API Change Log v24.4

APIClosed An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. changes for this release of Keyfactor Command.

Table 995: API Change Log v24.4

Endpoint Methods Action Notes
/Agents GET Update

For the API endpoint GET/Agents, the parameter AgentPlatform ID for Windows Orchestrator and Universal Orchestrator will now both appear as (1) .NET agents. A combination of VersionNumber and AgentPlatform can be used to distinguish between them in queries.
/License/ActionedCertificates GET Added

The endpoint reports the results of ActionedCertificates timer service job and requires the system settings read permissions.

Note:  This functionality has been temporarily suspended.
/Alerts/Expiration/Test POST Note

This is considered deprecated and may be removed in a future release.
/Alerts/Expiration/TestAll POST Note

This is considered deprecated and may be removed in a future release.
/Alerts/KeyRotation/Test POST Note

This is considered deprecated and may be removed in a future release.
/Alerts/KeyRotation/TestAll POST Note

This is considered deprecated and may be removed in a future release.
/Alerts/Pending GET Fixed The QueryString is not ignored for this API endpoint.
/Alerts/Pending/Test POST Note

This is considered deprecated and may be removed in a future release.
/Alerts/Pending/TestAll POST Note

This is considered deprecated and may be removed in a future release.
/AppSetting PUT Fixed On update of an application setting value, the API response now shows the updated value rather than the original value.
/AppSetting/{id}/Set PUT Fixed On update of an application setting value, the API response now shows the updated value rather than the original value.
/AppSetting/{name}/Set PUT Fixed On update of an application setting value, the API response now shows the updated value rather than the original value.
/CertificateAuthority/TaskQueue PUT Update Endpoint now supports the use of PAM for the ClientSecret and Password.
/CertificateCollections POST Fixed The appropriate audit log messages are now created when a collection is created with this endpoint.
/CertificateCollections/Copy POST Fixed The appropriate audit log messages are now created when a collection is created with this endpoint.
/Certificates GET Update

  • The Verbose option has been removed from the Keyfactor API Reference and Utility and the verbosity functionality has been standardized so all verbosity levels return the same data.This option is considered deprecated and may be removed in a future release.

  • The endpoint now returns alternative key pair information.

  • The CertificateKeyId parameter is no longer exposed in the result.
/Certificates/{id} GET Update

The endpoint now returns alternative key pair information.
/Certificates/Download POST Fixed Providing the SerialNumber and IssuerDN as the query to return a certificate, resulting in a certificate that wasn’t found, produced an error message that stated, in part, “serial number ‘System.Byte[]’”. The error message now returns the actual serial number provided in the request.
/Certificates/Download POST Fixed Download now does not succeed if the request includes a format of P7B with IncludeChain set to false, since this format requires the chain. Instead, a warning is returned.
/Certificates/id/Owner PUT Fixed Validation for owner role ID and name produces the status code 400 with a message indicating that the RoleId or RoleName if it is invalid.
/Certificates/RevokeAll POST Update A new X-Revoke-Confirmation-Count header has been added, and is required, indicating the number of certificates to revoke as a validation to prevent accidental revocation of large numbers of certificates.
/CertificateStoreTypes POST Fixed ServerRequired parameter now accepts value submitted in the request.
/CertificateStoreTypes POST, PUT Fixed Creating or editing a certificate store type record no longer fails with a “Missing type map” error.
/CertificateStoreTypes PUT, GET, POST Update Add CertificateFormat parameter to identify whether the certificate delivered to the orchestrator is in PEM or PFX format.
/CertificateStoreTypes/{id} GET Update Add CertificateFormat parameter to identify whether the certificate delivered to the orchestrator is in PEM or PFX format.
/CertificateStoreTypes/Name/{name} GET Update Add CertificateFormat parameter to identify whether the certificate delivered to the orchestrator is in PEM or PFX format.
/CSRGeneration/Generate POST Update Add the AlternativeCurve parameter to support a secondary ECC curve.
/CSRGeneration/Generate POST Update Added support for creating CSRs with a secondary key algorithm and key length to support hybrid CSRs for Post-Quantum Cryptography (PQC).
/Enrollment/CSR/Parse POST Update Added support for parsing CSRs with a secondary key algorithm and key length to support hybrid CSRs for Post-Quantum Cryptography (PQC).
/Enrollment/PFX/Replace POST Fixed Endpoint now correctly schedules certificate store jobs when OAuth is the identity provider.
/License/UsageLog GET Added

The endpoint reports the usage of ActionedCertificates licenses.

Note:  This functionality has been temporarily suspended.
/Monitoring/Revocation PUT, POST, GET Update Add EncodeAsPlusSigns parameter to toggle whether plus signs (“+”) in the Location URL are encoded as plus signs or spaces.
/Monitoring/Revocation/CRL/Test POST Added New endpoint for testing CRL revocation monitoring locations.
/Monitoring/Revocation/OCSP/Test POST Added New endpoint for testing OCSP revocation monitoring locations.
/Monitoring/Revocation/Test POST Note

This is considered deprecated and may be removed in a future release.
/Monitoring/Revocation/TestAll POST Note

This is considered deprecated and may be removed in a future release.
/PamProviders/Local/{providerId}/Entries GET, POST, PUT, DELETE Added Manages information for the specified local PAM provider secret.
/PamProviders/Types POST Fixed Don’t return success if required parameters are not submitted with request.
/PamProviders/Types/{id} DELETE Fixed Return 204 rather than 500 on delete of PAM provider type in specific configurations of security roles. Also, description changed to PAM Provider Type ID in ID field.
/Security/Audit/Collections/{id} GET Fixed Response no longer includes duplicates of the Administrator role in the output with misleading information about the permissions for the role in one of the responses.