API Change Log v25.1

APIClosed An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. changes for this release of Keyfactor Command.

Table 994: API Change Log v25.1

Endpoint Methods Action Notes
/CertificateAuthority GET, POST, PUT Updated The UseForEnrollment parameter has been added. The Allowed Requesters, AllowedEnrollmentTypes, and UseAllowedRequesters parameters are now used only for standalone CAs.
/CertificateAuthority/{id} GET Updated The UseForEnrollment parameter has been added. The Allowed Requesters, AllowedEnrollmentTypes, and UseAllowedRequesters parameters are now used only for standalone CAs.
/CertificateCollections/{id}/Favorite PUT Fixed Requests with a non-existant collection id no longer generate a success response.
/Certificates GET Updated

The following new query parsers have been added: AltKeyAlgorithm, CertificateAuthorityId, KeyAlgorithm, and TemplateId
/Certificates GET Updated Includes KeyAlgorithm (OID string) and AltKeyAlgorithm (OID string) in the response.
/Certificates GET Updated

The return limit of 2100 has been changed so there is no defined limit now.

Note:  Using Keyfactor API Reference and Utility with a large return limit (>500) may not succeed due to browser response size limitations.
/Certificates/{id} GET Updated

Includes KeyAlgorithm (OID string) and AltKeyAlgorithm (OID string) in the response.
/Certificates/Metadata PUT Fixed Updating a metadata field with this endpoint no longer requires users to refresh the certificate search page in the Management Portal if they had it open when the metadata field was updated.
/Certificates/PrivateKey/{id} DELETE Fixed Requests with an invalid certificate ID in the ids parameter no longer result in a 500 error.
/Certificates/RevokeAll POST Fixed Requests with an invalid collectionId parameter no longer result in a 500 error.
/CertificateStore POST, PUT, GET Fixed The SetNewPasswordAllowed parameter is now based on whether the store requires a password AND whether the user has modify permissions on that store within Keyfactor Command.
/CertificateStores GET Updated The new query parameter ODKGSupported filters stores that support reenrollment/ODKG.
/CertificateStores/Reenrollment POST Updated Includes optional fields for SANs, metadata, owner role, and additional enrollment fields.
/EnrollmentPatterns POST, GET Added New endpoints for managing enrollment patterns.
/EnrollmentPatterns/{id} GET, PUT, DELETE Added New endpoints for managing enrollment patterns.
/EnrollmentPatterns/{id}/Metadata GET Added New endpoints for managing enrollment patterns.
/EnrollmentPatterns/{id}/Settings GET Added New endpoints for managing enrollment patterns.
/EnrollmentPatterns/Settings GET, PUT Added New endpoints for managing enrollment patterns.
/EnrollmentPatterns/SubjectParts GET Added New endpoints for managing enrollment patterns.
/IdentityProviders GET Fixed Secret values now show a series of asterisks to indicate that the value is set, if applicable, rather than a null field.
/IdentityProviders POST Fixed The default value for the Timeout parameter is now 60 instead of 0.
/IdentityProviders/{id} GET Fixed Secret values now show a series of asterisks to indicate that the value is set, if applicable, rather than a null field.
/SMTP GET, PUT Updated The GET and PUT SMTP API endpoints have migrated to Version 2. Version 1 GET and PUT are deprecated for 25.1. If the RelayUsername is configured to use a PAM secret, the Version 1 GET and POST response will return UnsupportedPAMSecret as the value for RelayUsername because PAM secret is only available in Version 2 of the endpoints.
/Templates GET, PUT Info

The following parameters in this endpoint have been deprecated and may be removed in a future release:

  • AllowedEnrollmentTypes

  • AllowedRequesters

  • EnrollmentFields

  • FriendlyName

  • MetadataFields

  • RFCEnforcement

  • TemplateDefaults

  • TemplatePolicy

  • TemplateRegexes

  • UseAllowedRequesters
/Templates/{id} GET Info

The following parameters in this endpoint have been deprecated and may be removed in a future release:

  • AllowedEnrollmentTypes

  • AllowedRequesters

  • EnrollmentFields

  • FriendlyName

  • MetadataFields

  • RFCEnforcement

  • TemplateDefaults

  • TemplatePolicy

  • TemplateRegexes

  • UseAllowedRequesters
/Templates/Settings GET, PUT Info These endpoints have been deprecated and may be removed in a future release.
/Templates/Settings/SubjectParts GET Info This endpoint has been deprecated and may be removed in a future release.
/Workflow/Definitions/{definitionId} PUT, GET Updated The PushToCertStore parameter has been added for the ExpirationRenewal step type.
/Workflow/Definitions/{definitionId}/Steps PUT Updated The PushToCertStore parameter has been added for the ExpirationRenewal step type.