POST Alerts Denied

The POST /Alerts/Denied method is used to create a new denied certificate request alert. This method returns HTTP 200 OK on a success with details about the denied certificate request alert.

Tip:  The following permissions (see Security Roles and Claims) are required to use this feature:

/monitoring/alerts/modify/

Table 201: POST Alerts Denied Input Parameters

Name

In

Description

DisplayName Body Required. A string indicating the display name for the denied request alert. This name appears in the denied request alerts grid in the Management Portal.
Subject Body

Required. A string indicating the subject for the email message that will be delivered when the alert is triggered.

Tip:  Substitutable special text may be used in the subject line. Substitutable special text uses a variable in the alert definition that is replaced by data from the certificate or certificate metadata at processing time. For example, you can enter {rcn} in the alert definition and each alert generated at processing time will contain the specific requested common name of the given certificate request instead of the variable {rcn}.
Message Body

Required. A string indicating the email message that will be delivered when the alert is triggered. The email message is made up of regular text and substitutable special text. If desired, you can format the message body using HTML.

For example:

Copy
"Hello, \n\nWe are sorry to report that the certificate you requested on {subdate} in the name {rcn} has not been issued for the following reason: \n\n{cmnt} \n\nCertificate information includes: \n\n<table> \n<tr><th>Certificate Details</th><th>Metadata</th></tr> \n<tr><td>Template: {template}</td><td>App Owner First Name: {metadata:AppOwnerFirstName}</td></tr> \n<tr><td>CA: {careqid}</td><td>App Owner Last Name: {metadata:AppOwnerLastName}</td></tr> \n<tr><td>SANs: {san}</td><td>App Owner Email Address: {metadata:AppOwnerEmailAddress}</td></tr> \n<tr><td>DN: {dn}</td><td>Business Critical: {metadata:BusinessCritical}</td></tr> \n</table> \n\nThanks! \n\nYour Certificate Management System"

See Table 19: Substitutable Special Text for Denied Certificate Request Alerts for a complete list of available substitutable special text strings.

Tip:  For best results when using HTML to format an email sent from Keyfactor Command, use inline styles and do not rely on linked stylesheets or embedded <style> rules. For example:
  • Recommended:

    <p style="font-size:14px; color:#333; margin:0 0 12px;">Hello</p>
  • Not Recommended:

    <link rel="stylesheet" href="https://cdn...">

    or

    <style>p { color:#333; }</style>
Recipients Body

An array of strings containing the recipients for the alert. Each alert can have multiple recipients. You can use specific email addresses and/or use substitutable special text to replace an email address variable with actual email addresses at processing time.

When entering email addresses on the Recipients parameter, if more than one recipient is added to a string, all recipients in that string receive the same email and can see the other recipients on the email. To do this, enter email addresses separated by commas or semi-colons withing the string. To include multiple strings, separate each string by a comma within the array.

"Recipients": [
 "admin@keyexample.com", 
 "pkiadmins@keyexample.com,bbrown@keyexample.com"
]
TemplateId Body

An integer indicating the certificate template for which the denied request alerts will be generated. A separate alert should be configured for each template. An alert may be configured with no template, if desired. Alerts configured in this way generate alerts for all denied certificate requests.

Use the GET /Templates method (see GET Templates) to retrieve a list of all the templates to determine the template ID.

RegisteredEventHandler Body

An object containing the event handler configuration for the alert, if applicable. ClosedShow event handler details.

For more information about event handlers, see Using Event Handlers.

EventHandlerParameters Body

An array of objects containing the parameters configured for use by the event handler. The type of data will vary depending on the configured handler. ClosedShow event handler parameter details.

For example, for a PowerShell handler:

Copy
"EventHandlerParameters": [
   {
      "Id": 28,
      "Key": "cn",
      "DefaultValue": "rcn",
      "ParameterType": "Token"
   },
   {
      "Id": 29,
      "Key": "AppOwnerFirstName",
      "DefaultValue": "metadata:AppOwnerFirstName",
      "ParameterType": "Token"
   },
   {
      "Id": 30,
      "Key": "Text",
      "DefaultValue": "Denied Alert: Enterprise Web Server",
      "ParameterType": "Value"
   },
   {
      "Id": 31,
      "Key": "DenialComment",
      "DefaultValue": "cmnt",
      "ParameterType": "Token"
   },
   {
      "Id": 32,
      "Key": "ScriptName",
      "DefaultValue": "MyScript.ps1",
      "ParameterType": "Script"
   }
]

Table 202: POST Alerts Denied Response Data

Name

Description

Id An integer indicating the Keyfactor Command reference ID of the denied request alert.
DisplayName A string indicating the display name for the denied request alert. This name appears in the denied request alerts grid in the Management Portal.
Subject

A string indicating the subject for the email message that will be delivered when the alert is triggered.

Tip:  Substitutable special text may be used in the subject line. Substitutable special text uses a variable in the alert definition that is replaced by data from the certificate or certificate metadata at processing time. For example, you can enter {rcn} in the alert definition and each alert generated at processing time will contain the specific requested common name of the given certificate request instead of the variable {rcn}.
Message

A string indicating the email message that will be delivered when the alert is triggered. The email message is made up of regular text and substitutable special text. If desired, you can format the message body using HTML.

See Table 19: Substitutable Special Text for Denied Certificate Request Alerts for a complete list of available substitutable special text strings.

Recipients

An array of strings containing the recipients for the alert. Each alert can have multiple recipients. You can use specific email addresses and/or use substitutable special text to replace an email address variable with actual email addresses at processing time.

When entering email addresses on the Recipients parameter, if more than one recipient is added to a string, all recipients in that string receive the same email and can see the other recipients on the email. To do this, enter email addresses separated by commas or semi-colons withing the string. To include multiple strings, separate each string by a comma within the array.

"Recipients": [
 "admin@keyexample.com", 
 "pkiadmins@keyexample.com,bbrown@keyexample.com"
]
Template

An object containing information about the certificate template for which the denied request alerts will be generated. A separate alert should be configured for each template. An alert may be configured with no template, if desired. Alerts configured in this way generate alerts for all denied certificate requests. ClosedShow template details.

RegisteredEventHandler

An object containing the event handler configuration for the alert, if applicable. ClosedShow event handler details.

For more information about event handlers, see Using Event Handlers.

EventHandlerParameters

An array of objects containing the parameters configured for use by the event handler. The type of data will vary depending on the configured handler. ClosedShow event handler parameter details.

Tip:  See the Keyfactor API Reference and Utility which provides a utility through which the Keyfactor APIClosed An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints can be called and results returned. It is intended to be used primarily for validation, testing and workflowClosed A workflow is a series of steps necessary to complete a process. In Keyfactor Command, it refers to the workflow builder, which allows you to automate event-driven tasks such as when a certificate is requested, revoked or found in a certificate store. development. It also serves secondarily as documentation for the API. The link to the Keyfactor API Reference and Utility is in the dropdown from the help icon () at the top of the Management Portal page next to the Log Out button.