Documentation Suite v25.1.1

Submit Search

POST Alerts Pending

The POST /Alerts/Pending method is used to create a new pending certificate request alert. This method returns HTTP 200 OK on a success with details about the pending certificate request alert.

Tip: The following permissions (see Security Roles and Claims) are required to use this feature:

/monitoring/alerts/modify/

Table 216: POST Alerts Pending Input Parameters

Name

Description

DisplayName Body Required. A string indicating the display name for the pending request alert. This name appears in the pending request alerts grid in the Management Portal.

Subject

Body

Required. A string indicating the subject for the email message that will be delivered when the alert is triggered.

Tip: Substitutable special text may be used in the subject line. Substitutable special text uses a variable in the alert definition that is replaced by data from the certificate request or certificate metadata at processing time. For example, you can enter {rcn} in the alert definition and each alert generated at processing time will contain the specific requested common name of the given certificate request instead of the variable {rcn}.

Message

Body

Required. A string indicating the email message that will be delivered when the alert is triggered. The email message is made up of regular text and substitutable special text. If desired, you can format the message body using HTML.

For example:

Copy

"Hello,\n\nA certificate using the {template} template was requested by {requester:displayname} from {careqid} on {subdate}. The certificate details include: \n\n<table> \n<tr><th>Certificate Details </th><th>Metadata </th></tr> \n<tr><td>CN: {rcn}</td><td>App Owner First Name: {metadata:AppOwnerFirstName}</td></tr> \n<tr><td>DN: {rdn}</td><td>App Owner Last Name: {metadata:AppOwnerLastName}</td></tr> \n<tr><td>SANs: {san}</td><td>App Owner Email Address: {metadata:AppOwnerEmailAddress}</td></tr> \n<tr><td>&nbsp;</td><td>Business Critical: {metadata:BusinessCritical}</td></tr> \n</table> \n\nPlease review this request and issue the certificate as appropriate by going here: \n\n{apprlink} \n\nThanks! \n\nYour Certificate Management Tool\n"

See Table 11: Substitutable Special Text for Pending Request Alerts for a complete list of available substitutable special text strings.

Note: The $(requester:givenname) substitutable special text token is only supported in environments using Active Directory as an identity provider.

Recipients

Body

An array of strings containing the recipients for the alert. Each alert can have multiple recipients. You can use specific email addresses and/or use substitutable special text to replace an email address variable with actual email addresses at processing time.

When entering email addresses on the Recipients parameter, if more than one recipient is added to a string, all recipients in that string receive the same email and can see the other recipients on the email. To do this, enter email addresses separated by commas or semi-colons withing the string. To include multiple strings, separate each string by a comma within the array.

"Recipients": [
 "admin@keyexample.com", 
 "pkiadmins@keyexample.com,bbrown@keyexample.com"
]

TemplateId

Body

An integer indicating the certificate template for which the pending request alerts will be generated. A separate alert should be configured for each template. An alert may be configured with no template, if desired. Alerts configured in this way generate alerts for all pending certificate requests.

Use the GET /Templates method (see GET Templates) to retrieve a list of all the templates to determine the template ID.

RegisteredEventHandler

Body

An object containing the event handler configuration for the alert, if applicable. Show event handler details.

Name

Description

An integer indicating the Keyfactor Command reference ID for the event handler.

ID	Event Handler Type
8	PendingLogger
9	PendingPowershell

UseHandler

A Boolean indicating whether event handler use is enabled for the alert (true) or not (false).

For more information about event handlers, see Using Event Handlers.

EventHandlerParameters

Body

An array of objects containing the parameters configured for use by the event handler. The type of data will vary depending on the configured handler. Show event handler parameter details.

Name	Description
Id	An integer indicating the Keyfactor Command reference ID of the configured parameter.
Key	A string indicating the reference name of the configured parameter.
DefaultValue	A string indicating the value for the parameter. This value is related to the type of parameter (see ParameterType).
ParameterType	A string containing the parameter type. Supported types are: LogTarget This type is used for the event logging handler and is used to reference the fully qualified domain name of the target machine to which event should be logged. Script This type is used for the PowerShell handler and is used to reference the PowerShell script that should be run when the alert is triggered. It is referenced using the script name as stored in the Keyfactor Command database. Token This type is used for the PowerShell handler and is used to reference a substitutable special text value that should be passed to the PowerShell script. See Table 11: Substitutable Special Text for Pending Request Alerts for a complete list of available substitutable special text strings. Value This type is used for the PowerShell handler and is used to reference a static text string that should be passed to the PowerShell script.

