API
An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. changes for this release of Keyfactor Command.
Table 998: API Change Log v12.0
| Endpoint | Methods | Action | Notes |
|---|---|---|---|
| /AgentBlueprint | GET | Fixed | Requests can now successfully be submitted, no longer generating a 500 response. |
| /AgentBlueprint/{id} | GET | Fixed | Requests can now successfully be submitted, no longer generating a 500 response. |
| /AgentBlueprint/ApplyBlueprint | POST | Fixed | Requests can now successfully be submitted, no longer generating a 500 response. |
| /AgentBlueprint/GenerateBlueprint | GET, POST | Fixed | Requests can now successfully be submitted, no longer generating a 500 response. |
| /Agents | GET | Updated |
Added a parameter JobTypes to the response body which contains an array of strings indicating the job types correlated with the orchestrator. |
| /Agents/{id} | GET | Updated |
Added a parameter JobTypes to the response body which contains an array of strings indicating the job types correlated with the orchestrator. |
| /Agents/{id} | GET | Fixed | Endpoint now correctly returns empty strings rather than null for the thumbprint and legacythumbprint if these contain no value. |
| /Agents/{id} | GET | Fixed | Request no longer returns 500 response and object reference error if an agent blueprint exists. |
| /Alerts/Expiration | POST, PUT, GET | Updated |
The following parameters have been added to support using workflows for the alert:
|
| /Alerts/Expiration/{id} | GET | Updated |
The following parameters have been added to support using workflows for the alert:
|
| /Alerts/KeyRotation | POST, PUT, GET | Updated |
The following parameters have been added to support using workflows for the alert:
|
| /Alerts/KeyRotation/{id} | GET | Updated |
The following parameters have been added to support using workflows for the alert:
|
| /Certificate/{id} | GET | Fixed | Keyfactor API Reference and Utility no longer shows resolve error messages at the top of the page on opening or using the endpoint. This did not interfere with the functionality of the endpoint. |
| /CertificateAuthority/CAConnectors | GET, POST | Added | Added endpoints for managing the CA connectors. |
| /CertificateAuthority/CAConnectors/{id} | GET, POST, DELETE | Added | Added endpoints for managing the CA connectors. |
| /CertificateAuthority/TaskQueue | GET, PUT | Added | Added endpoints for managing Rabbit MQ task queues. |
| /CertificateAuthority/TaskQueue | PUT | Updated | Scope is no longer required. Resolve null reference when password is not supplied. |
| /CertificateAuthority/TaskQueue | GET, PUT | Updated | Add Audience parameter. |
| /CertificateAuthority/TaskQueue/Test | POST | Added | Added endpoints for managing Rabbit MQ task queues. |
| /CertificateAuthority/TaskQueue/Test | POST | Fixed | Standardize rename of JobQueue to TaskQueue in request and response parameters and messages. |
| /CertificateCollections | GET, POST, PUT | Updated | Includes attributes for EstimatedCertCount and LastEstimated in the returned certificate collection. The favorite and collection order values come from the CollectionOrder table instead of the CertificateQueries table. |
| /CertificateCollections/{id} | DELETE | Fixed | Request no longer returns 500 response and object reference error with invalid ID. |
| /CertificateCollections/{id} | DELETE | Updated | Updated this endpoint to remove the collection's ID from the CollectionOrder table (previously CertificateQueries table). |
| /CertificateCollections/{id} | GET | Updated | Includes attributes for EstimatedCertCount and LastEstimated in the returned certificate collection. |
| /CertificateCollections/{id}/Favorite | GET | Updated | The favorite value comes from the CollectionOrder table instead of the CertificateQueries table. On upgraded database: the CollectionOrder table is prepopulated with all collections that have Favorite (ShowInNavigator on the UI) set to true, and the ordering is determined alphabetically by the collection's Name column as to preserve the user's order of collections before the upgrade. |
| /CertificateCollections/{name} | GET | Updated | Includes attributes for EstimatedCertCount and LastEstimated in the returned certificate collection. |
| /CertificateCollections/CollectionList | GET | Updated | Includes attributes for EstimatedCertCount and LastEstimated in the returned certificate collection. |
| /CertificateCollections/CollectionOrdering | GET, PUT | Added | Returns an array of collection IDs which denotes the collection's order in the Navigator.
