loading

Certificate Provisioning System API v2

Manage SSL and TLS certificates for your Akamai Secure Delivery Network applications with the CPS API.

Learn more:


Overview

The Certificate Provisioning System (CPS) provides full life cycle management of SSL/TLS certificates for your Akamai Secure Delivery Network applications. This includes ability to request new certificates, modify existing certificates, automatically renew certificates, and delete certificates. CPS also manages key Transport Layer Security (TLS) configurations, including cipher selection.

You can use this API as part of setting a secure website to ensure that the delivery of content to and from that site is secure. The SSL/TLS certificates that CPS provides authenticate the secure connection that the browser makes during secure delivery. CPS generates and secures the private key of each certificate.

NOTE: CPS no longer supports Geotrust or Cybertrust certificates. Symantec is now the exclusive provider of both extended validation (EV) and organizational validation (OV) certificates. For more information, see Akamai Community.

Who should use this API

Most common users of CPS API are developers and architects. By leveraging CPS API, users can request new certificates, modify existing certificates, and delete certificates. To use this API effectively, you must be familiar with the process for obtaining and managing certificates. To use this API, you should be familiar with the terminology and concepts specific to the Luna Control Center.

You can also use the CPS API with the Secure Provisioning Service (SPS) API. The SPS API provides a convenient mechanism to provision certificates and secure edge hostnames in a single API call. In addition, SPS can provision the most common certificate types and can add alternative names to a SAN certificate. To perform advanced operations with certificates, use the CPS API. CPS API is Akamai’s comprehensive toolbox for creating and modifying certificates. Since CPS and SPS both use the same set of identifiers for certificates, you can use the enrollmentId returned by one system as input on requests to the other system.

Developers using this API should be familiar with:

  • SSL/TLS certificates
  • Certificate authorities (CAs)
  • How Akamai obtains certificates on the requester’s behalf, which includes the generation of public/private key pairs and certificate signing requests (CSRs).
  • DNS
  • Edge Hostnames

If you have questions about these concepts, contact your Akamai account representative.

Advances in certificate validation require contact between the CAs and the organization for which the certificate is being requested. Depending on the validation mechanism and certificate authority, the process requires different levels of participation from the organization. The timeline for this process depends on many factors, including the number of domains and the responsiveness of the organization. While the process can take just a few days, it can extend to much longer periods. Customers should consider using Domain Validation for the most rapid provisioning.

Getting started

Before you can access the CPS API, you need to make sure CPS has been added to your contract. CPS is part of your contract if you purchased any secure delivery product.To get started with this API:

Internal versioning

Internal versioning of CPS API is managed by Content-Type and Accept headers. In order for a client to successfully reach a resource via HTTP request, the version header (or version header pair if both Content-Type and Accept are required) in the request needs to match exactly any of the versioned resources. Otherwise the API call will fail to map to an allowed resource.

The format of a typical CPS versioning header is: application/vnd.akamai.cps.${ENTITY_NAME}.${VERSION}+${MEDIA_TYPE}. E.g. application/vnd.akamai.cps.enrollment.v4+json.

API concepts

When using this API, you should be familiar with the following concepts:

X509 certificates

A digital certificate is an electronic document that includes a company’s identification information (such as the name and address of the company), a public key, and the digital signature of a Certification Authority (CA) based on that certification authority’s private key. You can think of a certificate as you would a license or passport that identifies your website. Having a certificate provides a way for a client browser to verify the authenticity of a website.

Authentication offers a way to establish the identity of a website to a browser. A certificate contains the common name (CN) you want to use for the certificate. This is the fully qualified domain name for which you plan to use your certificate. CPS supports the following types of certificates:

  • Single certificate: Associates a single domain with a single name.

  • Wildcard certificate: Secures an entire domain. A certificate for *.example.com secures www.example.com, mail.example.com, and any subdomain of example.com. If you do not know what domains you want to attach your certificate to, you should obtain a wildcard certificate, which offers greater flexibility.

  • SAN certificate: Uses multiple domain names. These Subject Alternative Names (SANs) allow you to secure up to 100 domain names with one certificate. These certificates address the need to secure multiple names across different domains. You can update a SAN certificate at any time to add more names, up to the capacity of the certificate.

  • Wildcard SAN certificate: Uses wildcard certificates with Subject Alternative Names. You can only use wildcard SAN certificates from Symantec with CPS.

  • Third party certificate: Uses a signed certificate that you obtain from a CA not integrated with CPS.

Certificate authorities

A Certificate Authority (CA) is a trusted entity that signs certificates and can vouch for the identity of a website. CPS integrates and automates certificate generation with two CAs:

If you want to use a different CA, you must use a third-party certificate and CA.

Validation

When a CA gets a request for a certificate and verifies your identity, it validates the certificate. There are four types of validation:

  • Domain Validation (DV): A lower level of validation. The CA validates that you have control of the domain. A typical CPS DV certificate expires in 90 days.

  • Organization Validation (OV): A higher level of validation. The CA validates whether or not the company is valid, if it is registered, and if the business contact legitimately works at the company. An OV certificate generally expires in one year.

  • Extended Validation (EV): The highest level of validation in which you must have signed letters and notaries sent to the CA before signing. Wildcard certificates cannot be EV certificates because an EV certificate requires you to be explicit about all the subject alternative names (SANs). An EV certificate generally expires in two years.

  • Third Party Validation: This is used for third party certificates. The expiration date of third-party certificates varies, since these certificates are issued outside of CPS.

Enrollments

A CPS enrollment is the most fundamental and definitive concept that behaves as a core container for all the operations that clients can perform within CPS.

CPS is a certificate life cycle management tool and a CPS enrollment is the agent in this tool that allows users display all the information about the process that certificate goes through from the time it was requested, through renewal or removal. Once you obtain a certificate, you can—but not necessarily have to—use it until it expires, in most cases a year from the date the CA issued the certificate. That being said, you can start a renewal process whenever you want given CPS timeline allows it, i.e. not too close to expiration, already a renewal in process etc.

When expiration date of an active certificate in an enrollment approaches, CPS automatically starts the renewal process for users’ convenience in order to prevent Denial of Service (DoS) due to expired certificates. Start date of auto-renewal for an about-to-expire certificate depends on the the validation type:

  • EV: 90 days before expiration
  • OV: 60 days before expiration
  • DV: 20 days before expiration

When an auto-renewal operation starts, CPS then automatically deploys the renewed certificate when it receives it from the CA.

Resources related to enrollments in the API

An enrollment, along with other operations, allows you to create and manage changes for an enrollment. Relevant types for enrollment operations are:

Property Type Description
ra Constant - Registration Authority Registration Authority.
validationType Constant - Validation Type Domain and Organization validation type.
certificateType Constant - Certificate Certificate Type.
networkType Constant - Network Type Network Type.
mustHaveCiphers String Akamai cipher profile name, e.g. ak-akamai-recommended.
preferredCiphers String Akamai cipher profile name, e.g. ak-akamai-recommended.
sni Group - sni Server Name Indication (SNI).
signatureAlgorithm Constant - Signature Algorithm Algorithm used to sign the certificate.
changeManagement Boolean When enabled, you need to intervene and approve the enrollment state before a certificate will be deployed with current configuration to the network.
csr Group - CSR Certificate Signing Request.
org Group - Organization Organization information for the CSR request.
adminContact Group - Contact Organization’s administrator contact information for the CSR request.
techContact Group - Contact Organization’s technical contact information for the CSR request.
thirdParty Group - ThirdParty Information for certificates signed by RAs other than Akamai’s integrated RAs.

About the CPS workflow

An enrollment displays all the information about the process that your certificate goes through from the time you request it, through renewal, and as you obtain subsequent versions. CPS is a certificate life cycle management tool. Once you obtain a certificate, you use it until it expires, in most cases a year from the date the CA issued the certificate. CPS automatically starts the renewal process before the old certificate expires, and then automatically deploys the renewed certificate when it receives it from the CA. The CPS workflow is as follows:

  1. Collect certificate details. This includes, the name, address, and phone number of your organization, and contact information for someone at your company and a representative from Akamai.

  2. Create the certificate signing request (CSR). You must use CPS to create a request for a certificate from your CA. CPS stores the private key for the certificate when you create the request.

  3. Pre-verify certificate. CPS may trigger pre-verification warnings that require acknowledgement through the API.

  4. Submit the CSR. CPS submits the certificate request to the certificate authority (CA) of your choice for signing. For Third-Party enrollments, you must call the API to extract the CSR to share with your CA for signing.

  5. Validate the certificate. The CA validates the certificate. For Let’s Encrypt, this may involve API calls and validation token configuration.

  6. Issue the certificate. The CA issues the certificate.

  7. Retrieve the certificate. CPS automatically retrieves the certificate and verifies that it is the correct certificate. For Third-Party enrollments, you must use the API to submit a signed certificate and trust chain to CPS.

  8. Post-verify certificate. CPS verifies the certificate against the CSR request, and may trigger post-verification warnings that require acknowledgement through the API.

  9. Confirm change management is enabled. CPS checks whether or not change management is on. If it is on, CPS deploys certificates to the staging network and prompts users to review and acknowledge Change Management before deploying to the production network. If Change Management is off, CPS automatically deploys the certificate to the network.

  10. Check when the certificate may deploy. CPS checks whether or not you set Change.statusInfo.deploymentSchedule to specify when the certificate can deploy, and CPS waits until after the date, if applicable, before deploying the certificate. If you did not set this information, CPS automatically deploys the certificate to the network.

  11. Deploy the certificate. CPS deploys the certificate on the network.

  12. Renew the certificate. Most certificates expire a year from the date the CA issued it. CPS automatically restarts these steps to renew the certificate before certificate expires unless you schedule enrollment removal using Remove an Enrollment.

Change input content type mapping

A Change may allow for updates to be made under certain conditions. The type of updates allowed is internal to the system, and is determined by the state of the change as well as the specific enrollment type. Clients have to inspect the Change.allowedInput[].type returned by Get Change Status to determine actions and headers supported, then use the Accept and Content-Type headers for the respective allowedInput value below to inspect or perform updates to the Change. The following table presents an overview of the different types and corresponding headers. The table helps you identify which headers you can use when performing Get Change Information and Update a Change operations.

Category Change.allowedInput[].type API type Description Content-Type header Accept header
Change-Management change-management-info info / GET Change Management information provides acknowledgement status, and may include warnings about potential conflicts that may occur if you proceed with acknowledgement. N/A application/vnd.akamai.cps.change-management-info.v3+json
Change-Management change-management-info info / GET The Deployment currently deployed to the staging network. Acknowledging change-management continues deploying this configuration to the production network. N/A application/vnd.akamai.cps.deployment.v1+json
Change-Management change-management-info update / POST Acknowledge Change Management is required to proceed deploying the certificate to the production network. application/vnd.akamai.cps.acknowledgement-with-hash.v1+json application/vnd.akamai.cps.change-id.v1+json
Let’s Encrypt lets-encrypt-challenges info / GET Get Let’s Encrypt DvChallenges for a given change. N/A application/vnd.akamai.cps.dv-challenges.v1+json
Let’s Encrypt lets-encrypt-challenges update / POST Submit an Acknowledgement to inform CPS that Let’s Encrypt challenges have been made available and are ready for validation. application/vnd.akamai.cps.acknowledgement.v1+json application/vnd.akamai.cps.change-id.v1+json
Post-Verification post-verification-warnings info / GET Post-verification Warnings generated for a given change. Produced after CPS retrieves a certificate from a CA or when a client uploads a certificate. You must acknowledge post-verification warnings for the change to continue processing. N/A application/vnd.akamai.cps.warnings.v1+json
Post-Verification post-verification-warnings update / POST You must acknowledge post-verification warnings by submitting an Acknowledgement. application/vnd.akamai.cps.acknowledgement.v1+json application/vnd.akamai.cps.change-id.v1+json
Pre-Verification pre-verification-warnings info / GET Pre-verification Warnings can generate for a given change. CPS produces these after it retrieves a certificate from a CA or after a client uploads the certificate. Post-verification Warnings must be acknowledged for the change to continue processing. N/A application/vnd.akamai.cps.warnings.v1+json
Pre-Verification pre-verification-warnings update / POST You must acknowledge pre-Verification warnings by submitting an Acknowledgement. application/vnd.akamai.cps.acknowledgement.v1+json application/vnd.akamai.cps.change-id.v1+json
Third-Party third-party-csr info / GET Get Certificate Signing Request (CSR) for a Third-Party certificate. N/A application/vnd.akamai.cps.csr.v1+json
Third-Party third-party-csr update / POST Upload Third Party Certificate and Trust Chain. application/vnd.akamai.cps.certificate-and-trust-chain.v1+json application/vnd.akamai.cps.change-id.v1+json

Resources

The Certificate Provisioning System (CPS) provides full life cycle management of SSL certificates for your Akamai Secure Delivery Network applications. This includes allowing you to request new certificates, modify existing certificates, automatically renew certificates, and delete certificates. CPS also manages key Transport Layer Security (TLS) configuration including cipher selection.

API summary

Download the RAML descriptors for this API.

Operation Method Endpoint
List Enrollments GET /cps/v2/enrollments{?contractId}
Create an Enrollment POST /cps/v2/enrollments{?contractId,deploy-not-after,deploy-not-before}
Get an Enrollment GET /cps/v2/enrollments/{enrollmentId}
Update an Enrollment PUT /cps/v2/enrollments/{enrollmentId}{?allow-cancel-pending-changes,deploy-not-after,deploy-not-before}
Remove an Enrollment DELETE /cps/v2/enrollments/{enrollmentId}{?allow-cancel-pending-changes,deploy-not-after,deploy-not-before}
Get Change Status GET /cps/v2/enrollments/{enrollmentId}/changes/{changeId}
Cancel a Change DELETE /cps/v2/enrollments/{enrollmentId}/changes/{changeId}
Get Change Information GET /cps/v2/enrollments/{enrollmentId}/changes/{changeId}/input/info/{allowedInputTypeParam}
Update a Change POST /cps/v2/enrollments/{enrollmentId}/changes/{changeId}/input/update/{allowedInputTypeParam}
Get a Deployment Schedule GET /cps/v2/enrollments/{enrollmentId}/changes/{changeId}/deployment-schedule
Update a Deployment Schedule PUT /cps/v2/enrollments/{enrollmentId}/changes/{changeId}/deployment-schedule
List Deployments GET /cps/v2/enrollments/{enrollmentId}/deployments
Get Staging Deployments GET /cps/v2/enrollments/{enrollmentId}/deployments/staging
Get Production Deployment GET /cps/v2/enrollments/{enrollmentId}/deployments/production

List enrollments

A list of the names of each enrollment.

GET /cps/v2/enrollments{?contractId}

Sample: /cps/v2/enrollments?contractId=1-1TJZH5

Headers:

Accept: application/vnd.akamai.cps.enrollments.v4+json
Parameter Type Sample Description
Optional query parameters
contractId String 1–1TJZH5 Specify the contract on which to operate or view.

