Trust Chain Manager API v1

Learn more:


Overview

The Trust Chain Manager API lets you create, manage, and deploy CA certificate sets for Akamai to authenticate a client certificate from a user’s browser.

Each CA set contains one or more trusted CA certificates that validate the client certificates presented by a user during the TLS handshake at the Edge - a process called mutual authentication (mTLS).

Think of a “CA set” as a virtual certificate trust store that relates to one or more of your edge certificates. This eases TLS mutual authentication. All CA certificates included in a CA set (whether intermediate or root) are mTLS trust anchors at the Edge. By default, Trust Chain Manager requires each intermediate CA certificate in the CA set to have its signing certificate. It creates a valid certificate chain that terminates at a self-signed root certificate. You may choose to opt out of this root certificate path validation need for a CA set.

You can create one or more CA sets. Each of them contains diverse groupings of trusted intermediate and root certificates. These meet different mTLS requirements. You can manage and access CA certificates within all contracts under the account you created them in. Once a new CA set deploys to both Staging and Production, you can use the CPS API. It applies that set to one or more edge certificates on a contract. This enables mTLS on those certificates.

Get started

To configure this API for the first time:

  • Review Get Started with APIs for details on how to set up client tokens to access any Akamai API. These tokens appear as custom hostnames that look like this: https://akzz-XXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXX.luna.akamaiapis.net.

  • To enable this API, choose the API service named Trust Chain Manager, and set the access level to READ-WRITE.

  • Get assigned to the TCMEdit role to use the API to its full extent. This includes the operations to change the state of your system. The CPSView and CPSBasic roles limit your use of the API to read-only operations.

API concepts

This list provides a road map of all the conceptual objects you deal with when interacting with the Trust Chain Manager API, and provides pointers to where you can learn more.

  • SetFullData. Defines a CA set that contains a collection of one or more valid intermediate or root CA certificates to be trusted for mTLS. It also contains the target deployment network for a new CA set, or the deployment status of an existing CA set. See the SetFullData object type.

  • SetRef. A response object that contains identifying information for a newly created or recently updated CA set. See the SetRef object type.

  • Set. A response object for both abbreviated identifying information and deployment status of a CA set used when listing available CA sets. The CA certificates are not included in the abbreviated response. The CA certificates are not included in the abbreviated response. Use the set id included in this object to fetch detailed information for the CA set. See the Set object type.

  • Deployment. Indicates the target networks for a deployment. You can deploy to Staging or Production networks, as well as validate your CA sets before deployment. See the Deployment object type.

  • DeploymentState. A response object indicating the deployment status of the CA set. See the DeploymentState object type.

Certificate chain best practice

To ensure you are using a valid intermediate CA certificate in your certificate trust store, you should include the full certificate chain and conduct certificate path validation to a self-signed trust anchor (commonly referred to as the root certificate). By default, Akamai Trust Chain Manager conducts this certificate path validation on each certificate in the TCM certificate set and requires successful validation before network deployment of the set. However, you may opt out of this path validation for a TCM certificate set.

NOTE: By opting out, you acknowledge that all certificates in the set will no longer be verified using certificate path validation to a root certificate and will each be considered a trust anchor on its own merit.

Consider local processes to ensure the certificates included in the TCM certificate set are valid and trusted for their intended purposes. Note that for each subsequent version of the set this validation option may be set individually, as needed.

Resources

This section provides details on each API operation.

NOTE: The API allows you to select a version of the CA set for which it returns data. You can also specify the version yourself by using the /versions/{version} segment of the URL, where available. You can omit this segment in every endpoint that includes it. If you do so, the API implementation assumes the latest version of the CA set by default.

API summary

Download the RAML descriptors for this API.