Note: The PUT endpoint is not displayed in the Keyfactor API Reference and Utility but does exist to match the same functionality available in the UI. |
| /CertificateCollections/Copy | POST | Updated | Includes attributes for EstimatedCertCount and LastEstimated in the returned certificate collection. The favorite and collection order values come from the CollectionOrder table instead of the CertificateQueries table. |
| /CertificateCollections/NavItems | GET | Updated | Updated to return list of collections in the order per the CollectionOrder table. Only the top 25 collections a user has read permissions on will show up in the Navigator. |
| /Certificates | GET | Update | Results do not include revoked or expired certificates by default. |
| /Certificates/Download | POST | Updated | Added the attribute Include Subject Header in the request body. |
| /Certificates/Import | POST | Fixed | Request no longer returns response 500 on importing and adding to certificate store. |
| /Certificates/Metadata | PUT | Fixed | Keyfactor API Reference and Utility (Swagger) example for providing the certificate ID in requests now correctly indicates the parameter name as Id. |
| /Certificates/Recover | POST | Updated | Added the attribute Include Subject Header in the request body. |
| /CertificateStoreContainers | POST | Fixed | A container with a blank name is no longer created if a request is submitted without a Container Name. Instead, a 400 is returned. |
| /CertificateStoreContainers | GET | Fixed | Endpoint no longer returns internal parameters PerformRoleCheck and RoleIdList in Keyfactor API Reference and Utility results. |
| /CertificateStoreContainers/{id} | GET | Fixed | Request no longer results in 500 response and error indicating Schedule string cannot be null if submitted without an inventory schedule. |
| /CertificateStores/Approve | POST | Updated | An InventorySchedule attribute has been added to Manage Discovery Stores. You can now choose to run the inventory Daily, on an Interval, Immediately, Weekly, Exactly Once, or set inventorying to Off |
| /CertificateStores/DiscoveryJob | PUT | Fixed | Discovery jobs can now successfully be scheduled with this endpoint and no longer result in an object reference error. |
| /CertificateStores/Server | GET, POST, PUT | Removed | |
| /CertificateStoreTypes | POST | Fixed | No longer possible to create a certificate store type with empty values for Name, Display Name and Type. |
|
/Enrollment/CSR |
POST | Updated | Added the attribute Include Subject Header in the request body. |
| /Enrollment/CSR | POST | Update | Added the query attribute forceEnroll that sets whether CSRs generated within Keyfactor Command are allowed. |
| /Enrollment/PFX | POST | Updated | Added the attribute Include Subject Header in the request body. |
| /Enrollment/PFX | POST | Fixed | Submitting a request with a non-existant metadata value no longer produces an object reference error. |
| /MetadataFields | GET, POST, PUT | Updated | A CaseSensitive attribute has been added for RegEx validation on string metadata fields in both requests (PUT and POST) and response bodies. |
| /MetadataFields/{id} | GET | Updated | A CaseSensitive attribute has been added for RegEx validation on string metadata fields in the response body. |
| /MetadataFields/{name} | GET | Updated | A CaseSensitive attribute has been added for RegEx validation on string metadata fields in the response body. |
| /Monitoring/Revocation | POST, PUT, GET | Updated |
The following parameters have been added to support using workflows for the alert:
|
| /Monitoring/Revocation/{id} | GET | Updated |
The following parameters have been added to support using workflows for the alert:
|
| /OrchestratorJobs/Unschedule | POST | Fixed | Request submitted with incorrect orchestrator ID now returns a 400 response with a message indicating that no jobs were founds with the provided query. |
| /PamProviders/Types/{id} | DELETE | Added | Added as a V1 endpoint only. Requires PAM Modify Permissions. PAM can not be deleted if it is currently in use (i.e, a certificate store currently uses a PAM Provider of that type). This is only supported via API, and not Management Portal. |
| /Workflow/Instances/{instanceId}/Restart | POST | Fixed | Request no longer returns a 500 response on restarting a suspended workflow instance. |
Was this page helpful? Provide Feedback