Status 200 application/vnd.akamai.cps.enrollments.v4+json

Headers:

Content-Type: application/vnd.akamai.cps.enrollments.v4+json

Response Body:

{
    "enrollments": [
        {
            "networkConfiguration": {
                "preferredCiphers": "ak-akamai-default",
                "sni": {
                    "cloneDnsNames": false,
                    "dnsNames": [
                        "san2.example.com",
                        "san1.example.com"
                    ]
                },
                "mustHaveCiphers": "ak-akamai-default2016q3",
                "disallowedTlsVersions": [],
                "secureNetwork": "enhanced-tls",
                "geography": "core"
            },
            "enableMultiStackedCertificates": false,
            "pendingChanges": [],
            "thirdParty": {
                "excludeSans": false
            },
            "validationType": "third-party",
            "techContact": {
                "city": "Cambridge",
                "organizationName": "Akamai",
                "firstName": "R2",
                "addressLineTwo": null,
                "title": "Astromech Droid",
                "addressLineOne": "150 Broadway",
                "lastName": "D2",
                "region": "MA",
                "phone": "617-555-0111",
                "country": "US",
                "postalCode": "02142",
                "email": "r2d2@akamai.com"
            },
            "changeManagement": true,
            "location": "/cps/v2/enrollments/10002",
            "ra": "third-party",
            "adminContact": {
                "city": "Cambridge",
                "organizationName": "Dark Side",
                "firstName": "Darth",
                "addressLineTwo": null,
                "title": "Lord",
                "addressLineOne": "666 Evil Way",
                "lastName": "Vader",
                "region": "MA",
                "phone": "617-555-0123",
                "country": "US",
                "postalCode": "02142",
                "email": "vader@example.com"
            },
            "certificateChainType": "default",
            "org": {
                "city": "Cambridge",
                "name": "Akamai Technologies",
                "addressLineTwo": null,
                "addressLineOne": "150 Broadway",
                "country": "US",
                "region": "MA",
                "phone": "617-555-0111",
                "postalCode": "02142"
            },
            "certificateType": "third-party",
            "csr": {
                "c": "US",
                "cn": "www.example.com",
                "l": "Cambridge",
                "o": "Akamai",
                "st": "MA",
                "ou": "WebEx",
                "sans": [
                    "san1.example.com",
                    "san2.example.com",
                    "san3.example.com",
                    "san4.example.com",
                    "www.example.com"
                ]
            },
            "signatureAlgorithm": null
        },
        {
            "networkConfiguration": {
                "preferredCiphers": "ak-akamai-default",
                "sni": {
                    "cloneDnsNames": false,
                    "dnsNames": [
                        "san1.example.com",
                        "san2.example.com"
                    ]
                },
                "mustHaveCiphers": "ak-akamai-default2016q3",
                "disallowedTlsVersions": [],
                "secureNetwork": "enhanced-tls",
                "geography": "core"
            },
            "enableMultiStackedCertificates": false,
            "pendingChanges": [
                "/cps/v2/enrollments/10003/changes/10004"
            ],
            "thirdParty": {
                "excludeSans": false
            },
            "validationType": "third-party",
            "techContact": {
                "city": "Cambridge",
                "organizationName": "Akamai",
                "firstName": "R2",
                "addressLineTwo": null,
                "title": "Astromech Droid",
                "addressLineOne": "150 Broadway",
                "lastName": "D2",
                "region": "MA",
                "phone": "617-555-0111",
                "country": "US",
                "postalCode": "02142",
                "email": "r2d2@akamai.com"
            },
            "changeManagement": true,
            "location": "/cps/v2/enrollments/10003",
            "ra": "third-party",
            "adminContact": {
                "city": "Cambridge",
                "organizationName": "Dark Side",
                "firstName": "Darth",
                "addressLineTwo": null,
                "title": "Lord",
                "addressLineOne": "666 Evil Way",
                "lastName": "Vader",
                "region": "MA",
                "phone": "617-555-0123",
                "country": "US",
                "postalCode": "02142",
                "email": "vader@example.com"
            },
            "certificateChainType": "default",
            "org": {
                "city": "Cambridge",
                "name": "Akamai Technologies",
                "addressLineTwo": null,
                "addressLineOne": "150 Broadway",
                "country": "US",
                "region": "MA",
                "phone": "617-555-0111",
                "postalCode": "02142"
            },
            "certificateType": "third-party",
            "csr": {
                "c": "US",
                "cn": "www.example.com",
                "l": "Cambridge",
                "o": "Akamai",
                "st": "MA",
                "ou": "WebEx",
                "sans": [
                    "san1.example.com",
                    "san2.example.com",
                    "san3.example.com",
                    "san4.example.com",
                    "www.example.com"
                ]
            },
            "signatureAlgorithm": null
        }
    ]
}
  1. Using the List Contracts API, lookup the contractId under which you want to provision the enrollment.

  2. Specify an Accept header versioned up to application/vnd.akamai.cps.enrollments.v4+json.

  3. Make a GET request to /cps/v2/enrollments{?contractId}.

  4. Enrollment objects are available within the response’s enrollments array.

Create an enrollment

Creates an enrollment that contains all the information about the process that your certificate goes through from the time you request it, through renewal, and as you obtain subsequent versions.

POST /cps/v2/enrollments{?contractId,deploy-not-after,deploy-not-before}

Sample: /cps/v2/enrollments?contractId=1-1TJZH5&deploy-not-after=2017-01-01&deploy-not-before=2017-01-01

Headers:

Content-Type: application/vnd.akamai.cps.enrollment.v4+json
Accept: application/vnd.akamai.cps.enrollment-status.v1+json

Content-Type: application/vnd.akamai.cps.enrollment.v4+json

Request Body:

{
    "networkConfiguration": {
        "preferredCiphers": "ak-akamai-default",
        "sni": {
            "cloneDnsNames": false,
            "dnsNames": [
                "san1.example.com",
                "san2.example.com"
            ]
        },
        "mustHaveCiphers": "ak-akamai-default2016q3",
        "disallowedTlsVersions": [],
        "secureNetwork": "enhanced-tls",
        "geography": "core"
    },
    "enableMultiStackedCertificates": false,
    "thirdParty": {
        "excludeSans": false
    },
    "validationType": "third-party",
    "techContact": {
        "city": "Cambridge",
        "organizationName": "Akamai",
        "firstName": "R2",
        "addressLineTwo": null,
        "title": "Astromech Droid",
        "addressLineOne": "150 Broadway",
        "lastName": "D2",
        "region": "MA",
        "phone": "617-555-0111",
        "country": "US",
        "postalCode": "02142",
        "email": "r2d2@akamai.com"
    },
    "changeManagement": true,
    "ra": "third-party",
    "adminContact": {
        "city": "Cambridge",
        "organizationName": "Dark Side",
        "firstName": "Darth",
        "addressLineTwo": null,
        "title": "Lord",
        "addressLineOne": "666 Evil Way",
        "lastName": "Vader",
        "region": "MA",
        "phone": "617-555-0123",
        "country": "US",
        "postalCode": "02142",
        "email": "vader@example.com"
    },
    "org": {
        "city": "Cambridge",
        "name": "Akamai Technologies",
        "addressLineTwo": null,
        "addressLineOne": "150 Broadway",
        "country": "US",
        "region": "MA",
        "phone": "617-555-0111",
        "postalCode": "02142"
    },
    "certificateType": "third-party",
    "signatureAlgorithm": "SHA-256",
    "csr": {
        "c": "US",
        "cn": "www.example.com",
        "l": "Cambridge",
        "o": "Akamai",
        "st": "MA",
        "ou": "WebEx",
        "sans": [
            "san1.example.com",
            "san2.example.com",
            "san3.example.com",
            "san4.example.com"
        ]
    }
}
Parameter Type Sample Description
Required query parameters
contractId String 1–1TJZH5 Specify the contract on which to operate or view.
Optional query parameters
deploy-not-after String 2017–01–01 Don’t deploy after this date (UTC).
deploy-not-before String 2017–01–01 Don’t deploy before this date (UTC).

Status 202 application/vnd.akamai.cps.enrollment-status.v1+json

Headers:

Content-Type: application/vnd.akamai.cps.enrollment-status.v1+json

Response Body:

{
    "enrollment": "/cps/v2/enrollments/10002",
    "changes": [
        "/cps/v2/enrollments/10002/changes/10002"
    ]
}
  1. Using the List Contracts API, lookup the contractId under which you want to provision the enrollment.

  2. If you want to control when the enrollment deploys, set the deploy-not-before or deploy-not-after query parameters.

  3. Create an Enrollment object.

  4. Specify a Content-Type header versioned up to application/vnd.akamai.cps.enrollment.v4+json.

  5. Specify an Accept header of application/vnd.akamai.cps.enrollment-status.v1+json.

  6. POST the object to /cps/v2/enrollments{?contractId,deploy-not-after,deploy-not-before}.

Get an enrollment

Gets an enrollment.

GET /cps/v2/enrollments/{enrollmentId}

Sample: /cps/v2/enrollments/10000

Headers:

Accept: application/vnd.akamai.cps.enrollment.v4+json
Parameter Type Sample Description
URL parameters
enrollmentId Integer 10000 Enrollment on which to perform the desired operation.

Status 200 application/vnd.akamai.cps.enrollment.v4+json

Headers:

Content-Type: application/vnd.akamai.cps.enrollment.v4+json

Response Body:

{
    "networkConfiguration": {
        "preferredCiphers": "ak-akamai-default",
        "sni": {
            "cloneDnsNames": false,
            "dnsNames": [
                "san2.example.com",
                "san1.example.com"
            ]
        },
        "mustHaveCiphers": "ak-akamai-default2016q3",
        "disallowedTlsVersions": [],
        "secureNetwork": "enhanced-tls",
        "geography": "core"
    },
    "enableMultiStackedCertificates": false,
    "pendingChanges": [],
    "thirdParty": {
        "excludeSans": false
    },
    "validationType": "third-party",
    "techContact": {
        "city": "Cambridge",
        "organizationName": "Akamai",
        "firstName": "R2",
        "addressLineTwo": null,
        "title": "Astromech Droid",
        "addressLineOne": "150 Broadway",
        "lastName": "D2",
        "region": "MA",
        "phone": "617-555-0111",
        "country": "US",
        "postalCode": "02142",
        "email": "r2d2@akamai.com"
    },
    "changeManagement": true,
    "location": "/cps/v2/enrollments/10002",
    "ra": "third-party",
    "adminContact": {
        "city": "Cambridge",
        "organizationName": "Dark Side",
        "firstName": "Darth",
        "addressLineTwo": null,
        "title": "Lord",
        "addressLineOne": "666 Evil Way",
        "lastName": "Vader",
        "region": "MA",
        "phone": "617-555-0123",
        "country": "US",
        "postalCode": "02142",
        "email": "vader@example.com"
    },
    "certificateChainType": "default",
    "org": {
        "city": "Cambridge",
        "name": "Akamai Technologies",
        "addressLineTwo": null,
        "addressLineOne": "150 Broadway",
        "country": "US",
        "region": "MA",
        "phone": "617-555-0111",
        "postalCode": "02142"
    },
    "certificateType": "third-party",
    "csr": {
        "c": "US",
        "cn": "www.example.com",
        "l": "Cambridge",
        "o": "Akamai",
        "st": "MA",
        "ou": "WebEx",
        "sans": [
            "san1.example.com",
            "san2.example.com",
            "san3.example.com",
            "san4.example.com",
            "www.example.com"
        ]
    },
    "signatureAlgorithm": null
}
  1. Run the List Enrollments operation and select the appropriate Enrollment object from the enrollments array.

  2. Strip all text up to the final segment of the object’s location and store it as the enrollmentId.

  3. Specify an Accept header versioned up to application/vnd.akamai.cps.enrollment.v4+json.

  4. Make a GET request to /cps/v2/enrollments/{enrollmentId}.

  5. The response provides an Enrollment object.

Update an enrollment

Updates an enrollment with changes. Response type will vary depending on the type and impact of change. For example, changing SANs list may return HTTP 202 Accepted since the operation require a new certificate and network deployment operations, and thus cannot be completed without a change. On the contrary, for example a Technical Contact name change may return HTTP 200 OK assuming there are no active change and when the operation does not require a new certificate.

PUT /cps/v2/enrollments/{enrollmentId}{?allow-cancel-pending-changes,deploy-not-after,deploy-not-before}

Sample: /cps/v2/enrollments/10000?allow-cancel-pending-changes=true&deploy-not-after=2017-01-01&deploy-not-before=2017-01-01

Headers:

Content-Type: application/vnd.akamai.cps.enrollment.v4+json
Accept: application/vnd.akamai.cps.enrollment-status.v1+json

Content-Type: application/vnd.akamai.cps.enrollment.v4+json

Request Body:

{
    "networkConfiguration": {
        "preferredCiphers": "ak-akamai-default",
        "sni": {
            "cloneDnsNames": false,
            "dnsNames": [
                "san1.example.com",
                "san2.example.com"
            ]
        },
        "mustHaveCiphers": "ak-akamai-default2016q3",
        "disallowedTlsVersions": [],
        "secureNetwork": "enhanced-tls",
        "geography": "core"
    },
    "enableMultiStackedCertificates": false,
    "thirdParty": {
        "excludeSans": false
    },
    "validationType": "third-party",
    "techContact": {
        "city": "Cambridge",
        "organizationName": "Akamai",
        "firstName": "R2",
        "addressLineTwo": null,
        "title": "Astromech Droid",
        "addressLineOne": "150 Broadway",
        "lastName": "D2",
        "region": "MA",
        "phone": "617-555-0111",
        "country": "US",
        "postalCode": "02142",
        "email": "r2d2@akamai.com"
    },
    "changeManagement": true,
    "ra": "third-party",
    "adminContact": {
        "city": "Cambridge",
        "organizationName": "Dark Side",
        "firstName": "Darth",
        "addressLineTwo": null,
        "title": "Lord",
        "addressLineOne": "666 Evil Way",
        "lastName": "Vader",
        "region": "MA",
        "phone": "617-555-0123",
        "country": "US",
        "postalCode": "02142",
        "email": "vader@example.com"
    },
    "org": {
        "city": "Cambridge",
        "name": "Akamai Technologies",
        "addressLineTwo": null,
        "addressLineOne": "150 Broadway",
        "country": "US",
        "region": "MA",
        "phone": "617-555-0111",
        "postalCode": "02142"
    },
    "certificateType": "third-party",
    "signatureAlgorithm": "SHA-256",
    "csr": {
        "c": "US",
        "cn": "www.example.com",
        "l": "Cambridge",
        "o": "Akamai",
        "st": "MA",
        "ou": "WebEx",
        "sans": [
            "san1.example.com",
            "san2.example.com",
            "san3.example.com",
            "san4.example.com",
            "san5.example.com",
            "san6.example.com",
            "san7.example.com"
        ]
    }
}
Parameter Type Sample Description
URL parameters
enrollmentId Integer 10000 Enrollment on which to perform the desired operation.
Optional query parameters
allow-cancel-pending-changes Boolean true All pending changes to be cancelled when updating an enrollment
deploy-not-after String 2017–01–01 Don’t deploy after this date (UTC).
deploy-not-before String 2017–01–01 Don’t deploy before this date (UTC).

Status 200 application/vnd.akamai.cps.enrollment-status.v1+json

Headers:

Content-Type: application/vnd.akamai.cps.enrollment-status.v1+json

Response Body:

{
    "enrollment": "/cps/v2/enrollments/10002",
    "changes": [
        "/cps/v2/enrollments/10002/changes/10002"
    ]
}

Status 202 application/vnd.akamai.cps.enrollment-status.v1+json

Headers:

Content-Type: application/vnd.akamai.cps.enrollment-status.v1+json

Response Body:

{
    "enrollment": "/cps/v2/enrollments/10002",
    "changes": [
        "/cps/v2/enrollments/10002/changes/10002"
    ]
}
  1. Run the List Enrollments operation and select the appropriate Enrollment object from the enrollments array.

  2. If you want to update an enrollment while changes are still pending, set the allow-cancel-pending-changes query parameter.

  3. If you want to control when the enrollment deploys, set the deploy-not-before or deploy-not-after query parameters.

  4. Run the Get an Enrollment operation.

  5. Modify the Enrollment object.

  6. Specify a Content-Type header versioned up to application/vnd.akamai.cps.enrollment.v4+json.

  7. Specify an Accept header of application/vnd.akamai.cps.enrollment-status.v1+json.

  8. PUT the object using the Enrollment’s location hypermedia URL: location{?allow-cancel-pending-changes,deploy-not-after,deploy-not-before}.

Remove an enrollment

Removes an enrollment from CPS. Response type will vary depending on the state of the enrollment. Deleting an enrollment in the future or deleting when the enrollment has a certificate deployed to the network may return HTTP 202 Accepted. Deleting an enrollment which has not yet deployed certificate to the network will complete immediately and return HTTP 200 OK.

DELETE /cps/v2/enrollments/{enrollmentId}{?allow-cancel-pending-changes,deploy-not-after,deploy-not-before}

Sample: /cps/v2/enrollments/10000?allow-cancel-pending-changes=true&deploy-not-after=2017-01-01&deploy-not-before=2017-01-01

Headers:

Accept: application/vnd.akamai.cps.enrollment-status.v1+json
Parameter Type Sample Description
URL parameters
enrollmentId Integer 10000 Enrollment on which to perform the desired operation.
Optional query parameters
allow-cancel-pending-changes Boolean true All pending changes to be cancelled when updating an enrollment.
deploy-not-after String 2017–01–01 Don’t deploy after this date (UTC).
deploy-not-before String 2017–01–01 Don’t deploy before this date (UTC).

Status 200 application/vnd.akamai.cps.enrollment-status.v1+json

Headers:

Content-Type: application/vnd.akamai.cps.enrollment-status.v1+json

Response Body:

{
    "enrollment": "/cps/v2/enrollments/10002",
    "changes": [
        "/cps/v2/enrollments/10002/changes/10002"
    ]
}

Status 202 application/vnd.akamai.cps.enrollment-status.v1+json

Headers:

Content-Type: application/vnd.akamai.cps.enrollment-status.v1+json

Response Body:

{
    "enrollment": "/cps/v2/enrollments/10002",
    "changes": [
        "/cps/v2/enrollments/10002/changes/10002"
    ]
}
  1. Run the List Enrollments operation and select the appropriate Enrollment object from the enrollments array.

  2. If you want to update an enrollment while changes are pending, set the allow-cancel-pending-changes query parameter.

  3. If you want to control when CPS removes the enrollment, set the deploy-not-before or deploy-not-after query parameters.

  4. Specify an Accept header of application/vnd.akamai.cps.enrollment-status.v1+json.

  5. Make a DELETE request to the Enrollment’s location hypermedia URL.

Get change status

Gets the status of a pending change.

GET /cps/v2/enrollments/{enrollmentId}/changes/{changeId}

Sample: /cps/v2/enrollments/10000/changes/10000

Headers:

Accept: application/vnd.akamai.cps.change.v1+json
Parameter Type Sample Description
URL parameters
enrollmentId Integer 10000 Enrollment on which to perform the desired operation.
changeId Integer 10000 The change for this enrollment on which to perform the desired operation.