Operation Method Endpoint
List CA sets GET /trust-chain-manager/v1/sets{?name,deployedOnStaging,deployedOnProduction}
Create a CA set POST /trust-chain-manager/v1/sets
Get the latest version of the CA set GET /trust-chain-manager/v1/sets/{setId}
Update a CA set PUT /trust-chain-manager/v1/sets/{setId}
Delete a CA set DELETE /trust-chain-manager/v1/sets/{setId}
Get IDs of all active versions of a CA set GET /trust-chain-manager/v1/sets/{setId}/versions
Get a certain version of the CA set GET /trust-chain-manager/v1/sets/{setId}/versions/{version}
Get the latest version of the CA set with certificates listed individually GET /trust-chain-manager/v1/sets/{setId}/certificates
Get a certain version of the CA set with certificates listed individually GET /trust-chain-manager/v1/sets/{setId}/certificates/versions/{version}
Get the certificate by ID GET /trust-chain-manager/v1/sets/{setId}/certificates/{certificateId}
Get a list of certificates in the latest version of the CA set GET /trust-chain-manager/v1/sets/{setId}/certificateIds
Get a list of certificates in a certain version of the CA set GET /trust-chain-manager/v1/sets/{setId}/certificateIds/versions/{version}
Get all active versions of a CA set including trust chains GET /trust-chain-manager/v1/sets/{setId}/trustchains
Get the deployment status of a CA set GET /trust-chain-manager/v1/sets/{setId}/deployments
Deploy a CA set to the network PUT /trust-chain-manager/v1/sets/{setId}/deployments
Get deployment status of a certain version of the CA set GET /trust-chain-manager/v1/sets/{setId}/deployments/versions/{version}
Deploy a certain version of the CA set to the network PUT /trust-chain-manager/v1/sets/{setId}/deployments/versions/{version}
Validate a CA set POST /trust-chain-manager/v1/sets/validator

List CA sets

Fetches a list of CA sets. You can specify filters to target specific data within sets. If you don’t specify any filters, this call returns all available sets. The response is an abbreviated Set object. You can then use the setId to fetch detailed information for each set.

GET /trust-chain-manager/v1/sets{?name,deployedOnStaging,deployedOnProduction}

Sample: /trust-chain-manager/v1/sets?name=Set1&deployedOnStaging=true&deployedOnProduction=false

Parameter Type Sample Description
Optional query parameters
deployedOnProduction Boolean false Returns sets whose deployment state on the Production network matches this filter.
deployedOnStaging Boolean true Returns sets whose deployment state on the Staging network matches this filter.
name String Set1 The name of the set.

Status 200 application/json

Object type: Sets

Download schema: sets.json

Response body:

{
    "accountId": "A-123DGC",
    "sets": [
        {
            "name": "Set1",
            "id": 123456,
            "hasAcknowledgedNoRootCertificate": true,
            "deployment": {
                "staging": true,
                "production": true
            }
        },
        {
            "name": "Set10",
            "id": 789123,
            "hasAcknowledgedNoRootCertificate": false,
            "deployment": {
                "staging": true,
                "production": false
            }
        }
    ]
}

Create a CA set

Creates a new CA set using the supplied SetFullData object. Note that if both Staging and Production fields are set to NULL, the CA set will be validated, and validation results returned to the caller, but the set will not be saved or deployed. See Certificate chain best practice for guidance on certificate validation.

POST /trust-chain-manager/v1/sets

Content-Type: application/json

Object type: SetFullData

Download schema: set-full-data.json

Request body:

{
    "name": "Set1",
    "requireRootCertificate": true,
    "deployment": {
        "staging": true,
        "production": true
    },
    "chains": [
        {
            "name": "Chain1",
            "certificates": "-----BEGIN CERTIFICATE-----\nMIICiTCCAfKgAwIBAgIJAJHSGaH2s0otMA0GCSqGSIb3DQEBCwUAMF8xCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxHjAcBgNVBAMMFXNvbWUtcm9vdC5leGFtcGxlLmNvbTAeFw0xOTAz\nMDgxOTA3MDhaFw00NjA3MjMxOTA3MDhaMGcxCzAJBgNVBAYTAlVTMQswCQYDVQQI\nDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxJjAkBgNV\nBAMMHXNvbWUtaW50ZXJtZWRpYXRlLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB\nAQUAA4GNADCBiQKBgQCzuzTQHsW8HHB6cHv7jT/4cETl53jHB1QOK7aVdVO/cK5i\nv8YFB/O2zcXfHbObJTMDp5T33tiy2dTa4X/9OirC/FcEKK7pFL07r60nkyLbnX1P\nOLE7TrfBbzFpBxWXTSuXFi4Y002dvxKfxsgruxD3JVsdwBh4jZS6IkyUJHmopwID\nAQABo0UwQzAdBgNVHQ4EFgQUAveECjwgwk+MHozpCpMauW1TftkwEgYDVR0TAQH/\nBAgwBgEB/wIBATAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADgYEAxRxv\n4NadAtvJx7xBGBcR9C3NEz9WR84bpfHP720ZpgR8WRPXxjQZz/clwADi6PpE1/7B\nqybde5hE38XnbGOhzIDyIXd8Hfztaaj7vxR5DiEOAY3jE5Ix98WQ0ZrbYTSu4o1b\ncSPdPt3JWFygdtur9ikw9FRFPNhcH195X5LGJas=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIICNTCCAZ4CCQC+2uIuN+erCTANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWth\nbWFpMR4wHAYDVQQDDBVzb21lLXJvb3QuZXhhbXBsZS5jb20wHhcNMTkwMzA4MTkw\nMzE4WhcNNDYwNzIzMTkwMzE4WjBfMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTUEx\nEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWthbWFpMR4wHAYDVQQDDBVz\nb21lLXJvb3QuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB\nANpc8vud0MhTRDBB1JZGfEAuutQf/CQ8ToyDor4TBvE1pa24DvT1DEaaDUMhVPXK\naJC95re6xV2NOvCrvOjZBNH94DWCldRg93DOVPmUEVcEcB81zfdfT0iEW96C2RFf\nI1Hv0tJynmxDI5k5lK4Js6/nonJbUVHL8X63yMvmR9HNAgMBAAEwDQYJKoZIhvcN\nAQELBQADgYEABnpsP51MLW0069megs/czB3EJWeMt2ynCD6RlQPqXBlkVsengT3y\ntRnKJwD5SYjr8sW9Vq5Rp2dm7X7i9osB+CSveORw3hWbu4TmiA18qJr/SSUwo5Xf\nbsjfV2IUQtNLEExhp1nBjvJNmTP3g/NiVVWHEQafynwXlNAj1ySuUzs=\n-----END CERTIFICATE-----"
