POST Alerts Denied

The POST /Alerts/Denied method is used to create a new denied certificate request alert. This method returns HTTP 200 OK on a success with details about the denied certificate request alert.

Tip:  The following permissions (see Security Overview) are required to use this feature:

WorkflowManagement: Modify

Table 111: POST Alerts Denied Input Parameters

Name

In

 Description
DisplayName Body Required. A string indicating the display name for the denied request alert. This name appears in the denied request alerts grid in the Management Portal.
Subject Body

Required. A string indicating the subject for the email message that will be delivered when the alert is triggered.

Tip:  Substitutable special text may be used in the subject line. Substitutable special text uses a variable in the alert definition that is replaced by data from the certificate or certificate metadata at processing time. For example, you can enter {rcn} in the alert definition and each alert generated at processing time will contain the specific requested common name of the given certificate request instead of the variable {rcn}.
Message Body

Required. A string indicating the email message that will be delivered when the alert is triggered. The email message is made up of regular text and substitutable special text. If desired, you can format the message body using HTML.

For example:

“Hello {requester:givenname},\n\nWe are sorry to report that the certificate you requested on {subdate} in the name {rcn} has not been issued for the following reason:\n\n{cmnt}\n\nCertificate information includes:\n\n<table>\n<tr><th>Certificate Details</th><th>Metadata</th></tr>\n<tr><td>Template: {template}</td><td>App Owner First Name: {metadata:AppOwnerFirstName}</td></tr>\n<tr><td>CA: {careqid}</td><td>App Owner Last Name: {metadata:AppOwnerLastName}</td></tr>\n<tr><td>SANs: {san}</td><td>App Owner Email Address: {metadata:AppOwnerEmailAddress}</td></tr>\n<tr><td>DN: {dn}</td><td>Business Critical: {metadata:BusinessCritical}</td></tr>\n</table>\n\nThanks!\n\nYour Certificate Management System”

See Table 12: Substitutable Special Text for Denied Certificate Request Alerts in the Keyfactor Command Reference Guide for a complete list of available substitutable special text strings.
Recipients Body

An array of strings containing the recipients for the alert. Each alert can have multiple recipients. You can use specific email addresses and/or use substitutable special text to replace an email address variable with actual email addresses at processing time. Available email substitutable special text strings include:

  • {requester:mail}
    The certificate requester, based on a lookup in Active Directory of the email address associated with the requester on the certificate.

  • Your custom email-based metadata field, which would be specified similarly to {metadata:AppOwnerEmailAddress}.
TemplateId Body

An integer indicating the certificate template for which the denied request alerts will be generated. A separate alert should be configured for each template. An alert may be configured with no template, if desired. Alerts configured in this way generate alerts for all denied certificate requests.

Use the GET /Templates method (see GET Templates) to retrieve a list of all the templates to determine the template ID.
RegisteredEventHandler Body An object containing the event handler configuration for the alert, if applicable. ClosedShow event handler details.

For more information about event handlers, see Using Event Handlers in the Keyfactor Command Reference Guide.
EventHandlerParameters Body

An array containing the parameters configured for use by the event handler. The type of data will vary depending on the configured handler. ClosedShow event handler parameter details.

For example, for a PowerShell handler:

"EventHandlerParameters": [
   {
      "Id": 28,
      "Key": "cn",
      "DefaultValue": "rcn",
      "ParameterType": "Token"
   },
   {
      "Id": 29,
      "Key": "AppOwnerFirstName",
      "DefaultValue": "metadata:AppOwnerFirstName",
      "ParameterType": "Token"
   },
   {
      "Id": 30,
      "Key": "Text",
      "DefaultValue": "Denied Alert: Enterprise Web Server",
      "ParameterType": "Value"
   },
   {
      "Id": 31,
      "Key": "DenialComment",
      "DefaultValue": "cmnt",
      "ParameterType": "Token"
   },
   {
      "Id": 32,
      "Key": "ScriptName",
      "DefaultValue": "MyScript.ps1",
      "ParameterType": "Script"
   }
]

Table 112: POST Alerts Denied Response Data

Name Description
Id An integer indicating the Keyfactor Command reference ID of the denied request alert.
DisplayName A string indicating the display name for the denied request alert. This name appears in the denied request alerts grid in the Management Portal.
Subject

A string indicating the subject for the email message that will be delivered when the alert is triggered.

Tip:  Substitutable special text may be used in the subject line. Substitutable special text uses a variable in the alert definition that is replaced by data from the certificate or certificate metadata at processing time. For example, you can enter {rcn} in the alert definition and each alert generated at processing time will contain the specific requested common name of the given certificate request instead of the variable {rcn}.
Message

A string indicating the email message that will be delivered when the alert is triggered. The email message is made up of regular text and substitutable special text. If desired, you can format the message body using HTML.

For example:

“Hello {requester:givenname},\n\nWe are sorry to report that the certificate you requested on {subdate} in the name {rcn} has not been issued for the following reason:\n\n{cmnt}\n\nCertificate information includes:\n\n<table>\n<tr><th>Certificate Details</th><th>Metadata</th></tr>\n<tr><td>Template: {template}</td><td>App Owner First Name: {metadata:AppOwnerFirstName}</td></tr>\n<tr><td>CA: {careqid}</td><td>App Owner Last Name: {metadata:AppOwnerLastName}</td></tr>\n<tr><td>SANs: {san}</td><td>App Owner Email Address: {metadata:AppOwnerEmailAddress}</td></tr>\n<tr><td>DN: {dn}</td><td>Business Critical: {metadata:BusinessCritical}</td></tr>\n</table>\n\nThanks!\n\nYour Certificate Management System”

See Table 12: Substitutable Special Text for Denied Certificate Request Alerts in the Keyfactor Command Reference Guide for a complete list of available substitutable special text strings.
Recipients

An array of strings containing the recipients for the alert. Each alert can have multiple recipients. You can use specific email addresses and/or use substitutable special text to replace an email address variable with actual email addresses at processing time. Available email substitutable special text strings include:

  • {requester:mail}
    The certificate requester, based on a lookup in Active Directory of the email address associated with the requester on the certificate.

  • Your custom email-based metadata field, which would be specified similarly to {metadata:AppOwnerEmailAddress}.
Template An object containing information about the certificate template for which the denied request alerts will be generated. A separate alert should be configured for each template. An alert may be configured with no template, if desired. Alerts configured in this way generate alerts for all denied certificate requests. ClosedShow template details.
RegisteredEventHandler An object containing the event handler configuration for the alert, if applicable. ClosedShow event handler details.

For more information about event handlers, see Using Event Handlers in the Keyfactor Command Reference Guide.
EventHandlerParameters

An array containing the parameters configured for use by the event handler. The type of data will vary depending on the configured handler. ClosedShow event handler parameter details.
Tip:  For code examples, see the Keyfactor API Endpoint Utility. To find the embedded web copy of this utility, click the help icon () at the top of the Keyfactor Command Management Portal page next to the Log Out button.