Status 200 application/vnd.akamai.cps.change.v1+json

Headers:

Content-Type: application/vnd.akamai.cps.change.v1+json

Response Body:

{
    "allowedInput": [
        {
            "info": "/cps/v2/enrollments/10002/changes/10002/input/info/third-party-csr",
            "requiredToProceed": true,
            "type": "third-party-certificate",
            "update": "/cps/v2/enrollments/10002/changes/10002/input/update/third-party-cert-and-trust-chain"
        }
    ],
    "statusInfo": {
        "status": "wait-upload-third-party",
        "deploymentSchedule": {
            "notBefore": null,
            "notAfter": null
        },
        "state": "awaiting-input",
        "description": "Waiting for you to upload and submit your third party certificate and trust chain.",
        "error": null
    }
}

An enrollment may have a change associated with it while CPS prepares the certificate for deployment. You can only complete these operations for an enrollment which has a pending change.

  1. If you do not have an enrollment, run the List Enrollments operation and select an Enrollment

  2. Specify an Accept header of application/vnd.akamai.cps.change.v1+json.

  3. For an Enrollment which has pendingChanges present, make a GET request to the Enrollment’s last pendingChanges.location hypermedia URL. Otherwise you cannot run this operation.

  4. The response provides a Change object.

Cancel a change

Cancels a pending change.

DELETE /cps/v2/enrollments/{enrollmentId}/changes/{changeId}

Sample: /cps/v2/enrollments/10000/changes/10000

Headers:

Accept: application/vnd.akamai.cps.change-id.v1+json
Parameter Type Sample Description
URL parameters
enrollmentId Integer 10000 Enrollment on which to perform the desired operation.
changeId Integer 10000 The change for this enrollment on which to perform the desired operation.

Status 200 application/vnd.akamai.cps.change-id.v1+json

Headers:

Content-Type: application/vnd.akamai.cps.change-id.v1+json

Response Body:

{
    "change": "/cps/v2/enrollments/10002/changes/10002"
}

An enrollment may have a change associated with it while CPS prepares a certificate or metadata for deployment. You can only complete these operations for an enrollment that has a pending change.

  1. If you do not have an enrollment, run the List Enrollments operation and select an Enrollment.

  2. Specify an Accept header of application/vnd.akamai.cps.change.v1+json.

  3. For an Enrollment which has pendingChanges present, make a DELETE request to the Enrollment’s last pendingChanges.location hypermedia URL. Otherwise you cannot run this operation.

  4. The response provides a Change object.

Get change information

Get detailed information of a pending change. Below is a sample where Change.allowedInput[].type has the value third-party-csr. The acceptable Accept header depends on the value of the allowedInput.type for the Change instance. See Change Input Content Type Mapping for details.

GET /cps/v2/enrollments/{enrollmentId}/changes/{changeId}/input/info/{allowedInputTypeParam}

Sample: /cps/v2/enrollments/10000/changes/10000/input/info/third-party-csr

Headers:

Accept: application/vnd.akamai.cps.csr.v1+json
Parameter Type Sample Description
URL parameters
enrollmentId Integer 10000 Enrollment on which to perform the desired operation.
changeId Integer 10000 The change for this enrollment on which to perform the desired operation.
allowedInputTypeParam Enumeration third-party-csr Found as last part of Change.allowedInput[].info hypermedia URL. See Change Input Content Type Mapping for details. Possible enum values: change-management-info, lets-encrypt-challenges, post-verification-warnings, pre-verification-warnings, third-party-csr.

Status 200

Headers:

Content-Type: application/vnd.akamai.cps.csr.v1+json

These are sample steps for a change where Change.allowedInput[].type equals third-party-csr.

  1. If you do not have an enrollment, run the List Enrollments operation and select an Enrollment.

  2. Specify an Accept header of application/vnd.akamai.cps.change.v1+json.

  3. For a Third-Party Enrollment which has pendingChanges present, make a GET request to the Enrollment’s last pendingChanges.location hypermedia URL. Otherwise you cannot run this operation.

  4. The response provides a Change object.

  5. Specify an Accept header of application/vnd.akamai.cps.csr.v1+json.

  6. For a Change object where the Change.allowedInput[].type is third-party-csr, make a GET request to the Change’s last Change.allowedInput[].info hypermedia URL. Otherwise you cannot run this operation.

  7. The response provides a CSR object.

Update a change

Updates a pending change. Below is a sample where Change.allowedInput[].type has the value third-party-csr. The acceptable Content-Type and Accept headers depends on the value of the allowedInput.type for the Change instance. See Change Input Content Type Mapping for details.

POST /cps/v2/enrollments/{enrollmentId}/changes/{changeId}/input/update/{allowedInputTypeParam}

Sample: /cps/v2/enrollments/10000/changes/10000/input/update/third-party-cert-and-trust-chain

Headers:

Content-Type: application/vnd.akamai.cps.certificate-and-trust-chain.v1+json
Accept: application/vnd.akamai.cps.change-id.v1+json

Content-Type: application/vnd.akamai.cps.certificate-and-trust-chain.v1+json

Request Body:

{
    "certificate": "-----BEGIN CERTIFICATE-----\nMIID2DCCAsCgAwIBAgIQ661To2+zTDiFLyyARAaFXTANBgkqhkiG9w0BAQsFADBn\nMSowKAYDVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0xDjAM\nBgNVBAsMBVdlYkV4MQ8wDQYDVQQKDAZBa2FtYWkxCzAJBgNVBAgMAk1BMQswCQYD\nVQQGEwJVUzAeFw0xNzA1MTgyMTEwMTFaFw0xODA1MTkyMTEwMTFaMG0xHDAaBgNV\nBAMME3d3dy5jcHMtZXhhbXBsZS5jb20xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsM\nBVdlYkV4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQeIJ2yfOC8P\nYQp6NjiCYSCkuS0z9a61v+k+KTDYQKIa8jDkwP0OITzvTnjMHuUd8JbSz5jNb22Z\nWxH/1F2p71rlSdBReBkZGLMLcQZPt5ju7ea7ZPz+MOWrwuc6YUafRMQk3qMeo3Sz\nIZQbmLKXkZeYriqy9s9yHJSUnWX1jOa51w6YM/Xar/2pZp2pyguaCNVGp7AAo38R\nAepaGcFwyjJse6dc+7dHOvDnjQ+Cg2lO8DSc12sFLllOhdOULldZRWbtfTLs9uet\niR8ZVpHJ1TtzEz3X9RqBBCvnqykQvMmiQKOkfYEd6LN4Tk6/HJw2/MZhIgAEXtUU\ndQMnD6OMcwIDAQABo3oweDB2BgNVHREEbzBtghRzYW4xLmNwcy1leGFtcGxlLmNv\nbYIUc2FuMi5jcHMtZXhhbXBsZS5jb22CFHNhbjMuY3BzLWV4YW1wbGUuY29tghRz\nYW40LmNwcy1leGFtcGxlLmNvbYITd3d3LmNwcy1leGFtcGxlLmNvbTANBgkqhkiG\n9w0BAQsFAAOCAQEAm9krrTxqDwUaO8J7P7CcrHfwXeWiDG3d9uHqCvHRGrcs46pI\ny8umThgOEba0QHi6CwM6O0+chcHsn6qf+uVKg2u1SKlE6qMIJ1Ppc8MJky1xo0M5\ncrtRpSXjaoF9S2zZZK1lwOJoK93BtC/lNfRc682TxlQ58jtBI6qnmLXUhF8Yo67v\n0UfHiBIv1pZFPIdk90/48vjWM54haNxm/PhxNb6AdzawR4zImUhMKsISP7uOTURQ\nfFfeNgMvHyI8Id1VPLN+e2y4FtnTVdW2e+PTBvOJ1M+YoFU7M04/2SmKJHqnHljh\nVQBpto9JgDmt0yqsdFdLrZlpsIQwpLqdgKZlSw==\n-----END CERTIFICATE-----",
    "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDTDCCAjQCEB1FmMGD0kjutSE218ho23wwDQYJKoZIhvcNAQELBQAwYjElMCMG\nA1UEAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTEOMAwGA1UECwwFV2Vi\nRXgxDzANBgNVBAoMBkFrYW1haTELMAkGA1UECAwCTUExCzAJBgNVBAYTAlVTMB4X\nDTE3MDUxODIxMTAxMVoXDTE4MDUxOTIxMTAxMVowZzELMAkGA1UEBhMCVVMxCzAJ\nBgNVBAgMAk1BMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsMBVdlYkV4MSowKAYD\nVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0wggEiMA0GCSqG\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyxuHi0zL03f+3ZTKLV1lMHvS2LkUwCKEd\nApJw/v+yPPBTuamvikHQ8L5QM1p7BevavdeBMUAoGGXXQkrRtotCkL4S6N9cgH47\n+cUeXCT0D2BaOkR15N7qDVtkYeAtC7eKUI7+j99iZXAFr8Nel9wqNn/9804HyF+F\nZ/YS5oPBuJVGcTQhd8bmUx5wBgr3n6EhqvOHEEAa5whb5PoP/hFi0xO0SFG/LA/+\nK2NMvaE/9Y9j48/ONAFavf80s/y55SudZyBsjowtnZLIeJ4bM6nCN5DMAljH5U3O\nPFjSFKlbPxQgIcP9wLbQTV6b47tNK8c9jPg+U4jK2xtncJ2ijxSXAgMBAAEwDQYJ\nKoZIhvcNAQELBQADggEBACVVWGcirfBhkDwIuNELh1rzKPmhxwhx9hAsYz2B2FDn\n7q82c85hXLfFSZ/9I3bzotVDh4YucCV+vxUXQcYt5tEDbg96uHNzRzXQUTdJSNIe\nbQ5Yn86ELLrzaXAD3+t6ztj8Z9dIVfG7LrAOg3UX5GjfEUrjNfZaiiUcBqLKibJ5\nOqOJcPlbjKZ1kOqrCqlOugcQrZPgpzHkwssUR7v0VtHBHWnzjDTGaMXmvy1LsULA\n3N35SDGFI/Zpw56R4z95UwpmDYg3IKwAGY8XL/oMqTORWyYDUpy1dpcAln5HcZK3\nthju6KdIwCwmthk1iIUAri6avIrh7Mg2SHFho/4p5mA=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIDQzCCAi0CEO7lWBUwDEEclty6iX7gCMcwCwYJKoZIhvcNAQELMGIxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTEPMA0GA1UECgwGQWthbWFpMQ4wDAYDVQQLDAVX\nZWJFeDElMCMGA1UEAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTAeFw0x\nNzA1MTgyMTEwMTFaFw0yMjA1MTgyMTEwMTFaMGIxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIDAJNQTEPMA0GA1UECgwGQWthbWFpMQ4wDAYDVQQLDAVXZWJFeDElMCMGA1UE\nAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAJCbd5QpPJr0I48G4VE0JF5N719Wsspc8lEEgf2oM4BL\n6pAyxU6hm8YzSfCx/NBpU2MYMa96FDoYWUVfj4iilpV4IpLdsDtXjMJ2fnVXP4iI\n9n5EhF3oKGx2bAgBKpXIWXwPo3fqg/MGsdwIgrYyab3xJuwHP3V/2MSxzcHpxQrU\nE8jaemBXv6v0oTx50Ph0zJP+wYwvaDf+KVFzM3E42Ww9VLuP3lt5RAtasNctqlRr\nSlpH3RrZ0Gkpmz6xGr2LvLw12nkTylws/bafCSFAs7+x2ip6pP3yEaYxKdMpeOIE\nWaVU1RsJiWVYgq+b6gc9wrRpfZLyJYdAa50DuEv8jm0CAwEAATALBgkqhkiG9w0B\nAQsDggEBAFbv9+6pQBXDiFOxoYmu1/xiI1/mSGqooJtzNZjoni6HsruGxSqRbbKa\n3GdaPVInZwWY7p8T1RM8+YDTrRrjbfRuRPqdgUBv8iDbcldJNXsqD1CylxLi0lul\ndnHgQD9TmcrTs3ELeT277PE2f8AX3YjhYK8IIGBmDomc1KRTka3nZtexIwfiEQJr\nRzsFL+1vwPoSJFKb1NzeOGikkPNmipQvYKGY9A/q2XeqrEWKGHizPwvcIu7EC8wL\nRooQ3ztqAV3Wul5dI5+AEE8WQzUyzCq7BEgOgNaX403g8An5QueSjhogbYdRd3BM\n+OWJc8qePy3KgqY44s3kbrPR6sJuAIQ=\n-----END CERTIFICATE-----"
}
Parameter Type Sample Description
URL parameters
enrollmentId Integer 10000 Enrollment on which to perform the desired operation.
changeId Integer 10000 The change for this enrollment on which to perform the desired operation.
allowedInputTypeParam Enumeration third-party-cert-and-trust-chain Found as the last part of Change.allowedInput[].update hypermedia URL. See Change Input Content Type Mapping for details. Possible enum values: change-management-ack, lets-encrypt-challenges-completed, post-verification-warnings-ack, pre-verification-warnings-ack, third-party-cert-and-trust-chain.

Status 200 application/vnd.akamai.cps.change-id.v1+json

Headers:

Content-Type: application/vnd.akamai.cps.change-id.v1+json

Response Body:

{
    "change": "/cps/v2/enrollments/10002/changes/10002"
}

These are sample steps for a change where Change.allowedInput[].type equals third-party-csr.

  1. If you do not have an enrollment, run the List Enrollments operation and select an Enrollment

  2. Specify an Accept header of application/vnd.akamai.cps.change.v1+json.

  3. For an Enrollment which has pendingChanges present, make a GET request to the Enrollment’s last pendingChanges.location hypermedia URL. Otherwise you cannot run this operation. The response provides a Change object.

  4. Create a Certificate object.

  5. Specify a Content-Type header of application/vnd.akamai.cps.certificate-and-trust-chain.v1+json.

  6. Specify an Accept header of application/vnd.akamai.cps.change-id.v1+json.

  7. For a Change object where the Change.allowedInput[].type is third-party-csr, make a POST request to the Change’s last Change.allowedInput[].update hypermedia URL. Otherwise you cannot run this operation.

Get a deployment schedule

Gets the current deployment schedule settings describing when a change deploys to the network.

GET /cps/v2/enrollments/{enrollmentId}/changes/{changeId}/deployment-schedule

Sample: /cps/v2/enrollments/10000/changes/10000/deployment-schedule

Headers:

Accept: application/vnd.akamai.cps.deployment-schedule.v1+json
Parameter Type Sample Description
URL parameters
enrollmentId Integer 10000 Enrollment on which to perform the desired operation.
changeId Integer 10000 The change for this enrollment on which to perform the desired operation.

Status 200 application/vnd.akamai.cps.deployment-schedule.v1+json

Headers:

Content-Type: application/vnd.akamai.cps.deployment-schedule.v1+json

Response Body:

{
    "notBefore": "2017-05-19T16:00:00Z",
    "notAfter": null
}

An enrollment may have a change associated with it while CPS prepares the certificate or metadata for deployment. You can only complete these operations for an enrollment that has a pending change.

  1. If you do not have an enrollment, run the List Enrollments operation and select an Enrollment

  2. Specify an Accept header of application/vnd.akamai.cps.deployment-schedule.v1+json.

  3. For an Enrollment which has pendingChanges present, using the Enrollment’s last pendingChanges.location hypermedia URL, make a GET request to a URL composed of pendingChanges.location/deployment-schedule. Otherwise you cannot run this operation.

  4. The response provides a DeploymentSchedule object.

Update a deployment schedule

Updates the current deployment schedule.

PUT /cps/v2/enrollments/{enrollmentId}/changes/{changeId}/deployment-schedule

Sample: /cps/v2/enrollments/10000/changes/10000/deployment-schedule

Headers:

Content-Type: application/vnd.akamai.cps.deployment-schedule.v1+json
Accept: application/vnd.akamai.cps.change-id.v1+json

Content-Type: application/vnd.akamai.cps.deployment-schedule.v1+json

Request Body:

{
    "notBefore": "2017-05-19T16:00:00Z",
    "notAfter": null
}
Parameter Type Sample Description
URL parameters
enrollmentId Integer 10000 Enrollment on which to perform the desired operation.
changeId Integer 10000 The change for this enrollment on which to perform the desired operation.

Status 200 application/vnd.akamai.cps.change-id.v1+json

Headers:

Content-Type: application/vnd.akamai.cps.change-id.v1+json

Response Body:

{
    "change": "/cps/v2/enrollments/10002/changes/10002"
}

An enrollment may have a change associated with it while CPS prepares a certificate or metadata for deployment. You can only complete these operations for an enrollment which has a pending change.

  1. If you do not have an enrollment, run the List Enrollments operation and select an Enrollment.

  2. Run the Get a Deployment Schedule operation and store the response object.

  3. Modify the DeploymentSchedule object.

  4. Specify a Content-Type header of application/vnd.akamai.cps.deployment-schedule.v1+json.

  5. Specify an Accept header of application/vnd.akamai.cps.change-id.v1+json.

  6. Form a new request URL by appending deployment-schedule to the Enrollment’s last pendingChanges.location hypermedia URL.

  7. PUT the object to the revised URL.

List deployments

Lists the deployments for an enrollment.

GET /cps/v2/enrollments/{enrollmentId}/deployments

Sample: /cps/v2/enrollments/10000/deployments

Headers:

Accept: application/vnd.akamai.cps.deployments.v3+json
Parameter Type Sample Description
URL parameters
enrollmentId Integer 10000 Enrollment on which to perform the desired operation.