        },
        {
            "name": "ChainN",
            "certificates": "-----BEGIN CERTIFICATE-----\nMIICijCCAfOgAwIBAgIJAJHSGaH2s0osMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxIDAeBgNVBAMMF3RjbS1yb290LWNhLmV4YW1wbGUuY29tMB4XDTE5\nMDIyNDIzMzUxN1oXDTQ2MDcxMTIzMzUxN1owZjELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAk1BMRIwEAYDVQQHDAlDYW1icmlkZ2UxDzANBgNVBAoMBkFrYW1haTElMCMG\nA1UEAwwcdGNtLWludGVybWVkaWF0ZS5leGFtcGxlLmNvbTCBnzANBgkqhkiG9w0B\nAQEFAAOBjQAwgYkCgYEAw6JPmMaZD/SOBkQ+PISBF+o+gQ0/zz6ei7GCfgN3k7db\nAm6GsqxG7yKJfQYhHMTQQsUNgNzYNSFRdJNyHM8Edjr3sCGIei571HNu3Yik95T3\nPJpInaY24yfye+v9ln2hKu/53r5G3xdsSm/ZyI1wK7nRj6bzbwnGlXEfMKmhcg8C\nAwEAAaNFMEMwHQYDVR0OBBYEFHu2jZE6TpHcoQwZaSNmj/VJ+p8TMBIGA1UdEwEB\n/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4GBABR8\nZ1blA+Vx32a39OhOX+Ul/PC8fX4Z0El7tiOGAA2xCoHK7cZqd+QkdKV9ju3Z2ah0\nSCHOPqBT7tZaXPrtx7sxtlb0U6IJdklb78BjeK1KlM5x4jfnAaAvouaGX2SU9fp2\na1P/IsuOD6zHBddTysuX8W3YEycdT7JzhCWpROKF\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIICOTCCAaICCQDPV5YuumF6sDANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWth\nbWFpMSAwHgYDVQQDDBd0Y20tcm9vdC1jYS5leGFtcGxlLmNvbTAeFw0xOTAyMjQy\nMzM0MjJaFw00NjA3MTEyMzM0MjJaMGExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxIDAeBgNVBAMM\nF3RjbS1yb290LWNhLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\niQKBgQDXFPDgDFXXcS7Pa6G02VP6OGL3YYGBJm2AqtkB0MeLWOk3RsBIPcEgY1eq\n+32n8fObXUr0UX22sjyv/PkMkYWIru01dE9pc2KCDNYF7Gea8kM9C0VQx0gog5SL\nesYHABEox+t0ZVhVvOfUIlqK6GN7eEiN6PTgKhpEVnoowne81QIDAQABMA0GCSqGvSIb3DQEBCwUAA4GBALK8Hko9UU62XYX1IdJ2EA/XRWHPin2OXurEPRDv0X4q9oc9\nBMvDR36pXMMEFd9pRp7MQnGq266qecNWBkmcSY9k/ct8GtG6t4k+lBQvQPBERs7I\niiCDgIa53ofoJSi2rN9+HuluSwFLIObt2pKhrgfy6UV9VasTyxcLw8wD4z8u\n-----END CERTIFICATE-----"
        }
    ]
}

