Documentation Suite v25.2

Submit Search

API Change Log v25.2

API An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. changes for this release of Keyfactor Command.

Table 1000: API Change Log v25.2

Endpoint	Methods	Action	Notes
/CertificateStores/Containers	GET, POST, PUT	Deprecated	GET /CertificateStoreContainers has the same functionality with paging support.
/CertificateStoresTypes	GET, POST, PUT	Updated	The parameter ValidationOptions has been added for both Properties and EntryParameters: EntryParameters: Options (optional/required/hidden) when adding or removing a certificate from a certificate store or initiating on-device key generation for the certificate store. Properties: Options (optional/required/hidden) on the certificate store dialog while adding or editing a certificate store or approving a discovered certificate store.
/CertificateStoresTypes/{id}	GET	Updated	The parameter ValidationOptions has been added for both Properties and EntryParameters: EntryParameters: Options (optional/required/hidden) when adding or removing a certificate from a certificate store or initiating on-device key generation for the certificate store. Properties: Options (optional/required/hidden) on the certificate store dialog while adding or editing a certificate store or approving a discovered certificate store.
/CertificateStoreTypes/Name/{name}	GET	Updated	The parameter ValidationOptions has been added for both Properties and EntryParameters: EntryParameters: Options (optional/required/hidden) when adding or removing a certificate from a certificate store or initiating on-device key generation for the certificate store. Properties: Options (optional/required/hidden) on the certificate store dialog while adding or editing a certificate store or approving a discovered certificate store.
/CSRGeneration/Generate	POST	Updated	Supports generation of CSRs with a primary ML-DSA key.
/Enrollment/AvailableRenewal/{id}	GET	Updated	The endpoints did not set the PFXRenewal flag if the OneClickRenewal flag was set. That error has been addressed in version 25.2, resulting in a potential change in the returned value. The The new enum values are: None = 0 SeededPFXEnroll = 1 OneClick = 2 SeededCSREnroll = 4 And when multiple are available the enum values are summed (for example both SeededPFX and OneClick but not SeededCSR would be 3 and all renewal types would be 7). Permissions have also changed on the endpoint. Previously only CertificateEnrollment_EnrollPFX was required. Now, either CertificateEnrollment_EnrollPFX or CertificateEnrollment_EnrollCSR are can use the endpoint. This endpoint is used to set the renew options in the UI from the certificate search page.
/Enrollment/CSR	POST	Updated	Supports generation of certificates with a primary ML-DSA key. There are also two new optional parameters RenewalCert & RenewalCertificateCollectionId which were added to the POST /Enrollment/CSR endpoint for renewals.
/Enrollment/PFX v2	POST	Updated	Parameters AlternativeKeyType and AlternativeKeyLength have been added to support enrollment for hybrid certificates.
/Enrollment/PFX v2	POST	Updated	Supports generation of certificates with a primary ML-DSA key.
/Enrollment/Settings/{id}	GET	Updated	KeyInfo under TemplatePolicy now includes MLDSA44, MLDSA65, and MLDSA87 parameters.
/EnrollmentPatterns	GET, POST	Updated	KeyInfo under Policies now includes MLDSA44, MLDSA65, and MLDSA87 parameters. Policies now includes PrimaryKeyAlgorithm and AlternativeKeyAlgorithm parameters. These take precedence over the KeyInfo under Policies, which has been deprecated.
/EnrollmentPatterns/{id}	GET, PUT	Updated	KeyInfo under Policies now includes MLDSA44, MLDSA65, and MLDSA87 parameters. Policies now includes PrimaryKeyAlgorithm and AlternativeKeyAlgorithm parameters. These take precedence over the KeyInfo under Policies, which has been deprecated.
/EnrollmentPatterns/{id}/Settings	GET	Updated	KeyInfo under Policies now includes MLDSA44, MLDSA65, and MLDSA87 parameters.
/EnrollmentPatterns/Settings	PUT, GET	Updated	KeyInfo under Policies now includes MLDSA44, MLDSA65, and MLDSA87 parameters.
/PermissionSets/My	GET	Updated	Now includes security roles associated with the resultant permission set (to support the expanded change owner permission).
/Templates	PUT	Updated	The KeyAlgorithms parameter now includes PrimaryKeyAlgorithm and AlternativeKeyAlgorithm parameters. These take precedence over the KeyInfo under KeyAlgorithms, which has been deprecated. KeyInfo under TemplatePolicy now includes MLDSA44, MLDSA65, and MLDSA87 parameters. TemplatePolicy now includes PrimaryKeyAlgorithm and AlternativeKeyAlgorithm parameters. These take precedence over the KeyInfo under TemplatePolicy, which has been deprecated.
/Templates/{id}	GET	Updated	The KeyAlgorithms parameter now includes PrimaryKeyAlgorithm and AlternativeKeyAlgorithm parameters. These take precedence over the KeyInfo under KeyAlgorithms, which has been deprecated. KeyInfo under TemplatePolicy now includes MLDSA44, MLDSA65, and MLDSA87 parameters. TemplatePolicy now includes PrimaryKeyAlgorithm and AlternativeKeyAlgorithm parameters. These take precedence over the KeyInfo under TemplatePolicy, which has been deprecated.
/Templates/Settings	PUT, GET	Updated	KeyInfo under TemplatePolicy now includes MLDSA44, MLDSA65, and MLDSA87 parameters.
Enrollment/AvailableRenewal/Thumbprint/{thumbprint}	GET	Updated	The endpoints did not set the PFXRenewal flag if the OneClickRenewal flag was set. That error has been addressed in version 25.2, resulting in a potential change in the returned value. The new enum values are: None = 0 SeededPFXEnroll = 1 OneClick = 2 SeededCSREnroll = 4 And when multiple are available the enum values are summed (for example both SeededPFX and OneClick but not SeededCSR would be 3 and all renewal types would be 7). Permissions have also changed on the endpoint. Previously only CertificateEnrollment_EnrollPFX was required. Now, either CertificateEnrollment_EnrollPFX or CertificateEnrollment_EnrollCSR can use the endpoint.

Was this page helpful? Provide Feedback

Version v25.2

On this page:

© 2025 Keyfactor. All rights reserved.

Hero New Regular