Status 200 application/vnd.akamai.cps.deployments.v3+json

Headers:

Content-Type: application/vnd.akamai.cps.deployments.v3+json

Response Body:

{
    "production": {
        "networkConfiguration": {
            "preferredCiphers": "ak-akamai-default",
            "sni": {
                "cloneDnsNames": true,
                "dnsNames": [
                    "san2.example.com",
                    "san1.example.com"
                ]
            },
            "mustHaveCiphers": "ak-akamai-default2016q3",
            "disallowedTlsVersions": [],
            "secureNetwork": "enhanced-tls",
            "geography": "standard-worldwide"
        },
        "signatureAlgorithm": "SHA-256",
        "certificate": "-----BEGIN CERTIFICATE-----\nMIID2DCCAsCgAwIBAgIQ661To2+zTDiFLyyARAaFXTANBgkqhkiG9w0BAQsFADBn\nMSowKAYDVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0xDjAM\nBgNVBAsMBVdlYkV4MQ8wDQYDVQQKDAZBa2FtYWkxCzAJBgNVBAgMAk1BMQswCQYD\nVQQGEwJVUzAeFw0xNzA1MTgyMTEwMTFaFw0xODA1MTkyMTEwMTFaMG0xHDAaBgNV\nBAMME3d3dy5jcHMtZXhhbXBsZS5jb20xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsM\nBVdlYkV4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQeIJ2yfOC8P\nYQp6NjiCYSCkuS0z9a61v+k+KTDYQKIa8jDkwP0OITzvTnjMHuUd8JbSz5jNb22Z\nWxH/1F2p71rlSdBReBkZGLMLcQZPt5ju7ea7ZPz+MOWrwuc6YUafRMQk3qMeo3Sz\nIZQbmLKXkZeYriqy9s9yHJSUnWX1jOa51w6YM/Xar/2pZp2pyguaCNVGp7AAo38R\nAepaGcFwyjJse6dc+7dHOvDnjQ+Cg2lO8DSc12sFLllOhdOULldZRWbtfTLs9uet\niR8ZVpHJ1TtzEz3X9RqBBCvnqykQvMmiQKOkfYEd6LN4Tk6/HJw2/MZhIgAEXtUU\ndQMnD6OMcwIDAQABo3oweDB2BgNVHREEbzBtghRzYW4xLmNwcy1leGFtcGxlLmNv\nbYIUc2FuMi5jcHMtZXhhbXBsZS5jb22CFHNhbjMuY3BzLWV4YW1wbGUuY29tghRz\nYW40LmNwcy1leGFtcGxlLmNvbYITd3d3LmNwcy1leGFtcGxlLmNvbTANBgkqhkiG\n9w0BAQsFAAOCAQEAm9krrTxqDwUaO8J7P7CcrHfwXeWiDG3d9uHqCvHRGrcs46pI\ny8umThgOEba0QHi6CwM6O0+chcHsn6qf+uVKg2u1SKlE6qMIJ1Ppc8MJky1xo0M5\ncrtRpSXjaoF9S2zZZK1lwOJoK93BtC/lNfRc682TxlQ58jtBI6qnmLXUhF8Yo67v\n0UfHiBIv1pZFPIdk90/48vjWM54haNxm/PhxNb6AdzawR4zImUhMKsISP7uOTURQ\nfFfeNgMvHyI8Id1VPLN+e2y4FtnTVdW2e+PTBvOJ1M+YoFU7M04/2SmKJHqnHljh\nVQBpto9JgDmt0yqsdFdLrZlpsIQwpLqdgKZlSw==\n-----END CERTIFICATE-----",
        "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDTDCCAjQCEB1FmMGD0kjutSE218ho23wwDQYJKoZIhvcNAQELBQAwYjElMCMG\nA1UEAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTEOMAwGA1UECwwFV2Vi\nRXgxDzANBgNVBAoMBkFrYW1haTELMAkGA1UECAwCTUExCzAJBgNVBAYTAlVTMB4X\nDTE3MDUxODIxMTAxMVoXDTE4MDUxOTIxMTAxMVowZzELMAkGA1UEBhMCVVMxCzAJ\nBgNVBAgMAk1BMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsMBVdlYkV4MSowKAYD\nVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0wggEiMA0GCSqG\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyxuHi0zL03f+3ZTKLV1lMHvS2LkUwCKEd\nApJw/v+yPPBTuamvikHQ8L5QM1p7BevavdeBMUAoGGXXQkrRtotCkL4S6N9cgH47\n+cUeXCT0D2BaOkR15N7qDVtkYeAtC7eKUI7+j99iZXAFr8Nel9wqNn/9804HyF+F\nZ/YS5oPBuJVGcTQhd8bmUx5wBgr3n6EhqvOHEEAa5whb5PoP/hFi0xO0SFG/LA/+\nK2NMvaE/9Y9j48/ONAFavf80s/y55SudZyBsjowtnZLIeJ4bM6nCN5DMAljH5U3O\nPFjSFKlbPxQgIcP9wLbQTV6b47tNK8c9jPg+U4jK2xtncJ2ijxSXAgMBAAEwDQYJ\nKoZIhvcNAQELBQADggEBACVVWGcirfBhkDwIuNELh1rzKPmhxwhx9hAsYz2B2FDn\n7q82c85hXLfFSZ/9I3bzotVDh4YucCV+vxUXQcYt5tEDbg96uHNzRzXQUTdJSNIe\nbQ5Yn86ELLrzaXAD3+t6ztj8Z9dIVfG7LrAOg3UX5GjfEUrjNfZaiiUcBqLKibJ5\nOqOJcPlbjKZ1kOqrCqlOugcQrZPgpzHkwssUR7v0VtHBHWnzjDTGaMXmvy1LsULA\n3N35SDGFI/Zpw56R4z95UwpmDYg3IKwAGY8XL/oMqTORWyYDUpy1dpcAln5HcZK3\nthju6KdIwCwmthk1iIUAri6avIrh7Mg2SHFho/4p5mA=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIDQzCCAi0CEO7lWBUwDEEclty6iX7gCMcwCwYJKoZIhvcNAQELMGIxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTEPMA0GA1UECgwGQWthbWFpMQ4wDAYDVQQLDAVX\nZWJFeDElMCMGA1UEAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTAeFw0x\nNzA1MTgyMTEwMTFaFw0yMjA1MTgyMTEwMTFaMGIxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIDAJNQTEPMA0GA1UECgwGQWthbWFpMQ4wDAYDVQQLDAVXZWJFeDElMCMGA1UE\nAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAJCbd5QpPJr0I48G4VE0JF5N719Wsspc8lEEgf2oM4BL\n6pAyxU6hm8YzSfCx/NBpU2MYMa96FDoYWUVfj4iilpV4IpLdsDtXjMJ2fnVXP4iI\n9n5EhF3oKGx2bAgBKpXIWXwPo3fqg/MGsdwIgrYyab3xJuwHP3V/2MSxzcHpxQrU\nE8jaemBXv6v0oTx50Ph0zJP+wYwvaDf+KVFzM3E42Ww9VLuP3lt5RAtasNctqlRr\nSlpH3RrZ0Gkpmz6xGr2LvLw12nkTylws/bafCSFAs7+x2ip6pP3yEaYxKdMpeOIE\nWaVU1RsJiWVYgq+b6gc9wrRpfZLyJYdAa50DuEv8jm0CAwEAATALBgkqhkiG9w0B\nAQsDggEBAFbv9+6pQBXDiFOxoYmu1/xiI1/mSGqooJtzNZjoni6HsruGxSqRbbKa\n3GdaPVInZwWY7p8T1RM8+YDTrRrjbfRuRPqdgUBv8iDbcldJNXsqD1CylxLi0lul\ndnHgQD9TmcrTs3ELeT277PE2f8AX3YjhYK8IIGBmDomc1KRTka3nZtexIwfiEQJr\nRzsFL+1vwPoSJFKb1NzeOGikkPNmipQvYKGY9A/q2XeqrEWKGHizPwvcIu7EC8wL\nRooQ3ztqAV3Wul5dI5+AEE8WQzUyzCq7BEgOgNaX403g8An5QueSjhogbYdRd3BM\n+OWJc8qePy3KgqY44s3kbrPR6sJuAIQ=\n-----END CERTIFICATE-----"
    },
    "staging": {
        "networkConfiguration": {
            "preferredCiphers": "ak-akamai-default",
            "sni": {
                "cloneDnsNames": true,
                "dnsNames": [
                    "san2.example.com",
                    "san1.example.com"
                ]
            },
            "mustHaveCiphers": "ak-akamai-default2016q3",
            "disallowedTlsVersions": [],
            "secureNetwork": "enhanced-tls",
            "geography": "standard-worldwide"
        },
        "signatureAlgorithm": "SHA-256",
        "certificate": "-----BEGIN CERTIFICATE-----\nMIID2DCCAsCgAwIBAgIQ661To2+zTDiFLyyARAaFXTANBgkqhkiG9w0BAQsFADBn\nMSowKAYDVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0xDjAM\nBgNVBAsMBVdlYkV4MQ8wDQYDVQQKDAZBa2FtYWkxCzAJBgNVBAgMAk1BMQswCQYD\nVQQGEwJVUzAeFw0xNzA1MTgyMTEwMTFaFw0xODA1MTkyMTEwMTFaMG0xHDAaBgNV\nBAMME3d3dy5jcHMtZXhhbXBsZS5jb20xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsM\nBVdlYkV4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQeIJ2yfOC8P\nYQp6NjiCYSCkuS0z9a61v+k+KTDYQKIa8jDkwP0OITzvTnjMHuUd8JbSz5jNb22Z\nWxH/1F2p71rlSdBReBkZGLMLcQZPt5ju7ea7ZPz+MOWrwuc6YUafRMQk3qMeo3Sz\nIZQbmLKXkZeYriqy9s9yHJSUnWX1jOa51w6YM/Xar/2pZp2pyguaCNVGp7AAo38R\nAepaGcFwyjJse6dc+7dHOvDnjQ+Cg2lO8DSc12sFLllOhdOULldZRWbtfTLs9uet\niR8ZVpHJ1TtzEz3X9RqBBCvnqykQvMmiQKOkfYEd6LN4Tk6/HJw2/MZhIgAEXtUU\ndQMnD6OMcwIDAQABo3oweDB2BgNVHREEbzBtghRzYW4xLmNwcy1leGFtcGxlLmNv\nbYIUc2FuMi5jcHMtZXhhbXBsZS5jb22CFHNhbjMuY3BzLWV4YW1wbGUuY29tghRz\nYW40LmNwcy1leGFtcGxlLmNvbYITd3d3LmNwcy1leGFtcGxlLmNvbTANBgkqhkiG\n9w0BAQsFAAOCAQEAm9krrTxqDwUaO8J7P7CcrHfwXeWiDG3d9uHqCvHRGrcs46pI\ny8umThgOEba0QHi6CwM6O0+chcHsn6qf+uVKg2u1SKlE6qMIJ1Ppc8MJky1xo0M5\ncrtRpSXjaoF9S2zZZK1lwOJoK93BtC/lNfRc682TxlQ58jtBI6qnmLXUhF8Yo67v\n0UfHiBIv1pZFPIdk90/48vjWM54haNxm/PhxNb6AdzawR4zImUhMKsISP7uOTURQ\nfFfeNgMvHyI8Id1VPLN+e2y4FtnTVdW2e+PTBvOJ1M+YoFU7M04/2SmKJHqnHljh\nVQBpto9JgDmt0yqsdFdLrZlpsIQwpLqdgKZlSw==\n-----END CERTIFICATE-----",
        "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDTDCCAjQCEB1FmMGD0kjutSE218ho23wwDQYJKoZIhvcNAQELBQAwYjElMCMG\nA1UEAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTEOMAwGA1UECwwFV2Vi\nRXgxDzANBgNVBAoMBkFrYW1haTELMAkGA1UECAwCTUExCzAJBgNVBAYTAlVTMB4X\nDTE3MDUxODIxMTAxMVoXDTE4MDUxOTIxMTAxMVowZzELMAkGA1UEBhMCVVMxCzAJ\nBgNVBAgMAk1BMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsMBVdlYkV4MSowKAYD\nVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0wggEiMA0GCSqG\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyxuHi0zL03f+3ZTKLV1lMHvS2LkUwCKEd\nApJw/v+yPPBTuamvikHQ8L5QM1p7BevavdeBMUAoGGXXQkrRtotCkL4S6N9cgH47\n+cUeXCT0D2BaOkR15N7qDVtkYeAtC7eKUI7+j99iZXAFr8Nel9wqNn/9804HyF+F\nZ/YS5oPBuJVGcTQhd8bmUx5wBgr3n6EhqvOHEEAa5whb5PoP/hFi0xO0SFG/LA/+\nK2NMvaE/9Y9j48/ONAFavf80s/y55SudZyBsjowtnZLIeJ4bM6nCN5DMAljH5U3O\nPFjSFKlbPxQgIcP9wLbQTV6b47tNK8c9jPg+U4jK2xtncJ2ijxSXAgMBAAEwDQYJ\nKoZIhvcNAQELBQADggEBACVVWGcirfBhkDwIuNELh1rzKPmhxwhx9hAsYz2B2FDn\n7q82c85hXLfFSZ/9I3bzotVDh4YucCV+vxUXQcYt5tEDbg96uHNzRzXQUTdJSNIe\nbQ5Yn86ELLrzaXAD3+t6ztj8Z9dIVfG7LrAOg3UX5GjfEUrjNfZaiiUcBqLKibJ5\nOqOJcPlbjKZ1kOqrCqlOugcQrZPgpzHkwssUR7v0VtHBHWnzjDTGaMXmvy1LsULA\n3N35SDGFI/Zpw56R4z95UwpmDYg3IKwAGY8XL/oMqTORWyYDUpy1dpcAln5HcZK3\nthju6KdIwCwmthk1iIUAri6avIrh7Mg2SHFho/4p5mA=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIDQzCCAi0CEO7lWBUwDEEclty6iX7gCMcwCwYJKoZIhvcNAQELMGIxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTEPMA0GA1UECgwGQWthbWFpMQ4wDAYDVQQLDAVX\nZWJFeDElMCMGA1UEAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTAeFw0x\nNzA1MTgyMTEwMTFaFw0yMjA1MTgyMTEwMTFaMGIxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIDAJNQTEPMA0GA1UECgwGQWthbWFpMQ4wDAYDVQQLDAVXZWJFeDElMCMGA1UE\nAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAJCbd5QpPJr0I48G4VE0JF5N719Wsspc8lEEgf2oM4BL\n6pAyxU6hm8YzSfCx/NBpU2MYMa96FDoYWUVfj4iilpV4IpLdsDtXjMJ2fnVXP4iI\n9n5EhF3oKGx2bAgBKpXIWXwPo3fqg/MGsdwIgrYyab3xJuwHP3V/2MSxzcHpxQrU\nE8jaemBXv6v0oTx50Ph0zJP+wYwvaDf+KVFzM3E42Ww9VLuP3lt5RAtasNctqlRr\nSlpH3RrZ0Gkpmz6xGr2LvLw12nkTylws/bafCSFAs7+x2ip6pP3yEaYxKdMpeOIE\nWaVU1RsJiWVYgq+b6gc9wrRpfZLyJYdAa50DuEv8jm0CAwEAATALBgkqhkiG9w0B\nAQsDggEBAFbv9+6pQBXDiFOxoYmu1/xiI1/mSGqooJtzNZjoni6HsruGxSqRbbKa\n3GdaPVInZwWY7p8T1RM8+YDTrRrjbfRuRPqdgUBv8iDbcldJNXsqD1CylxLi0lul\ndnHgQD9TmcrTs3ELeT277PE2f8AX3YjhYK8IIGBmDomc1KRTka3nZtexIwfiEQJr\nRzsFL+1vwPoSJFKb1NzeOGikkPNmipQvYKGY9A/q2XeqrEWKGHizPwvcIu7EC8wL\nRooQ3ztqAV3Wul5dI5+AEE8WQzUyzCq7BEgOgNaX403g8An5QueSjhogbYdRd3BM\n+OWJc8qePy3KgqY44s3kbrPR6sJuAIQ=\n-----END CERTIFICATE-----"
    }
}
  1. Run the List Enrollments operation and select the appropriate Enrollment object from the enrollments array.

  2. Specify an Accept header versioned up to application/vnd.akamai.cps.deployments.v3+json.

  3. Using the Enrollment location hypermedia URL, make a GET request to location/deployments.

  4. The response provides an object with each Deployment available within top-level staging and production members.

Get staging deployments

Gets the enrollments deployed on the staging network.

GET /cps/v2/enrollments/{enrollmentId}/deployments/staging

Sample: /cps/v2/enrollments/10000/deployments/staging

Headers:

Accept: application/vnd.akamai.cps.deployment.v3+json
Parameter Type Sample Description
URL parameters
enrollmentId Integer 10000 Enrollment on which to perform the desired operation.