For example, for a PowerShell handler:

Copy

"EventHandlerParameters": [
   {
      "Id": 28,
      "Key": "cn",
      "DefaultValue": "rcn",
      "ParameterType": "Token"
   },
   {
      "Id": 29,
      "Key": "AppOwnerFirstName",
      "DefaultValue": "metadata:AppOwnerFirstName",
      "ParameterType": "Token"
   },
   {
      "Id": 30,
      "Key": "Text",
      "DefaultValue": "Pending Alert: Enterprise Web Server",
      "ParameterType": "Value"
   },
   {
      "Id": 31,
      "Key": "ApprovalLink",
      "DefaultValue": "apprlink",
      "ParameterType": "Token"
   },
   {
      "Id": 32,
      "Key": "ScriptName",
      "DefaultValue": "MyScript.ps1",
      "ParameterType": "Script"
   }
]

CARequestId A string containing the CA's reference ID for the certificate request.

CommonName A string indicating the common name of the certificate.

LogicalName A string indicating the logical name of the certificate authority.

Table 217: POST Alerts Pending Response Data

Name

Description

An integer indicating the Keyfactor Command reference ID of the pending request alert.

DisplayName

A string indicating the display name for the pending request alert. This name appears in the pending request alerts grid in the Management Portal.

Subject

A string indicating the subject for the email message that will be delivered when the alert is triggered.

Message

A string indicating the email message that will be delivered when the alert is triggered. The email message is made up of regular text and substitutable special text. If desired, you can format the message body using HTML.

See Table 11: Substitutable Special Text for Pending Request Alerts for a complete list of available substitutable special text strings.

Recipients

"Recipients": [
 "admin@keyexample.com", 
 "pkiadmins@keyexample.com,bbrown@keyexample.com"
]

Template

An object containing information about the certificate template for which the pending request alerts will be generated. A separate alert should be configured for each template. An alert may be configured with no template, if desired. Alerts configured in this way generate alerts for all pending certificate requests. Show template details.

Name	Description
Id	An integer indicating the Keyfactor Command reference ID for the template, or null for all templates.
DisplayName	A string containing the name of the template. For a template created using a Microsoft management tool, this will be the Microsoft template display name.
ForestRoot	A string indicating the forest root of the template. Note: This field is retained for legacy purposes and will be replaced by ConfigurationTenant field.
ConfigurationTenant	A string indicating the configuration tenant of the template.

RegisteredEventHandler

An object containing the event handler configuration for the alert, if applicable. Show event handler details.

Name

Description

An integer indicating the Keyfactor Command reference ID for the event handler.

ID	Event Handler Type
8	PendingLogger
9	PendingPowershell

DisplayName

A string containing the name of the event handler.

UseHandler

A Boolean indicating whether event handler use is enabled for the alert (true) or not (false).

For more information about event handlers, see Using Event Handlers.

EventHandlerParameters

An array of objects containing the parameters configured for use by the event handler. The type of data will vary depending on the configured handler. Show event handler parameter details.

Name	Description
Id	An integer indicating the Keyfactor Command reference ID of the configured parameter.
Key	A string indicating the reference name of the configured parameter.
DefaultValue	A string indicating the value for the parameter. This value is related to the type of parameter (see ParameterType).
ParameterType	A string containing the parameter type. Supported types are: LogTarget This type is used for the event logging handler and is used to reference the fully qualified domain name of the target machine to which event should be logged. Script This type is used for the PowerShell handler and is used to reference the PowerShell script that should be run when the alert is triggered. It is referenced using the script name as stored in the Keyfactor Command database. Token This type is used for the PowerShell handler and is used to reference a substitutable special text value that should be passed to the PowerShell script. See Table 11: Substitutable Special Text for Pending Request Alerts for a complete list of available substitutable special text strings. Value This type is used for the PowerShell handler and is used to reference a static text string that should be passed to the PowerShell script.

Tip: See the Keyfactor API Reference and Utility which provides a utility through which the Keyfactor API

An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints can be called and results returned. It is intended to be used primarily for validation, testing and workflow

A workflow is a series of steps necessary to complete a process. In Keyfactor Command, it refers to the workflow builder, which allows you to automate event-driven tasks such as when a certificate is requested, revoked or found in a certificate store. development. It also serves secondarily as documentation for the API. The link to the Keyfactor API Reference and Utility is in the dropdown from the help icon (

) at the top of the Management Portal page next to the Log Out button.

Was this page helpful? Provide Feedback

Version v25.1.1

On this page: