API
An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. changes for this release of Keyfactor Command.
Table 1007: API Change Log v25.1.1
| Endpoint | Methods | Action | Notes |
|---|---|---|---|
| /CertificateAuthority | GET, POST, PUT | Updated | The UseForEnrollment parameter has been added. The Allowed Requesters, AllowedEnrollmentTypes, and UseAllowedRequesters parameters are now used only for standalone CAs. |
| /CertificateAuthority/{id} | GET | Updated | The UseForEnrollment parameter has been added. The Allowed Requesters, AllowedEnrollmentTypes, and UseAllowedRequesters parameters are now used only for standalone CAs. |
| /CertificateCollections/{id}/Favorite | PUT | Fixed | Requests with a non-existant collection id no longer generate a success response. |
| /Certificates | GET | Updated |
Note: Using Keyfactor API Reference and Utility with a large return limit (>500) may not succeed due to browser response size limitations.
|
| /Certificates/{id} | GET | Updated |
|
| /Certificates/Metadata | PUT | Fixed | Updating a metadata field with this endpoint no longer requires users to refresh the certificate search page in the Management Portal if they had it open when the metadata field was updated. |
| /Certificates/PrivateKey/{id} | DELETE | Fixed | Requests with an invalid certificate ID in the ids parameter no longer result in a 500 error. |
| /Certificates/RevokeAll | POST | Fixed | Requests with an invalid collectionId parameter no longer result in a 500 error. |
| /CertificateStore | POST, PUT, GET | Fixed | The SetNewPasswordAllowed parameter is now based on whether the store requires a password AND whether the user has modify permissions on that store within Keyfactor Command. |
| /CertificateStores | GET | Updated | The new query parameter ODKGSupported filters stores that support reenrollment/ODKG. |
| /CertificateStores/Reenrollment | POST | Fixed & Updated |
|
| /CSRGeneration/Generate | POST | Fixed |
|
| /Enrollment /PFX | POST | Updated | EnrollmentPatternID is an required parameter. If this value is not provided, the default enrollment pattern defined for the template provided in the request (see the Template parameter) will be used. |
| /Enrollment /Renew | POST | Updated | EnrollmentPatternID is an required parameter. If this value is not provided, the default enrollment pattern defined for the template provided in the request (see the Template parameter) will be used. |
| /Enrollment /CSR | POST | Updated | EnrollmentPatternID is an required parameter. If this value is not provided, the default enrollment pattern defined for the template provided in the request (see the Template parameter) will be used. |
| Enrollment/PFX | POST | Updated | One of either the Template or the EnrollmentPatternId is required unless the enrollment is being done against a standalone CA. If this value is not provided, the default enrollment pattern defined for the template provided in the request (see the Template parameter) will be used. |
| Enrollment/Renew | POST | Updated | One of either the Template or the EnrollmentPatternId is required unless the enrollment is being done against a standalone CA. If this value is not provided, the default enrollment pattern defined for the template provided in the request (see the Template parameter) will be used. |
| /EnrollmentPatterns | POST, GET | Added | New endpoints for managing enrollment patterns. |
| /EnrollmentPatterns | POST, PUT | Fixed | The endpoints no longer accept requests with invalid values in the SubjectPart key for the Defaults parameter. |
| /EnrollmentPatterns/{id} | GET, PUT, DELETE | Added | New endpoints for managing enrollment patterns. |
| /EnrollmentPatterns/{id}/Metadata | GET | Added | New endpoints for managing enrollment patterns. |
| /EnrollmentPatterns/{id}/Settings | GET | Added | New endpoints for managing enrollment patterns. |
| /EnrollmentPatterns/Settings | GET, PUT | Added | New endpoints for managing enrollment patterns. |
| /EnrollmentPatterns/SubjectParts | GET | Added | New endpoints for managing enrollment patterns. |
| /IdentityProviders | POST | Fixed | The default value for the Timeout parameter is now 60 instead of 0. |
| /IdentityProviders | GET | Fixed | Secret values now show a series of asterisks to indicate that the value is set, if applicable, rather than a null field. |
| /IdentityProviders/{id} | GET | Fixed | Secret values now show a series of asterisks to indicate that the value is set, if applicable, rather than a null field. |
| /SMTP | GET, PUT | Updated | The GET and PUT SMTP API endpoints have migrated to Version 2. Version 1 GET and PUT are deprecated for 25.1. If the RelayUsername is configured to use a PAM secret, the Version 1 GET and POST response will return UnsupportedPAMSecret as the value for RelayUsername because PAM secret is only available in Version 2 of the endpoints. |
| /Templates | GET, PUT | Info |
The following parameters in this endpoint have been deprecated and may be removed in a future release:
|
| /Templates/{id} | GET | Info |
The following parameters in this endpoint have been deprecated and may be removed in a future release:
|
| /Templates/Settings | GET, PUT | Info | These endpoints have been deprecated and may be removed in a future release. |
| /Templates/Settings/SubjectParts | GET | Info | This endpoint has been deprecated and may be removed in a future release. |
| /Workflow/Definitions/{definitionId} | PUT, GET | Updated | The PushToCertStore parameter has been added for the ExpirationRenewal step type. |
| /Workflow/Definitions/{definitionid}/Steps | PUT | Fixed & Updated |
|
| /Workflow/Definitions/{definitionId}/Steps | PUT | Updated |
Was this page helpful? Provide Feedback