Status 200 application/vnd.akamai.cps.deployment.v3+json

Headers:

Content-Type: application/vnd.akamai.cps.deployment.v3+json

Response Body:

{
    "networkConfiguration": {
        "preferredCiphers": "ak-akamai-default",
        "sni": {
            "cloneDnsNames": true,
            "dnsNames": [
                "san2.example.com",
                "san1.example.com"
            ]
        },
        "mustHaveCiphers": "ak-akamai-default2016q3",
        "disallowedTlsVersions": [],
        "secureNetwork": "enhanced-tls",
        "geography": "standard-worldwide"
    },
    "signatureAlgorithm": "SHA-256",
    "certificate": "-----BEGIN CERTIFICATE-----\nMIID2DCCAsCgAwIBAgIQ661To2+zTDiFLyyARAaFXTANBgkqhkiG9w0BAQsFADBn\nMSowKAYDVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0xDjAM\nBgNVBAsMBVdlYkV4MQ8wDQYDVQQKDAZBa2FtYWkxCzAJBgNVBAgMAk1BMQswCQYD\nVQQGEwJVUzAeFw0xNzA1MTgyMTEwMTFaFw0xODA1MTkyMTEwMTFaMG0xHDAaBgNV\nBAMME3d3dy5jcHMtZXhhbXBsZS5jb20xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsM\nBVdlYkV4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQeIJ2yfOC8P\nYQp6NjiCYSCkuS0z9a61v+k+KTDYQKIa8jDkwP0OITzvTnjMHuUd8JbSz5jNb22Z\nWxH/1F2p71rlSdBReBkZGLMLcQZPt5ju7ea7ZPz+MOWrwuc6YUafRMQk3qMeo3Sz\nIZQbmLKXkZeYriqy9s9yHJSUnWX1jOa51w6YM/Xar/2pZp2pyguaCNVGp7AAo38R\nAepaGcFwyjJse6dc+7dHOvDnjQ+Cg2lO8DSc12sFLllOhdOULldZRWbtfTLs9uet\niR8ZVpHJ1TtzEz3X9RqBBCvnqykQvMmiQKOkfYEd6LN4Tk6/HJw2/MZhIgAEXtUU\ndQMnD6OMcwIDAQABo3oweDB2BgNVHREEbzBtghRzYW4xLmNwcy1leGFtcGxlLmNv\nbYIUc2FuMi5jcHMtZXhhbXBsZS5jb22CFHNhbjMuY3BzLWV4YW1wbGUuY29tghRz\nYW40LmNwcy1leGFtcGxlLmNvbYITd3d3LmNwcy1leGFtcGxlLmNvbTANBgkqhkiG\n9w0BAQsFAAOCAQEAm9krrTxqDwUaO8J7P7CcrHfwXeWiDG3d9uHqCvHRGrcs46pI\ny8umThgOEba0QHi6CwM6O0+chcHsn6qf+uVKg2u1SKlE6qMIJ1Ppc8MJky1xo0M5\ncrtRpSXjaoF9S2zZZK1lwOJoK93BtC/lNfRc682TxlQ58jtBI6qnmLXUhF8Yo67v\n0UfHiBIv1pZFPIdk90/48vjWM54haNxm/PhxNb6AdzawR4zImUhMKsISP7uOTURQ\nfFfeNgMvHyI8Id1VPLN+e2y4FtnTVdW2e+PTBvOJ1M+YoFU7M04/2SmKJHqnHljh\nVQBpto9JgDmt0yqsdFdLrZlpsIQwpLqdgKZlSw==\n-----END CERTIFICATE-----",
    "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDTDCCAjQCEB1FmMGD0kjutSE218ho23wwDQYJKoZIhvcNAQELBQAwYjElMCMG\nA1UEAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTEOMAwGA1UECwwFV2Vi\nRXgxDzANBgNVBAoMBkFrYW1haTELMAkGA1UECAwCTUExCzAJBgNVBAYTAlVTMB4X\nDTE3MDUxODIxMTAxMVoXDTE4MDUxOTIxMTAxMVowZzELMAkGA1UEBhMCVVMxCzAJ\nBgNVBAgMAk1BMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsMBVdlYkV4MSowKAYD\nVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0wggEiMA0GCSqG\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyxuHi0zL03f+3ZTKLV1lMHvS2LkUwCKEd\nApJw/v+yPPBTuamvikHQ8L5QM1p7BevavdeBMUAoGGXXQkrRtotCkL4S6N9cgH47\n+cUeXCT0D2BaOkR15N7qDVtkYeAtC7eKUI7+j99iZXAFr8Nel9wqNn/9804HyF+F\nZ/YS5oPBuJVGcTQhd8bmUx5wBgr3n6EhqvOHEEAa5whb5PoP/hFi0xO0SFG/LA/+\nK2NMvaE/9Y9j48/ONAFavf80s/y55SudZyBsjowtnZLIeJ4bM6nCN5DMAljH5U3O\nPFjSFKlbPxQgIcP9wLbQTV6b47tNK8c9jPg+U4jK2xtncJ2ijxSXAgMBAAEwDQYJ\nKoZIhvcNAQELBQADggEBACVVWGcirfBhkDwIuNELh1rzKPmhxwhx9hAsYz2B2FDn\n7q82c85hXLfFSZ/9I3bzotVDh4YucCV+vxUXQcYt5tEDbg96uHNzRzXQUTdJSNIe\nbQ5Yn86ELLrzaXAD3+t6ztj8Z9dIVfG7LrAOg3UX5GjfEUrjNfZaiiUcBqLKibJ5\nOqOJcPlbjKZ1kOqrCqlOugcQrZPgpzHkwssUR7v0VtHBHWnzjDTGaMXmvy1LsULA\n3N35SDGFI/Zpw56R4z95UwpmDYg3IKwAGY8XL/oMqTORWyYDUpy1dpcAln5HcZK3\nthju6KdIwCwmthk1iIUAri6avIrh7Mg2SHFho/4p5mA=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIDQzCCAi0CEO7lWBUwDEEclty6iX7gCMcwCwYJKoZIhvcNAQELMGIxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTEPMA0GA1UECgwGQWthbWFpMQ4wDAYDVQQLDAVX\nZWJFeDElMCMGA1UEAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTAeFw0x\nNzA1MTgyMTEwMTFaFw0yMjA1MTgyMTEwMTFaMGIxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIDAJNQTEPMA0GA1UECgwGQWthbWFpMQ4wDAYDVQQLDAVXZWJFeDElMCMGA1UE\nAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAJCbd5QpPJr0I48G4VE0JF5N719Wsspc8lEEgf2oM4BL\n6pAyxU6hm8YzSfCx/NBpU2MYMa96FDoYWUVfj4iilpV4IpLdsDtXjMJ2fnVXP4iI\n9n5EhF3oKGx2bAgBKpXIWXwPo3fqg/MGsdwIgrYyab3xJuwHP3V/2MSxzcHpxQrU\nE8jaemBXv6v0oTx50Ph0zJP+wYwvaDf+KVFzM3E42Ww9VLuP3lt5RAtasNctqlRr\nSlpH3RrZ0Gkpmz6xGr2LvLw12nkTylws/bafCSFAs7+x2ip6pP3yEaYxKdMpeOIE\nWaVU1RsJiWVYgq+b6gc9wrRpfZLyJYdAa50DuEv8jm0CAwEAATALBgkqhkiG9w0B\nAQsDggEBAFbv9+6pQBXDiFOxoYmu1/xiI1/mSGqooJtzNZjoni6HsruGxSqRbbKa\n3GdaPVInZwWY7p8T1RM8+YDTrRrjbfRuRPqdgUBv8iDbcldJNXsqD1CylxLi0lul\ndnHgQD9TmcrTs3ELeT277PE2f8AX3YjhYK8IIGBmDomc1KRTka3nZtexIwfiEQJr\nRzsFL+1vwPoSJFKb1NzeOGikkPNmipQvYKGY9A/q2XeqrEWKGHizPwvcIu7EC8wL\nRooQ3ztqAV3Wul5dI5+AEE8WQzUyzCq7BEgOgNaX403g8An5QueSjhogbYdRd3BM\n+OWJc8qePy3KgqY44s3kbrPR6sJuAIQ=\n-----END CERTIFICATE-----"
}
  1. Run the List Enrollments operation and select the appropriate Enrollment object from the enrollments array.

  2. Specify an Accept header versioned up to application/vnd.akamai.cps.deployments.v3+json.

  3. Using the Enrollment location hypermedia URL, make a GET request to location/deployments/staging.

  4. The response provides a Deployment object.

Get production deployment

Gets the enrollments deployed on the production network.

GET /cps/v2/enrollments/{enrollmentId}/deployments/production

Sample: /cps/v2/enrollments/10000/deployments/production

Headers:

Accept: application/vnd.akamai.cps.deployment.v3+json
Parameter Type Sample Description
URL parameters
enrollmentId Integer 10000 Enrollment on which to perform the desired operation.

Status 200 application/vnd.akamai.cps.deployment.v3+json

Headers:

Content-Type: application/vnd.akamai.cps.deployment.v3+json

Response Body:

{
    "networkConfiguration": {
        "preferredCiphers": "ak-akamai-default",
        "sni": {
            "cloneDnsNames": true,
            "dnsNames": [
                "san2.example.com",
                "san1.example.com"
            ]
        },
        "mustHaveCiphers": "ak-akamai-default2016q3",
        "disallowedTlsVersions": [],
        "secureNetwork": "enhanced-tls",
        "geography": "standard-worldwide"
    },
    "signatureAlgorithm": "SHA-256",
    "certificate": "-----BEGIN CERTIFICATE-----\nMIID2DCCAsCgAwIBAgIQ661To2+zTDiFLyyARAaFXTANBgkqhkiG9w0BAQsFADBn\nMSowKAYDVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0xDjAM\nBgNVBAsMBVdlYkV4MQ8wDQYDVQQKDAZBa2FtYWkxCzAJBgNVBAgMAk1BMQswCQYD\nVQQGEwJVUzAeFw0xNzA1MTgyMTEwMTFaFw0xODA1MTkyMTEwMTFaMG0xHDAaBgNV\nBAMME3d3dy5jcHMtZXhhbXBsZS5jb20xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsM\nBVdlYkV4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQeIJ2yfOC8P\nYQp6NjiCYSCkuS0z9a61v+k+KTDYQKIa8jDkwP0OITzvTnjMHuUd8JbSz5jNb22Z\nWxH/1F2p71rlSdBReBkZGLMLcQZPt5ju7ea7ZPz+MOWrwuc6YUafRMQk3qMeo3Sz\nIZQbmLKXkZeYriqy9s9yHJSUnWX1jOa51w6YM/Xar/2pZp2pyguaCNVGp7AAo38R\nAepaGcFwyjJse6dc+7dHOvDnjQ+Cg2lO8DSc12sFLllOhdOULldZRWbtfTLs9uet\niR8ZVpHJ1TtzEz3X9RqBBCvnqykQvMmiQKOkfYEd6LN4Tk6/HJw2/MZhIgAEXtUU\ndQMnD6OMcwIDAQABo3oweDB2BgNVHREEbzBtghRzYW4xLmNwcy1leGFtcGxlLmNv\nbYIUc2FuMi5jcHMtZXhhbXBsZS5jb22CFHNhbjMuY3BzLWV4YW1wbGUuY29tghRz\nYW40LmNwcy1leGFtcGxlLmNvbYITd3d3LmNwcy1leGFtcGxlLmNvbTANBgkqhkiG\n9w0BAQsFAAOCAQEAm9krrTxqDwUaO8J7P7CcrHfwXeWiDG3d9uHqCvHRGrcs46pI\ny8umThgOEba0QHi6CwM6O0+chcHsn6qf+uVKg2u1SKlE6qMIJ1Ppc8MJky1xo0M5\ncrtRpSXjaoF9S2zZZK1lwOJoK93BtC/lNfRc682TxlQ58jtBI6qnmLXUhF8Yo67v\n0UfHiBIv1pZFPIdk90/48vjWM54haNxm/PhxNb6AdzawR4zImUhMKsISP7uOTURQ\nfFfeNgMvHyI8Id1VPLN+e2y4FtnTVdW2e+PTBvOJ1M+YoFU7M04/2SmKJHqnHljh\nVQBpto9JgDmt0yqsdFdLrZlpsIQwpLqdgKZlSw==\n-----END CERTIFICATE-----",
    "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDTDCCAjQCEB1FmMGD0kjutSE218ho23wwDQYJKoZIhvcNAQELBQAwYjElMCMG\nA1UEAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTEOMAwGA1UECwwFV2Vi\nRXgxDzANBgNVBAoMBkFrYW1haTELMAkGA1UECAwCTUExCzAJBgNVBAYTAlVTMB4X\nDTE3MDUxODIxMTAxMVoXDTE4MDUxOTIxMTAxMVowZzELMAkGA1UEBhMCVVMxCzAJ\nBgNVBAgMAk1BMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsMBVdlYkV4MSowKAYD\nVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0wggEiMA0GCSqG\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyxuHi0zL03f+3ZTKLV1lMHvS2LkUwCKEd\nApJw/v+yPPBTuamvikHQ8L5QM1p7BevavdeBMUAoGGXXQkrRtotCkL4S6N9cgH47\n+cUeXCT0D2BaOkR15N7qDVtkYeAtC7eKUI7+j99iZXAFr8Nel9wqNn/9804HyF+F\nZ/YS5oPBuJVGcTQhd8bmUx5wBgr3n6EhqvOHEEAa5whb5PoP/hFi0xO0SFG/LA/+\nK2NMvaE/9Y9j48/ONAFavf80s/y55SudZyBsjowtnZLIeJ4bM6nCN5DMAljH5U3O\nPFjSFKlbPxQgIcP9wLbQTV6b47tNK8c9jPg+U4jK2xtncJ2ijxSXAgMBAAEwDQYJ\nKoZIhvcNAQELBQADggEBACVVWGcirfBhkDwIuNELh1rzKPmhxwhx9hAsYz2B2FDn\n7q82c85hXLfFSZ/9I3bzotVDh4YucCV+vxUXQcYt5tEDbg96uHNzRzXQUTdJSNIe\nbQ5Yn86ELLrzaXAD3+t6ztj8Z9dIVfG7LrAOg3UX5GjfEUrjNfZaiiUcBqLKibJ5\nOqOJcPlbjKZ1kOqrCqlOugcQrZPgpzHkwssUR7v0VtHBHWnzjDTGaMXmvy1LsULA\n3N35SDGFI/Zpw56R4z95UwpmDYg3IKwAGY8XL/oMqTORWyYDUpy1dpcAln5HcZK3\nthju6KdIwCwmthk1iIUAri6avIrh7Mg2SHFho/4p5mA=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIDQzCCAi0CEO7lWBUwDEEclty6iX7gCMcwCwYJKoZIhvcNAQELMGIxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTEPMA0GA1UECgwGQWthbWFpMQ4wDAYDVQQLDAVX\nZWJFeDElMCMGA1UEAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTAeFw0x\nNzA1MTgyMTEwMTFaFw0yMjA1MTgyMTEwMTFaMGIxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIDAJNQTEPMA0GA1UECgwGQWthbWFpMQ4wDAYDVQQLDAVXZWJFeDElMCMGA1UE\nAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAJCbd5QpPJr0I48G4VE0JF5N719Wsspc8lEEgf2oM4BL\n6pAyxU6hm8YzSfCx/NBpU2MYMa96FDoYWUVfj4iilpV4IpLdsDtXjMJ2fnVXP4iI\n9n5EhF3oKGx2bAgBKpXIWXwPo3fqg/MGsdwIgrYyab3xJuwHP3V/2MSxzcHpxQrU\nE8jaemBXv6v0oTx50Ph0zJP+wYwvaDf+KVFzM3E42Ww9VLuP3lt5RAtasNctqlRr\nSlpH3RrZ0Gkpmz6xGr2LvLw12nkTylws/bafCSFAs7+x2ip6pP3yEaYxKdMpeOIE\nWaVU1RsJiWVYgq+b6gc9wrRpfZLyJYdAa50DuEv8jm0CAwEAATALBgkqhkiG9w0B\nAQsDggEBAFbv9+6pQBXDiFOxoYmu1/xiI1/mSGqooJtzNZjoni6HsruGxSqRbbKa\n3GdaPVInZwWY7p8T1RM8+YDTrRrjbfRuRPqdgUBv8iDbcldJNXsqD1CylxLi0lul\ndnHgQD9TmcrTs3ELeT277PE2f8AX3YjhYK8IIGBmDomc1KRTka3nZtexIwfiEQJr\nRzsFL+1vwPoSJFKb1NzeOGikkPNmipQvYKGY9A/q2XeqrEWKGHizPwvcIu7EC8wL\nRooQ3ztqAV3Wul5dI5+AEE8WQzUyzCq7BEgOgNaX403g8An5QueSjhogbYdRd3BM\n+OWJc8qePy3KgqY44s3kbrPR6sJuAIQ=\n-----END CERTIFICATE-----"
}
  1. Run the List Enrollments operation and select the appropriate Enrollment object from the enrollments array.

  2. Specify an Accept header versioned up to application/vnd.akamai.cps.deployments.v3+json.

  3. Using the Enrollment location hypermedia URL, make a GET request to location/deployments/production.

  4. The response provides a Deployment object.

Data

This section details the most recent version of the CPS API’s various data objects.

Download the JSON schemas for this API.

The data schema tables below list membership requirements as follows:

Member is required to be present, regardless of whether its value is empty or null.
Member is optional, and may be omitted in some cases.
Member is out of scope, and irrelevant to the specified interaction context. If you include the member in that context, it’s either ignored, or causes an error.

Acknowledgement

Encapsulates information needed to acknowledge an enrollment change.

Download schema: acknowledgement.v1.json

Sample v1 object:

{
    "acknowledgement": "acknowledge"
}

Acknowledgement members

Member Type Required Description
acknowledgement Enumeration The state for which this Acknowledgement is submitted, either acknowledge, deny.

AcknowledgementWithHash

Encapsulates information needed to acknowledge an enrollment change.

Download schema: acknowledgement-with-hash.v1.json

Sample v1 object:

{
    "acknowledgement": "acknowledge",
    "hash": "24fb6fb91d290370c13a39e76afc1b26"
}

AcknowledgementWithHash members

Member Type Required Description
acknowledgement Enumeration The state for which this Acknowledgement is submitted, either acknowledge, deny.
hash String A hash is the state that this request acknowledges. You use this when you want to be explicit about what state you’re acknowledging in order to prevent race conditions, such as when the state changes while the acknowledgement POST operation is in progress.

Certificate

A digital certificate contains an electronic document that includes a company’s identification information (such as the name of the company and address), a public key, and the digital signature of a certification authority (CA) based on that certification authority’s private key. Digital certificates are verified using a chain of trust, which is a certificate hierarchy that allows individuals to verify the validity of a certificate’s issuer.

Download schema: certificate-and-trust-chain.v1.json

Sample v1 object:

{
    "certificate": "-----BEGIN CERTIFICATE-----\nMIID2DCCAsCgAwIBAgIQ661To2+zTDiFLyyARAaFXTANBgkqhkiG9w0BAQsFADBn\nMSowKAYDVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0xDjAM\nBgNVBAsMBVdlYkV4MQ8wDQYDVQQKDAZBa2FtYWkxCzAJBgNVBAgMAk1BMQswCQYD\nVQQGEwJVUzAeFw0xNzA1MTgyMTEwMTFaFw0xODA1MTkyMTEwMTFaMG0xHDAaBgNV\nBAMME3d3dy5jcHMtZXhhbXBsZS5jb20xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsM\nBVdlYkV4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQeIJ2yfOC8P\nYQp6NjiCYSCkuS0z9a61v+k+KTDYQKIa8jDkwP0OITzvTnjMHuUd8JbSz5jNb22Z\nWxH/1F2p71rlSdBReBkZGLMLcQZPt5ju7ea7ZPz+MOWrwuc6YUafRMQk3qMeo3Sz\nIZQbmLKXkZeYriqy9s9yHJSUnWX1jOa51w6YM/Xar/2pZp2pyguaCNVGp7AAo38R\nAepaGcFwyjJse6dc+7dHOvDnjQ+Cg2lO8DSc12sFLllOhdOULldZRWbtfTLs9uet\niR8ZVpHJ1TtzEz3X9RqBBCvnqykQvMmiQKOkfYEd6LN4Tk6/HJw2/MZhIgAEXtUU\ndQMnD6OMcwIDAQABo3oweDB2BgNVHREEbzBtghRzYW4xLmNwcy1leGFtcGxlLmNv\nbYIUc2FuMi5jcHMtZXhhbXBsZS5jb22CFHNhbjMuY3BzLWV4YW1wbGUuY29tghRz\nYW40LmNwcy1leGFtcGxlLmNvbYITd3d3LmNwcy1leGFtcGxlLmNvbTANBgkqhkiG\n9w0BAQsFAAOCAQEAm9krrTxqDwUaO8J7P7CcrHfwXeWiDG3d9uHqCvHRGrcs46pI\ny8umThgOEba0QHi6CwM6O0+chcHsn6qf+uVKg2u1SKlE6qMIJ1Ppc8MJky1xo0M5\ncrtRpSXjaoF9S2zZZK1lwOJoK93BtC/lNfRc682TxlQ58jtBI6qnmLXUhF8Yo67v\n0UfHiBIv1pZFPIdk90/48vjWM54haNxm/PhxNb6AdzawR4zImUhMKsISP7uOTURQ\nfFfeNgMvHyI8Id1VPLN+e2y4FtnTVdW2e+PTBvOJ1M+YoFU7M04/2SmKJHqnHljh\nVQBpto9JgDmt0yqsdFdLrZlpsIQwpLqdgKZlSw==\n-----END CERTIFICATE-----",
    "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDTDCCAjQCEB1FmMGD0kjutSE218ho23wwDQYJKoZIhvcNAQELBQAwYjElMCMG\nA1UEAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTEOMAwGA1UECwwFV2Vi\nRXgxDzANBgNVBAoMBkFrYW1haTELMAkGA1UECAwCTUExCzAJBgNVBAYTAlVTMB4X\nDTE3MDUxODIxMTAxMVoXDTE4MDUxOTIxMTAxMVowZzELMAkGA1UEBhMCVVMxCzAJ\nBgNVBAgMAk1BMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsMBVdlYkV4MSowKAYD\nVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0wggEiMA0GCSqG\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyxuHi0zL03f+3ZTKLV1lMHvS2LkUwCKEd\nApJw/v+yPPBTuamvikHQ8L5QM1p7BevavdeBMUAoGGXXQkrRtotCkL4S6N9cgH47\n+cUeXCT0D2BaOkR15N7qDVtkYeAtC7eKUI7+j99iZXAFr8Nel9wqNn/9804HyF+F\nZ/YS5oPBuJVGcTQhd8bmUx5wBgr3n6EhqvOHEEAa5whb5PoP/hFi0xO0SFG/LA/+\nK2NMvaE/9Y9j48/ONAFavf80s/y55SudZyBsjowtnZLIeJ4bM6nCN5DMAljH5U3O\nPFjSFKlbPxQgIcP9wLbQTV6b47tNK8c9jPg+U4jK2xtncJ2ijxSXAgMBAAEwDQYJ\nKoZIhvcNAQELBQADggEBACVVWGcirfBhkDwIuNELh1rzKPmhxwhx9hAsYz2B2FDn\n7q82c85hXLfFSZ/9I3bzotVDh4YucCV+vxUXQcYt5tEDbg96uHNzRzXQUTdJSNIe\nbQ5Yn86ELLrzaXAD3+t6ztj8Z9dIVfG7LrAOg3UX5GjfEUrjNfZaiiUcBqLKibJ5\nOqOJcPlbjKZ1kOqrCqlOugcQrZPgpzHkwssUR7v0VtHBHWnzjDTGaMXmvy1LsULA\n3N35SDGFI/Zpw56R4z95UwpmDYg3IKwAGY8XL/oMqTORWyYDUpy1dpcAln5HcZK3\nthju6KdIwCwmthk1iIUAri6avIrh7Mg2SHFho/4p5mA=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIDQzCCAi0CEO7lWBUwDEEclty6iX7gCMcwCwYJKoZIhvcNAQELMGIxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTEPMA0GA1UECgwGQWthbWFpMQ4wDAYDVQQLDAVX\nZWJFeDElMCMGA1UEAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTAeFw0x\nNzA1MTgyMTEwMTFaFw0yMjA1MTgyMTEwMTFaMGIxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIDAJNQTEPMA0GA1UECgwGQWthbWFpMQ4wDAYDVQQLDAVXZWJFeDElMCMGA1UE\nAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAJCbd5QpPJr0I48G4VE0JF5N719Wsspc8lEEgf2oM4BL\n6pAyxU6hm8YzSfCx/NBpU2MYMa96FDoYWUVfj4iilpV4IpLdsDtXjMJ2fnVXP4iI\n9n5EhF3oKGx2bAgBKpXIWXwPo3fqg/MGsdwIgrYyab3xJuwHP3V/2MSxzcHpxQrU\nE8jaemBXv6v0oTx50Ph0zJP+wYwvaDf+KVFzM3E42Ww9VLuP3lt5RAtasNctqlRr\nSlpH3RrZ0Gkpmz6xGr2LvLw12nkTylws/bafCSFAs7+x2ip6pP3yEaYxKdMpeOIE\nWaVU1RsJiWVYgq+b6gc9wrRpfZLyJYdAa50DuEv8jm0CAwEAATALBgkqhkiG9w0B\nAQsDggEBAFbv9+6pQBXDiFOxoYmu1/xiI1/mSGqooJtzNZjoni6HsruGxSqRbbKa\n3GdaPVInZwWY7p8T1RM8+YDTrRrjbfRuRPqdgUBv8iDbcldJNXsqD1CylxLi0lul\ndnHgQD9TmcrTs3ELeT277PE2f8AX3YjhYK8IIGBmDomc1KRTka3nZtexIwfiEQJr\nRzsFL+1vwPoSJFKb1NzeOGikkPNmipQvYKGY9A/q2XeqrEWKGHizPwvcIu7EC8wL\nRooQ3ztqAV3Wul5dI5+AEE8WQzUyzCq7BEgOgNaX403g8An5QueSjhogbYdRd3BM\n+OWJc8qePy3KgqY44s3kbrPR6sJuAIQ=\n-----END CERTIFICATE-----"
}

Certificate members

Member Type Required Description
certificate String The certificate text.
trustChain String, Null The trust chain text. You may have no trust chains or multiple trust chains.

Change

Any change that you want to make to the network deployment of an enrollment.

Download schema: change.v1.json

Sample v1 object:

{
    "statusInfo": {
        "status": "wait-upload-third-party",
        "state": "awaiting-input",
        "description": "Waiting for you to upload and submit your third party certificate and trust chain.",
        "deploymentSchedule": {
            "notBefore": null,
            "notAfter": null
        },
        "error": null
    },
    "allowedInput": [
        {
            "type": "third-party-certificate",
            "requiredToProceed": true,
            "info": "/cps/v2/enrollments/10002/changes/10002/input/info/third-party-csr",
            "update": "/cps/v2/enrollments/10002/changes/10002/input/update/third-party-cert-and-trust-chain"
        }
    ]
}

Change members

Member Type Required Description
allowedInput Change.allowedInput[] The resource locations (path) of data inputs allowed by this change. These could be required or optional for this change to proceed.
statusInfo Change.statusInfo The status for this Change at this time.

Change.allowedInput[]  

The resource locations (path) of data inputs allowed by this change. These could be required or optional for this change to proceed.

Member Type Required Description
info String The resource location for the description of the allowed input.
requiredToProceed Boolean If true, this input is required for the Change to proceed.
type String The type input. For more information see the Overview.
update String The resource location that you can use to make a call for this input.

Change.statusInfo  

The status for this Change at this time.

Member Type Required Description
deploymentSchedule Change.statusInfo.deploymentSchedule The schedule for when you want this change deploy.
description String A description of the current status of the change.
error Change.statusInfo.error, Null Error information for this change.
state String The current sub-state of the change. It represents detailed information regarding to the status of the change, such is if the change is in progress, in error state, awaiting user input, and so on.
status String The general status of the change. This is a high level of description of the status for the change.

Change.statusInfo.deploymentSchedule  

The schedule for when you want this change deploy.

Member Type Required Description
notAfter String, Null Do not deploy the certificate after this date.
notBefore String, Null Do not deploy the certifiacte before this date.

Change.statusInfo.error  

Error information for this change.

Member Type Required Description
code String The unique identifier code for this error.
description String The detailed description for this error.
timestamp String The timestamp of the occurrence for this error.

ChangeManagement

After you create an enrollment, you can have CPS halt deployment when the certificate becomes available, so that you can test and view the certificate on a staging server prior to deployment in the production network. If you do not want CPS to automatically deploy the certificate to the production network after it receives the signed certificate from the CA, you can turn change management on for the enrollment. This stops CPS from deploying the certificate to the network until you acknowledge that you are ready to deploy the certificate.

Download schema: change-management-info.v1.json, change-management-info.v2.json

Sample v2 object:

{
    "acknowledgementDeadline": null,
    "pendingState": {
        "pendingCertificate": {
            "certificateType": "third-party",
            "signatureAlgorithm": "SHA-256",
            "fullCertificate": "-----BEGIN CERTIFICATE-----\nMIID2DCCAsCgAwIBAgIQ661To2+zTDiFLyyARAaFXTANBgkqhkiG9w0BAQsFADBn\nMSowKAYDVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0xDjAM\nBgNVBAsMBVdlYkV4MQ8wDQYDVQQKDAZBa2FtYWkxCzAJBgNVBAgMAk1BMQswCQYD\nVQQGEwJVUzAeFw0xNzA1MTgyMTEwMTFaFw0xODA1MTkyMTEwMTFaMG0xHDAaBgNV\nBAMME3d3dy5jcHMtZXhhbXBsZS5jb20xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsM\nBVdlYkV4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQeIJ2yfOC8P\nYQp6NjiCYSCkuS0z9a61v+k+KTDYQKIa8jDkwP0OITzvTnjMHuUd8JbSz5jNb22Z\nWxH/1F2p71rlSdBReBkZGLMLcQZPt5ju7ea7ZPz+MOWrwuc6YUafRMQk3qMeo3Sz\nIZQbmLKXkZeYriqy9s9yHJSUnWX1jOa51w6YM/Xar/2pZp2pyguaCNVGp7AAo38R\nAepaGcFwyjJse6dc+7dHOvDnjQ+Cg2lO8DSc12sFLllOhdOULldZRWbtfTLs9uet\niR8ZVpHJ1TtzEz3X9RqBBCvnqykQvMmiQKOkfYEd6LN4Tk6/HJw2/MZhIgAEXtUU\ndQMnD6OMcwIDAQABo3oweDB2BgNVHREEbzBtghRzYW4xLmNwcy1leGFtcGxlLmNv\nbYIUc2FuMi5jcHMtZXhhbXBsZS5jb22CFHNhbjMuY3BzLWV4YW1wbGUuY29tghRz\nYW40LmNwcy1leGFtcGxlLmNvbYITd3d3LmNwcy1leGFtcGxlLmNvbTANBgkqhkiG\n9w0BAQsFAAOCAQEAm9krrTxqDwUaO8J7P7CcrHfwXeWiDG3d9uHqCvHRGrcs46pI\ny8umThgOEba0QHi6CwM6O0+chcHsn6qf+uVKg2u1SKlE6qMIJ1Ppc8MJky1xo0M5\ncrtRpSXjaoF9S2zZZK1lwOJoK93BtC/lNfRc682TxlQ58jtBI6qnmLXUhF8Yo67v\n0UfHiBIv1pZFPIdk90/48vjWM54haNxm/PhxNb6AdzawR4zImUhMKsISP7uOTURQ\nfFfeNgMvHyI8Id1VPLN+e2y4FtnTVdW2e+PTBvOJ1M+YoFU7M04/2SmKJHqnHljh\nVQBpto9JgDmt0yqsdFdLrZlpsIQwpLqdgKZlSw==\n-----END CERTIFICATE-----"
        },
        "pendingNetworkConfiguration": {
            "networkType": null,
            "mustHaveCiphers": "ak-akamai-default2016q3",
            "preferredCiphers": "ak-akamai-default",
            "disallowedTlsVersions": [
                "TLSv1_2"
            ],
            "sni": null
        }
    },
    "validationResult": null,
    "validationResult": {
        "warnings": [
            {
                "messageCode": "no-code",
                "message": "[SAN name [san9.example.com] removed from certificate is still live on the network., SAN name [san8.example.com] removed from certificate is still live on the network.]"
            }
        ],
        "errors": null
    },
    "validationResultHash": "da39a3ee5e6b4b0d3255bfef95601890afd80709"
}

ChangeManagement members

Member Type v1 v2 Description
acknowledgementDeadline String, Null The timestamp of the deadline for the user to acknowledge the change management validation result, before CPS automatically proceeds with attempting to deploy the pending state to the live network. The format of the timestamp is ISO–8601. This field is only populated when there’s an existing certificate on network for the current enrollment, it’s null otherwise.
pendingState ChangeManagement.pendingState The snapshot of the pending state for the enrollment when this change takes effect.
validationResult ChangeManagement.validationResult, Null The hash of validationResult. It always has a value, even when validationResult is null. The hash result of the validation result as of the time of the most recent validation check. It is used in the change-management-ack API call to further specify the state of the change that is being acknowledged. We recommend you use the change-management-info API call, review the validationResult with its hash, and then acknowledge change-management using the same hash retrieved when running the Change Management Acknowledgement operation.
validationResultHash String The hash of validationResult.

ChangeManagement.pendingState  

The snapshot of the pending state for the enrollment when this change takes effect.

Member Type v1 v2 Description
pendingCertificate ChangeManagement.pendingState.pendingCertificate, Null The snapshot of the pending certificate for the enrollment when this change takes effect.
pendingNetworkConfiguration ChangeManagement.pendingState.pendingNetworkConfiguration The snapshot of the pending network configuration for the enrollment when this change takes effect.

ChangeManagement.pendingState.pendingCertificate  

The snapshot of the pending certificate for the enrollment when this change takes effect.

Member Type v1 v2 Description
certificateType String Either san, single, wildcard, wildcard-san, or third-party.
fullCertificate String Displays the contents of the certificate.
signatureAlgorithm String Displays the signature algorithm.

ChangeManagement.pendingState.pendingNetworkConfiguration  

The snapshot of the pending network configuration for the enrollment when this change takes effect.

Member Type v1 v2 Description
disallowedTlsVersions Array, Null Use Akamai Defaults if not specified, CPS uses the TLS protocols that Akamai currently supports as a best practice. If you specify Enable all TLS versions, CPS allows the use of any TLS protocols, including any future TLS protocols. If you specify Disable Specific TLS Versions, you specify the TLS protocols that you do not want to allow. You can specify TLSv1_0, TLSv1_1, and TLSv1_2. You must specify at least one protocol.
mustHaveCiphers String Ciphers that you definitely want to include for your enrollment while deploying it on the network. Defaults to ak-akamai-default when it is not set.
networkType String, Null Type of the network that you want to deploy your certificate in, either standard-worldwide, worldwide-russia, or worldwide.
preferredCiphers String Ciphers that you preferably want to include for your enrollment while deploying it on the network. Defaults to ak-akamai-default when it is not set.
sni ChangeManagement.pendingState.pendingNetworkConfiguration.sni, Null SNI settings for your enrollment. When set to null, the enrollment becomes NON-SNI. When it is non-null, enrollment is SNI-ONLY. This setting can not be changed once an enrollment is created.

ChangeManagement.pendingState.pendingNetworkConfiguration.sni  

SNI settings for your enrollment. When set to null, the enrollment becomes NON-SNI. When it is non-null, enrollment is SNI-ONLY. This setting can not be changed once an enrollment is created.

Member Type v1 v2 Description
cloneDnsNames Boolean Set to true, if you want CPS to directs traffic using all the SANs listed in the the SANs parameter when you created your enrollment.
dnsNames Array, Null Names served by SNI-only enabled enrollments.

ChangeManagement.validationResult  

The hash of validationResult. It always has a value, even when validationResult is null. The hash result of the validation result as of the time of the most recent validation check. It is used in the change-management-ack API call to further specify the state of the change that is being acknowledged. We recommend you use the change-management-info API call, review the validationResult with its hash, and then acknowledge change-management using the same hash retrieved when running the Change Management Acknowledgement operation.

Member Type v1 v2 Description
errors ChangeManagement.validationResult.errors[] Validation errors of the current job state. Errors prevent a change from proceeding until you resolve them. They are optional and only appear if there are any errors.
warnings ChangeManagement.validationResult.warnings[] Validation warnings of the current job state. Warnings suspend the execution of a change. You can acknowledge or deny warnings. If you acknowledge them, the change proceeds with its operation. They are optional and only appear if there are any warnings.

ChangeManagement.validationResult.errors[]  

Validation errors of the current job state. Errors prevent a change from proceeding until you resolve them. They are optional and only appear if there are any errors.

Member Type v1 v2 Description
message String The description of the message.
messageCode String The unique code of the message.

ChangeManagement.validationResult.warnings[]  

Validation warnings of the current job state. Warnings suspend the execution of a change. You can acknowledge or deny warnings. If you acknowledge them, the change proceeds with its operation. They are optional and only appear if there are any warnings.

Member Type v1 v2 Description
message String The description of the message.
messageCode String The unique code of the message.

CSR

Certificate Signing Request (CSR).

Download schema: csr.v1.json

Sample v1 object:

{
    "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIIDPTCCAiUCAQAwbTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1BMRIwEAYDVQQH\nEwlDYW1icmlkZ2UxDzANBgNVBAoTBkFrYW1haTEOMAwGA1UECxMFV2ViRXgxHDAa\nBgNVBAMTE3d3dy5jcHMtZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB\nDwAwggEKAoIBAQC9B4gnbJ84Lw9hCno2OIJhIKS5LTP1rrW/6T4pMNhAohryMOTA\n/Q4hPO9OeMwe5R3wltLPmM1vbZlbEf/UXanvWuVJ0FF4GRkYswtxBk+3mO7t5rtk\n/P4w5avC5zphRp9ExCTeox6jdLMhlBuYspeRl5iuKrL2z3IclJSdZfWM5rnXDpgz\n9dqv/almnanKC5oI1UansACjfxEB6loZwXDKMmx7p1z7t0c68OeND4KDaU7wNJzX\nawUuWU6F05QuV1lFZu19Muz2562JHxlWkcnVO3MTPdf1GoEEK+erKRC8yaJAo6R9\ngR3os3hOTr8cnDb8xmEiAARe1RR1AycPo4xzAgMBAAGggYowgYcGCSqGSIb3DQEJ\nDjF6MHgwdgYDVR0RBG8wbYIUc2FuMS5jcHMtZXhhbXBsZS5jb22CFHNhbjIuY3Bz\nLWV4YW1wbGUuY29tghRzYW4zLmNwcy1leGFtcGxlLmNvbYIUc2FuNC5jcHMtZXhh\nbXBsZS5jb22CE3d3dy5jcHMtZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEB\nADcmMlTs0MFgiVZFN7GlTy2C4R9hbywRaNSsKZmdTrargt7zrVJH4E9XJ2joBi2v\nrDP4dXuf+lSY5UTMBADVLLySHXRFvmppO+xaT9fyRLbIZ/JfKrlfq/2rZfwg5ET6\nAoHHm/JcbAD12ZPfM52AqEuZbADYnXHBvPIy6iCvmVkRiXmRgKExpl2/0uDfzmEG\nrVkHCkPNsOrcq00OFX9eCPOi7/UPmqI+gaHEJBMV99e0rgLPibwqMTVKwDVCQKdD\n/0iHvFXUYn2w96LxqN8I41aSrEAbJ3kXSN4CywYxzlPqHcDlmZWoShVHQ5mZonkC\nDkjCfMEQRP5YaQcbHMhA9jc=\n-----END CERTIFICATE REQUEST-----"
}

CSR members

Member Type Required Description
csr String, Null String with PEM formatted CSR.

DeploymentSchedule

If you want CPS to automatically deploy your certificate, but you do not want the deployment to occur before a certain date and time, you can set a deploy after date. You can only set a deploy after date and time for the renewal of a certificate or for a certificate that is active on the network. The certificate may not deploy the certificate at the exact time and date you specify, but it will not deploy it before that time and date.

Download schema: deployment-schedule.v1.json

Sample v1 object:

{
    "notBefore": "2017-05-19T16:00:00Z",
    "notAfter": null
}

DeploymentSchedule members

Member Type Required Description
notAfter String, Null The time after when the change will no longer be in effect. This value is an ISO–8601 timestamp.
notBefore String, Null The time that you want change to take effect. If you do not set this, the change occurs immediately, although most changes take some time to take effect even when they are immediately effective. This value is an ISO–8601 timestamp.

Deployment

Deploys your certificate to a network.

Download schema: deployment.v1.json, deployment.v2.json, deployment.v3.json

Sample v3 object:

{
    "networkConfiguration": {
        "geography": "standard-worldwide",
        "secureNetwork": "enhanced-tls",
        "mustHaveCiphers": "ak-akamai-default2016q3",
        "preferredCiphers": "ak-akamai-default",
        "disallowedTlsVersions": [],
        "sni": {
            "cloneDnsNames": true,
            "dnsNames": [
                "san2.example.com",
                "san1.example.com"
            ]
        }
    },
    "signatureAlgorithm": "SHA-256",
    "certificate": "-----BEGIN CERTIFICATE-----\nMIID2DCCAsCgAwIBAgIQ661To2+zTDiFLyyARAaFXTANBgkqhkiG9w0BAQsFADBn\nMSowKAYDVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0xDjAM\nBgNVBAsMBVdlYkV4MQ8wDQYDVQQKDAZBa2FtYWkxCzAJBgNVBAgMAk1BMQswCQYD\nVQQGEwJVUzAeFw0xNzA1MTgyMTEwMTFaFw0xODA1MTkyMTEwMTFaMG0xHDAaBgNV\nBAMME3d3dy5jcHMtZXhhbXBsZS5jb20xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsM\nBVdlYkV4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQeIJ2yfOC8P\nYQp6NjiCYSCkuS0z9a61v+k+KTDYQKIa8jDkwP0OITzvTnjMHuUd8JbSz5jNb22Z\nWxH/1F2p71rlSdBReBkZGLMLcQZPt5ju7ea7ZPz+MOWrwuc6YUafRMQk3qMeo3Sz\nIZQbmLKXkZeYriqy9s9yHJSUnWX1jOa51w6YM/Xar/2pZp2pyguaCNVGp7AAo38R\nAepaGcFwyjJse6dc+7dHOvDnjQ+Cg2lO8DSc12sFLllOhdOULldZRWbtfTLs9uet\niR8ZVpHJ1TtzEz3X9RqBBCvnqykQvMmiQKOkfYEd6LN4Tk6/HJw2/MZhIgAEXtUU\ndQMnD6OMcwIDAQABo3oweDB2BgNVHREEbzBtghRzYW4xLmNwcy1leGFtcGxlLmNv\nbYIUc2FuMi5jcHMtZXhhbXBsZS5jb22CFHNhbjMuY3BzLWV4YW1wbGUuY29tghRz\nYW40LmNwcy1leGFtcGxlLmNvbYITd3d3LmNwcy1leGFtcGxlLmNvbTANBgkqhkiG\n9w0BAQsFAAOCAQEAm9krrTxqDwUaO8J7P7CcrHfwXeWiDG3d9uHqCvHRGrcs46pI\ny8umThgOEba0QHi6CwM6O0+chcHsn6qf+uVKg2u1SKlE6qMIJ1Ppc8MJky1xo0M5\ncrtRpSXjaoF9S2zZZK1lwOJoK93BtC/lNfRc682TxlQ58jtBI6qnmLXUhF8Yo67v\n0UfHiBIv1pZFPIdk90/48vjWM54haNxm/PhxNb6AdzawR4zImUhMKsISP7uOTURQ\nfFfeNgMvHyI8Id1VPLN+e2y4FtnTVdW2e+PTBvOJ1M+YoFU7M04/2SmKJHqnHljh\nVQBpto9JgDmt0yqsdFdLrZlpsIQwpLqdgKZlSw==\n-----END CERTIFICATE-----",
    "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDTDCCAjQCEB1FmMGD0kjutSE218ho23wwDQYJKoZIhvcNAQELBQAwYjElMCMG\nA1UEAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTEOMAwGA1UECwwFV2Vi\nRXgxDzANBgNVBAoMBkFrYW1haTELMAkGA1UECAwCTUExCzAJBgNVBAYTAlVTMB4X\nDTE3MDUxODIxMTAxMVoXDTE4MDUxOTIxMTAxMVowZzELMAkGA1UEBhMCVVMxCzAJ\nBgNVBAgMAk1BMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsMBVdlYkV4MSowKAYD\nVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0wggEiMA0GCSqG\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyxuHi0zL03f+3ZTKLV1lMHvS2LkUwCKEd\nApJw/v+yPPBTuamvikHQ8L5QM1p7BevavdeBMUAoGGXXQkrRtotCkL4S6N9cgH47\n+cUeXCT0D2BaOkR15N7qDVtkYeAtC7eKUI7+j99iZXAFr8Nel9wqNn/9804HyF+F\nZ/YS5oPBuJVGcTQhd8bmUx5wBgr3n6EhqvOHEEAa5whb5PoP/hFi0xO0SFG/LA/+\nK2NMvaE/9Y9j48/ONAFavf80s/y55SudZyBsjowtnZLIeJ4bM6nCN5DMAljH5U3O\nPFjSFKlbPxQgIcP9wLbQTV6b47tNK8c9jPg+U4jK2xtncJ2ijxSXAgMBAAEwDQYJ\nKoZIhvcNAQELBQADggEBACVVWGcirfBhkDwIuNELh1rzKPmhxwhx9hAsYz2B2FDn\n7q82c85hXLfFSZ/9I3bzotVDh4YucCV+vxUXQcYt5tEDbg96uHNzRzXQUTdJSNIe\nbQ5Yn86ELLrzaXAD3+t6ztj8Z9dIVfG7LrAOg3UX5GjfEUrjNfZaiiUcBqLKibJ5\nOqOJcPlbjKZ1kOqrCqlOugcQrZPgpzHkwssUR7v0VtHBHWnzjDTGaMXmvy1LsULA\n3N35SDGFI/Zpw56R4z95UwpmDYg3IKwAGY8XL/oMqTORWyYDUpy1dpcAln5HcZK3\nthju6KdIwCwmthk1iIUAri6avIrh7Mg2SHFho/4p5mA=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIDQzCCAi0CEO7lWBUwDEEclty6iX7gCMcwCwYJKoZIhvcNAQELMGIxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTEPMA0GA1UECgwGQWthbWFpMQ4wDAYDVQQLDAVX\nZWJFeDElMCMGA1UEAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTAeFw0x\nNzA1MTgyMTEwMTFaFw0yMjA1MTgyMTEwMTFaMGIxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIDAJNQTEPMA0GA1UECgwGQWthbWFpMQ4wDAYDVQQLDAVXZWJFeDElMCMGA1UE\nAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAJCbd5QpPJr0I48G4VE0JF5N719Wsspc8lEEgf2oM4BL\n6pAyxU6hm8YzSfCx/NBpU2MYMa96FDoYWUVfj4iilpV4IpLdsDtXjMJ2fnVXP4iI\n9n5EhF3oKGx2bAgBKpXIWXwPo3fqg/MGsdwIgrYyab3xJuwHP3V/2MSxzcHpxQrU\nE8jaemBXv6v0oTx50Ph0zJP+wYwvaDf+KVFzM3E42Ww9VLuP3lt5RAtasNctqlRr\nSlpH3RrZ0Gkpmz6xGr2LvLw12nkTylws/bafCSFAs7+x2ip6pP3yEaYxKdMpeOIE\nWaVU1RsJiWVYgq+b6gc9wrRpfZLyJYdAa50DuEv8jm0CAwEAATALBgkqhkiG9w0B\nAQsDggEBAFbv9+6pQBXDiFOxoYmu1/xiI1/mSGqooJtzNZjoni6HsruGxSqRbbKa\n3GdaPVInZwWY7p8T1RM8+YDTrRrjbfRuRPqdgUBv8iDbcldJNXsqD1CylxLi0lul\ndnHgQD9TmcrTs3ELeT277PE2f8AX3YjhYK8IIGBmDomc1KRTka3nZtexIwfiEQJr\nRzsFL+1vwPoSJFKb1NzeOGikkPNmipQvYKGY9A/q2XeqrEWKGHizPwvcIu7EC8wL\nRooQ3ztqAV3Wul5dI5+AEE8WQzUyzCq7BEgOgNaX403g8An5QueSjhogbYdRd3BM\n+OWJc8qePy3KgqY44s3kbrPR6sJuAIQ=\n-----END CERTIFICATE-----"
}

Deployment members

Member Type v1 v2 v3 Description
certificate String The certificate text.
networkConfiguration Deployment.networkConfiguration Information about how you want to deploy your certificate.
signatureAlgorithm String, Null The SHA (Secure Hash Algorithm) function. NSA designed this function to produce a hash of certificate contents, which is used in a digital signature. Specify either SHA-1 or SHA-256. SHA–256 is best.
trustChain String The trust chain text. You may have any number of trust chains.

Deployment.networkConfiguration  

Information about how you want to deploy your certificate.

Member Type v1 v2 v3 Description
disallowedTlsVersions Array, Null Specify the TLS protocol version you want to use. If you specify Use Defaults, CPS uses the TLS protocols that Akamai currently supports as a best practice. If you specify Enable all TLS protocol versions, CPS allows the use of any TLS protocols, including any future TLS protocols. If you specify Disable Specific TLS protocols, you must set the TLS protocols that you do not want to allow. You can set TLS 1.0, TLS 1.1, and TLS 1.2. You must select at least one protocol. If you specify Client TLS Renegotiation, it allows Transport Layer Security (TLS) to renegotiate during a live session. Client TLS Renegotiation allows either side of the TLS/SSL connection to start over and choose again which ciphers to use or whether to generate new session keys or reset any other information. If you specify Disallow, CPS does not allow renegotiation during a live session. It is best to use this default. If you specify Secure, CPS allows renegotiation. We do not recommend selecting this except in rare cases where you configured your site to request or require client certificates. If you specify Warning, CPS allows an insecure style, but writes an entry to the log. If you use f5 load balancers or other equipment that does not support the secure method, you could select this option. Specify Dual Stack RSA+ECDSA to allow the use of multiple certificates on a slot. CPS can then use the best certificate for each client connecting to your site. You must have one RSA certificate per slot. Not all clients can accept ECDSA certificates and CPS automatically downgrades and serves an alternate certificate when required by an individual client. Specify OCSP Stapling if you want to improve performance by allowing the visitors to your site to query the Online Certificate Status Protocol (OCSP) server at regular intervals to obtain a signed time-stamped OCSP response. This response must be signed by the CA, not the server, therefore ensuring security. Disable OSCP Stapling if you want visitors to your site to contact the CA directly for an OSCP response. OCSP allows you to obtain the revocation status of a certificate.
geography String, Enum Set to the enum core to specify worldwide (includes China and Russia). Set to the enum china+core to specify worldwide and China. Set to the enum russia+core to specify worldwideand Russia. You can only use this setting to include China and Russia if your Akamai contract specifies your ability to do so and you have approval from the Chinese and Russian government.
mustHaveCiphers String, Null Ciphers that you definitely want to include for your enrollment while deploying it on the network. Defaults to ak-akamai-default when it is not set.
networkType String, Null Type of the network that you want to deploy your certificate in, either standard-worldwide, worldwide-russia, or worldwide.
preferredCiphers String, Null Ciphers that you preferably want to include for your enrollment while deploying it on the network. Defaults to ak-akamai-default when it is not set.
secureNetwork String, Enum The type of deployment network you want to use. Specify Standard TLS as the enum standard-tls to deploy your certificate to Akamai’s standard secure network. It is not PCI compliant. Specify Enhanced TLS as the enum enhanced-tls to deploy your certificate to Akamai’s more secure network with PCI compliance capability.
sni Deployment.networkConfiguration.sni, Null SNI settings for your enrollment. When set to null, the enrollment becomes non-SNI. When it is non-null, enrollment is SNI-only. This setting cannot be changed once an enrollment is created.

