certificates automatically. - Delete certificates.

Authentication

Create an authentication credential that contains the client token and client secret required to authenticate Akamai API requests.

Note: Only Akamai customers can create credentials. If you aren't an Akamai customer and wish to become one, you can sign up for our services.

  1. Navigate to the Identity and Access Management section of Akamai Control Center and click Create API Client.

Note: If you don't have access to the Identity and Access Management tool, contact your local Akamai Control Center admin or your Akamai account team for assistance.

  1. Click Quick and then Download in the Credentials section.

Note: If you need to refine access levels or permissions, see Create a client with custom permissions.

  1. Open the downloaded file with a text editor and add [default] as a header above all text.
  [default]
  client_secret = C113nt53KR3TN6N90yVuAgICxIRwsObLi0E67/N8eRN=
  host = akab-h05tnam3wl42son7nktnlnnx-kbob3i3v.luna.akamaiapis.net
  access_token = akab-acc35t0k3nodujqunph3w7hzp7-gtm6ij
  client_token = akab-c113ntt0k3n4qtari252bfxxbsl-yvsdj
  1. Fork the [Akamai Authentication] environment, populate the variables, and [set it for your workspace]

Dependencies

To use this API, make sure you have your contract and group IDs configured. To get them, run the List contracts or List groups operation via the Property Manager API.

Integration methods

You can use this API collection in these integration methods: - API - Powershell - CLI - Terraform


1. Enrollments - Create an enrollment

POST https://{{host}}/cps/v2/enrollments?contractId={{contractId}}

Creates an enrollment that contains all the information about the process that your certificate goes through from the time you request it, through renewal, and as you obtain subsequent versions.


2. Enrollments - List enrollments

GET https://{{host}}/cps/v2/enrollments?contractId={{contractId}}

A list of the names of each enrollment.


3. Enrollments - Get an enrollment

GET https://{{host}}/cps/v2/enrollments/:enrollmentId

Gets an enrollment.


4. Enrollments - Update an enrollment

PUT https://{{host}}/cps/v2/enrollments/:enrollmentId

Updates an enrollment with changes. Response type varies depending on the type and impact of change. For example, changing SANs list may return HTTP 202 Accepted since the operation requires a new certificate and network deployment operations, and thus can't be completed without a change. On the contrary, for example a Technical Contact name change may return HTTP 200 OK assuming there are no active change and when the operation does not require a new certificate.

Note that fipsMode requires that TLS 1.2, TLS 1.3, or both are enabled on the certificate. You can’t list these TLS versions as disabled in the disallowedTlsVersions deployment object. When fipsMode is enabled, you need to use an active (non-deprecated) cipher profile for both mustHaveCiphers and preferredCiphers. For details, see Update SSL/TLS cipher profiles.


5. Enrollments - Remove an enrollment

DELETE https://{{host}}/cps/v2/enrollments/:enrollmentId

Removes an enrollment from CPS. The response code varies depending on the state of the enrollment. Deleting an enrollment in the future, or deleting when the enrollment has a certificate deployed to the network, may result in a 202 response. Deleting an enrollment that hasn't yet deployed any certificate to the network responds immediately with a 200 code.


6. Enrollments - Get DV history

GET https://{{host}}/cps/v2/enrollments/:enrollmentId/dv-history

Domain name Validation history for the enrollment.


7. Enrollments - Get certificate history

GET https://{{host}}/cps/v2/enrollments/:enrollmentId/history/certificates

View the certificate history.


8. Deployments - Update a deployment schedule

PUT https://{{host}}/cps/v2/enrollments/:enrollmentId/changes/:changeId/deployment-schedule

Updates the current deployment schedule.


9. Deployments - List deployments

GET https://{{host}}/cps/v2/enrollments/:enrollmentId/deployments

Lists the deployments for an enrollment.


10. Deployments - Get production deployment

GET https://{{host}}/cps/v2/enrollments/:enrollmentId/deployments/production

Gets the enrollments deployed on the production network.


11. Deployments - Get staging deployment

GET https://{{host}}/cps/v2/enrollments/:enrollmentId/deployments/staging

Gets the enrollments deployed on the staging network.


12. Changes - Get change status

GET https://{{host}}/cps/v2/enrollments/:enrollmentId/changes/:changeId

Gets the status of a pending change.


13. Changes - Cancel a change

DELETE https://{{host}}/cps/v2/enrollments/:enrollmentId/changes/:changeId

Cancels a pending change.


14. Changes - Get a deployment schedule

GET https://{{host}}/cps/v2/enrollments/:enrollmentId/changes/:changeId/deployment-schedule

Gets the current deployment schedule settings describing when a change deploys to the network.


15. Changes - Get a change

GET https://{{host}}/cps/v2/enrollments/:enrollmentId/changes/:changeId/input/info/:allowedInputTypeParam

Get detailed information of a pending change. Below is a sample where allowedInput[].type has the value third-party-csr. The acceptable Accept header depends on the value of the allowedInput.type for the Change instance. See Change Input Content Type Mapping for details.


16. Changes - Update a change

POST https://{{host}}/cps/v2/enrollments/:enrollmentId/changes/:changeId/input/update/:allowedInputTypeParam

Updates a pending change. Below is a sample where allowedInput[].type has the value third-party-cert-and-trust-chain. The acceptable Content-Type and Accept headers depends on the value of the allowedInput.type for the Change instance. See Change Input Content Type Mapping for details.


17. Changes - Get change history

GET https://{{host}}/cps/v2/enrollments/:enrollmentId/history/changes

Change history of an enrollment.


18. Certificates - List active certificates

GET https://{{host}}/cps/v2/active-certificates?contractId={{contractId}}

Limited availability Lists enrollments with active certificates. Note that the rate limit for this operation is 10 requests per minute per account. For details, see Rate limiting.


  • Ask Qodex

  • Introduction

  • FAQs

  • More

    Github

    Twitter

    Developer Website

    Claim this page

    Report this page

ENDPOINTS