Deployment.networkConfiguration.sni  

SNI settings for your enrollment. When set to null, the enrollment becomes non-SNI. When it is non-null, enrollment is SNI-only. This setting cannot be changed once an enrollment is created.

Member Type v1 v2 v3 Description
cloneDnsNames Boolean Enable if you want CPS to direct traffic using all the SANs listed in the the SANs parameter when you created your enrollment.
dnsNames Array, Null Names served by SNI-only enabled enrollments.

DvChallenges

When using certificates with domain validation, you prove that you have control over each of the domains listed in the certificate. When you create a new DV enrollment that generates a certificate signing request (CSR). CPS automatically sends it to Let’s Encrypt for signing. Let’s Encrypt sends back a challenge for each domain listed on your certificate. You prove that you have control over the domains listed in the CSR by redirecting your traffic to Akamai. This allows Akamai to complete the challenge process for you by detecting the redirect and answering Let’s Encrypt’s challenge. You must configure your web server to redirect your traffic to Akamai. If you do not have the ability to redirect traffic on your web server, you must instruct the person who can redirect traffic to do so. Let’s Encrypt automatically verifies the domain after it receives an answer to the challenge, and marks the domain as validated.

Download schema: dv-challenges.v1.json

Sample v1 object:

{
    "domain": "www.cps-example-dv.com",
    "responseBody": "12345-...-abcdef",
    "fullPath": "http://www.cps-example-dv.com/.well-known/acme-challenge/abcdefghijklmno-KuzBi3q5Dr6TU8ViHSDSf-c9Iyg",
    "token": "123456789012345-abcdabcdabcdabcdabcda-c9Iyg._FwjjylbTSz3wLqz-nosVe2Ix30aB4E_xikrCqpzsBA",
    "status": "READY",
    "error": "",
    "requestTimestamp": "2017-05-19T17:20:00Z",
    "validatedTimestamp": "2017-05-19T17:35:22Z",
    "expires": "2017-05-19T18:00:00Z",
    "redirectFullPath": "http://dcv.akamai.com/.well-known/acme-challenge/abcdefghijklmno-KuzBi3q5Dr6TU8ViHSDSf-c9Iyg"
}

DvChallenges members

Member Type Required Description
challenges DvChallenges.challenges[] Domains that need to be validated for this Enrollment.

DvChallenges.challenges[]  

Domains that need to be validated for this Enrollment.

Member Type Required Description
domain String, Null Domain which is being validated.
error String, Null Current validation status for domains not yet validated.
expires String, Null Timestamp when this token or validation will expire. Sample 2014–08–12T18:57:07z.
fullPath String, Null URL where Let’s Encrypt will request and expect to find ‘token’ as content.
redirectFullPath String, Null URL where Akamai will publish responseBody for Let’s Encrypt to validate. Client can configure a redirect at fullPath to redirect requests to this redirectFullPath URL, keeping in mind that token may change over time.
requestTimestamp String, Null Timestamp Akamai received validation token from Let’s Encrypt. Sample 2014-08-12T18:57:07z.
responseBody String, Null Data Let’s Encrypt expect to find served at fullPath URL.
status String, Null Domain validation status.
token String, Null Validation token issued by Let’s Encrypt.
validatedTimestamp String, Null Timestamp when domain was successfully validated. Sample 2014–08–12T18:57:07z.

Enrollment

An enrollment displays all the information about the process that your certificate goes through from the time you request it, through renewal, and as you obtain subsequent versions. CPS is a certificate life cycle management tool. Once you obtain a certificate, you use it until it expires, in most cases a year from the date the CA issued the certificate. CPS automatically starts the renewal process 90 days before the old certificate expires. It then automatically deploys the renewed certificate when it receives it from the CA.

Download schema: enrollment.v1.json, enrollment.v2.json, enrollment.v3.json, enrollment.v4.json

Sample v4 object:

{
    "location": "/cps/v2/enrollments/10002",
    "ra": "third-party",
    "validationType": "third-party",
    "certificateType": "third-party",
    "certificateChainType": "default",
    "networkConfiguration": {
        "geography": "core",
        "secureNetwork": "enhanced-tls",
        "mustHaveCiphers": "ak-akamai-default2016q3",
        "preferredCiphers": "ak-akamai-default",
        "disallowedTlsVersions": [],
        "sni": {
            "cloneDnsNames": false,
            "dnsNames": [
                "san2.example.com",
                "san1.example.com"
            ]
        }
    },
    "signatureAlgorithm": null,
    "changeManagement": true,
    "csr": {
        "cn": "www.example.com",
        "c": "US",
        "st": "MA",
        "l": "Cambridge",
        "o": "Akamai",
        "ou": "WebEx",
        "sans": [
            "san1.example.com",
            "san2.example.com",
            "san3.example.com",
            "san4.example.com",
            "www.example.com"
        ]
    },
    "org": {
        "name": "Akamai Technologies",
        "addressLineOne": "150 Broadway",
        "addressLineTwo": null,
        "city": "Cambridge",
        "region": "MA",
        "postalCode": "02142",
        "country": "US",
        "phone": "617-555-0111"
    },
    "adminContact": {
        "firstName": "Darth",
        "lastName": "Vader",
        "phone": "617-555-0123",
        "email": "vader@example.com",
        "addressLineOne": "666 Evil Way",
        "addressLineTwo": null,
        "city": "Cambridge",
        "country": "US",
        "organizationName": "Dark Side",
        "postalCode": "02142",
        "region": "MA",
        "title": "Lord"
    },
    "techContact": {
        "firstName": "R2",
        "lastName": "D2",
        "phone": "617-555-0111",
        "email": "r2d2@akamai.com",
        "addressLineOne": "150 Broadway",
        "addressLineTwo": null,
        "city": "Cambridge",
        "country": "US",
        "organizationName": "Akamai",
        "postalCode": "02142",
        "region": "MA",
        "title": "Astromech Droid"
    },
    "thirdParty": {
        "excludeSans": false
    },
    "enableMultiStackedCertificates": false,
    "pendingChanges": []
}

Enrollment members

Member Type v1 v2 v3 v4 Description
adminContact Enrollment.adminContact Contact information for the certificate administrator that you want to use as a contact at your company.
certificateType String Either san, single, wildcard, wildcard-san, or third-party. See Enrollment.validationType Values for details.
changeManagement Boolean If you turn change management on for an enrollment, it stops CPS from deploying the certificate to the network until you acknowledge that you are ready to deploy the certificate. You can test the certificate outside of CPS, on the Edge Staging Network (ESN), to make sure it works in your environment and then deploy the certificate. The ESN is a small network of Akamai edge servers built to simulate Akamai’s production network to test most of your site or application functionality with current production version configuration options and functions. For more information on the ESN, see the Edge Staging Network User Guide. You can also contact your account representative with questions or issues with your service on the ESN.
csr Enrollment.csr When you create an enrollment, you also generate a certificate signing request (CSR) using CPS. CPS signs the CSR with the private key. The CSR contains all the information the CA needs to issue your certificate.
location String, Null The URI path to the enrollment. The last segment of the URI path serves as a unique identifier for the enrollment.
networkConfiguration Enrollment.networkConfiguration Settings that specify any network information and TLS Metadata you want CPS to use to push the completed certificate to the network.
org Enrollment.org Your organization information.
pendingChanges Array, Null Returns the Changes currently pending in CPS. The last item in the array is the most recent change.
ra String The registration authority or certificate authority (CA) you want to use to obtain a certificate. A CA is a trusted entity that signs certificates and can vouch for the identity of a website. Either symantec, lets-encrypt, or third-party.
signatureAlgorithm String, Null The SHA (Secure Hash Algorithm) function. NSA designed this function to produce a hash of certificate contents, which is used in a digital signature. Specify either SHA-1 or SHA-256. We recommend you use SHA–256.
techContact Enrollment.techContact Contact information for an administrator at Akamai.
thirdParty Enrollment.thirdParty, Null Specifies that you want to use a third party certificate. This is any certificate that is not issued through CPS.
validationType String There are three types of validation. Domain Validation (DV), which is the lowest level of validation. The CA validates that you have control of the domain. CPS supports DV certificates issued by Let’s Encrypt, a free, automated, and open CA, run for public benefit. Organization Validation (OV), which is the next level of validation. The CA validates that you have control of the domain. Extended Validation (EV), which is the highest level of validation in which you must have signed letters and notaries sent to the CA before signing. You can also specify third party as a type of validation, if you want to use a signed certificate obtained by you from a CA not supported by CPS. Either dv, ev, ov, or third-party.

Enrollment.adminContact  

Contact information for the certificate administrator that you want to use as a contact at your company.

Member Type v1 v2 v3 v4 Description
addressLineOne String, Null The address of your organization.
addressLineTwo String, Null The address of your organization.
city String, Null The city where your organization resides.
country String, Null The country where your organization resides.
email String, Null The email address of the administrator who you want to use as a contact at your company.
firstName String, Null The first name of the administrator who you want to use as a contact at your company.
lastName String, Null The last name of the administrator who you want to use as a contact at your company.
organizationName String, Null The name of your organization.
phone String, Null The phone number of your organization.
postalCode String, Null The postal code of your organization.
region String, Null The region of your organization, typically a state or province.
title String, Null The title of the administrator who you want to use as a contact at your company.

Enrollment.csr  

When you create an enrollment, you also generate a certificate signing request (CSR) using CPS. CPS signs the CSR with the private key. The CSR contains all the information the CA needs to issue your certificate.

Member Type v1 v2 v3 v4 Description
c String, Null The country code for the country where your organization is located.
cn String The common name (CN) you want to use for the certificate in the Common Name field. The domain name you specify here must be owned or have legal rights to use the domain by the company you enter in the Organization field in this tab. The company that owns the domain name must be a legally incorporated entity and be active and in good standing.
l String, Null Your city in the locality (city).
o String, Null The name of your company or organization. Enter the name as it appears in all legal documents and as it appears in the legal entity filing.
ou String, Null Your organizational unit.
sans Array, Null Additional common names (CN) to create a Subject Alternative Names (SAN) list. String values.
st String, Null Your state or province.

Enrollment.networkConfiguration  

Settings that specify any network information and TLS Metadata you want CPS to use to push the completed certificate to the network.

Member Type v1 v2 v3 v4 Description
disallowedTlsVersions Array, Null Specify the TLS protocol version you want to use. If you specify Use Defaults, CPS uses the TLS protocols that Akamai currently supports as a best practice. If you specify Enable all TLS protocol versions, CPS allows the use of any TLS protocols, including any future TLS protocols. If you specify Disable Specific TLS protocols, you must set the TLS protocols that you do not want to allow. You can set TLS 1.0, TLS 1.1, and TLS 1.2. You must select at least one protocol. If you specify Client TLS Renegotiation, it allows Transport Layer Security (TLS) to renegotiate during a live session. Client TLS Renegotiation allows either side of the TLS/SSL connection to start over and choose again which ciphers to use or whether to generate new session keys or reset any other information. If you specify Disallow, CPS does not allow renegotiation during a live session. We recommend using this default. If you specify Secure, CPS allows renegotiation. We do not recommend selecting this except in rare cases where you configured your site to request or require client certificates. If you specify Warning, CPS allows an insecure style, but writes an entry to the log. If you use f5 load balancers or other equipment that does not support the secure method, you could select this option. Specify Dual Stack RSA+ECDSA to allow the use of multiple certificates on a slot. CPS can then use the best certificate for each client connecting to your site. You must have one RSA certificate per slot. Not all clients can accept ECDSA certificates and CPS automatically downgrades and serves an alternate certificate when required by an individual client. Specify OCSP Stapling if you want to improve performance by allowing the visitors to your site to query the Online Certificate Status Protocol (OCSP) server at regular intervals to obtain a signed time-stamped OCSP response. This response must be signed by the CA, not the server, therefore ensuring security. Disable OSCP Stapling if you want visitors to your site to contact the CA directly for an OSCP response. OCSP allows you to obtain the revocation status of a certificate.
geography String Set to the enum core to specify worldwide (includes China and Russia). Set to the enum china+core to specify worldwide and China. Set to the enum russia+core to specify worldwideand Russia. You can only use this setting to include China and Russia if your Akamai contract specifies your ability to do so and you have approval from the Chinese and Russian government.
mustHaveCiphers String, Null Ciphers that you definitely want to include for your enrollment while deploying it on the network. Defaults to ak-akamai-default when it is not set.
networkType String Type of the network that you want to deploy your certificate in, either standard-worldwide, worldwide-russia, or worldwide.
preferredCiphers String, Null Ciphers that you preferably want to include for your enrollment while deploying it on the network. Defaults to ak-akamai-default when it is not set.
secureNetwork String Set the type of deployment network you want to use. Set Standard TLS to deploy your certificate to Akamai’s standard secure network. It is not PCI compliant. Set Enhanced TLS to deploy your certificate to Akamai’s more secure network with PCI compliance capability.
sni Enrollment.networkConfiguration.sni, Null SNI settings for your enrollment. When set to null, the enrollment becomes non-SNI. When it is non-null, enrollment is SNI-ONLY. This setting cannot be changed once an enrollment is created.

Enrollment.networkConfiguration.sni  

SNI settings for your enrollment. When set to null, the enrollment becomes non-SNI. When it is non-null, enrollment is SNI-ONLY. This setting cannot be changed once an enrollment is created.

Member Type v1 v2 v3 v4 Description
cloneDnsNames Boolean Enable if you want CPS to direct traffic using all the SANs listed in the the SANs parameter when you created your enrollment.
dnsNames Array, Null Names served by SNI-only enabled enrollments.

Enrollment.org  

Your organization information.

Member Type v1 v2 v3 v4 Description
addressLineOne String, Null The address of your organization.
addressLineTwo String, Null The address of your organization.
city String, Null The city where your organization resides.
country String, Null The country where your organization resides.
name String, Null The name of your organization.
phone String, Null The phone number of the administrator who you want to use as a contact at your company.
postalCode String, Null The postal code of your organization.
region String, Null The region where your organization resides.

Enrollment.techContact  

Contact information for an administrator at Akamai.

Member Type v1 v2 v3 v4 Description
addressLineOne String, Null The address for an administrator at Akamai.
addressLineTwo String, Null The address for an administrator at Akamai.
city String, Null The city for an administrator at Akamai.
country String, Null The country for an administrator at Akamai.
email String, Null The email address of the administrator who you want to use as a contact at your company.
firstName String, Null The first name of the technical contact who you want to use within Akamai. This is the person you work closest with at Akamai who can verify the certificate request. This is the person the CA calls if there are any issues with the certificate and they cannot reach the administrator.
lastName String, Null The last name of the technical contact who you want to use within Akamai.
organizationName String, Null The name of your organization in Akamai where your technical contact works.
phone String, Null The phone number of the technical contact who you want to use within Akamai.
postalCode String, Null The postal code for an administrator at Akamai.
region String, Null The region for an administrator at Akamai.
title String, Null The title for an administrator at Akamai.

Enrollment.thirdParty  

Specifies that you want to use a third party certificate. This is any certificate that is not issued through CPS.

Member Type v1 v2 v3 v4 Description
excludeSans Boolean If this is true, then the SANs in the enrollment do not appear in the CSR that CPS submits to the CA.

Warnings

Warnings generated by CPS.

Download schema: warnings.v1.json

Sample v1 object:

{
    "warnings": "Some of the domains being provisioned (%s) exist on another certificate. Akamai recommends against overlapping names on Enhanced TLS and Standard TLS certificates except during digital property migrations. Enhanced TLS traffic could be misdirected in the event of DNS misconfiguration and treated as Standard TLS until the overlap is eliminated."
}

Warnings members

Member Type Required Description
warnings String, Null String with comma separated list of warnings.

Errors

If you encounter errors, the CPS API responds with appropriate HTTP status codes and a response object that explains them, detailed below.

Error responses

CPS API error responses conform and are formatted based on HTTP Problem Details standard.

HTTP status codes

CPS API HTTP response codes are as follows:

Code Description
200 The operation was successful.
202 Resource successfully accepted.
400 Bad Request.
404 Resource not found.
406 Not acceptable.
409 Conflict with current state of resource.
410 Requested resource is no longer available.
500 Internal server error.
502 Platform timeout error.

Last modified: 4/13/2018