Status 202 application/json

Object type: SetRef

Download schema: set-ref.json

Response body:

{
    "accountId": "A-1234BD",
    "set": "/trust-chain-manager-api/v1/sets/10000",
    "name": "Set1"
}

Get the latest version of the CA set

By default, gets the latest version of the CA set.

GET /trust-chain-manager/v1/sets/{setId}

Sample: /trust-chain-manager/v1/sets/100

Parameter Type Sample Description
URL path parameters
setId Integer 100 A unique identifier for each set.

Status 200 application/json

Object type: SetFullData

Download schema: set-full-data.json

Response body:

{
    "id": 123456,
    "version": 75361,
    "name": "Set1",
    "hasAcknowledgedNoRootCertificate": true,
    "requireRootCertificate": false,
    "deployment": {
        "staging": true,
        "production": true
    },
    "chains": [
        {
            "name": "Chain1",
            "certificates": "-----BEGIN CERTIFICATE-----\nMIICiTCCAfKgAwIBAgIJAJHSGaH2s0otMA0GCSqGSIb3DQEBCwUAMF8xCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxHjAcBgNVBAMMFXNvbWUtcm9vdC5leGFtcGxlLmNvbTAeFw0xOTAz\nMDgxOTA3MDhaFw00NjA3MjMxOTA3MDhaMGcxCzAJBgNVBAYTAlVTMQswCQYDVQQI\nDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxJjAkBgNV\nBAMMHXNvbWUtaW50ZXJtZWRpYXRlLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB\nAQUAA4GNADCBiQKBgQCzuzTQHsW8HHB6cHv7jT/4cETl53jHB1QOK7aVdVO/cK5i\nv8YFB/O2zcXfHbObJTMDp5T33tiy2dTa4X/9OirC/FcEKK7pFL07r60nkyLbnX1P\nOLE7TrfBbzFpBxWXTSuXFi4Y002dvxKfxsgruxD3JVsdwBh4jZS6IkyUJHmopwID\nAQABo0UwQzAdBgNVHQ4EFgQUAveECjwgwk+MHozpCpMauW1TftkwEgYDVR0TAQH/\nBAgwBgEB/wIBATAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADgYEAxRxv\n4NadAtvJx7xBGBcR9C3NEz9WR84bpfHP720ZpgR8WRPXxjQZz/clwADi6PpE1/7B\nqybde5hE38XnbGOhzIDyIXd8Hfztaaj7vxR5DiEOAY3jE5Ix98WQ0ZrbYTSu4o1b\ncSPdPt3JWFygdtur9ikw9FRFPNhcH195X5LGJas=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIICNTCCAZ4CCQC+2uIuN+erCTANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWth\nbWFpMR4wHAYDVQQDDBVzb21lLXJvb3QuZXhhbXBsZS5jb20wHhcNMTkwMzA4MTkw\nMzE4WhcNNDYwNzIzMTkwMzE4WjBfMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTUEx\nEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWthbWFpMR4wHAYDVQQDDBVz\nb21lLXJvb3QuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB\nANpc8vud0MhTRDBB1JZGfEAuutQf/CQ8ToyDor4TBvE1pa24DvT1DEaaDUMhVPXK\naJC95re6xV2NOvCrvOjZBNH94DWCldRg93DOVPmUEVcEcB81zfdfT0iEW96C2RFf\nI1Hv0tJynmxDI5k5lK4Js6/nonJbUVHL8X63yMvmR9HNAgMBAAEwDQYJKoZIhvcN\nAQELBQADgYEABnpsP51MLW0069megs/czB3EJWeMt2ynCD6RlQPqXBlkVsengT3y\ntRnKJwD5SYjr8sW9Vq5Rp2dm7X7i9osB+CSveORw3hWbu4TmiA18qJr/SSUwo5Xf\nbsjfV2IUQtNLEExhp1nBjvJNmTP3g/NiVVWHEQafynwXlNAj1ySuUzs=\n-----END CERTIFICATE-----"
        },
        {
            "name": "ChainN",
            "certificates": "-----BEGIN CERTIFICATE-----\nMIICijCCAfOgAwIBAgIJAJHSGaH2s0osMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxIDAeBgNVBAMMF3RjbS1yb290LWNhLmV4YW1wbGUuY29tMB4XDTE5\nMDIyNDIzMzUxN1oXDTQ2MDcxMTIzMzUxN1owZjELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAk1BMRIwEAYDVQQHDAlDYW1icmlkZ2UxDzANBgNVBAoMBkFrYW1haTElMCMG\nA1UEAwwcdGNtLWludGVybWVkaWF0ZS5leGFtcGxlLmNvbTCBnzANBgkqhkiG9w0B\nAQEFAAOBjQAwgYkCgYEAw6JPmMaZD/SOBkQ+PISBF+o+gQ0/zz6ei7GCfgN3k7db\nAm6GsqxG7yKJfQYhHMTQQsUNgNzYNSFRdJNyHM8Edjr3sCGIei571HNu3Yik95T3\nPJpInaY24yfye+v9ln2hKu/53r5G3xdsSm/ZyI1wK7nRj6bzbwnGlXEfMKmhcg8C\nAwEAAaNFMEMwHQYDVR0OBBYEFHu2jZE6TpHcoQwZaSNmj/VJ+p8TMBIGA1UdEwEB\n/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4GBABR8\nZ1blA+Vx32a39OhOX+Ul/PC8fX4Z0El7tiOGAA2xCoHK7cZqd+QkdKV9ju3Z2ah0\nSCHOPqBT7tZaXPrtx7sxtlb0U6IJdklb78BjeK1KlM5x4jfnAaAvouaGX2SU9fp2\na1P/IsuOD6zHBddTysuX8W3YEycdT7JzhCWpROKF\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIICOTCCAaICCQDPV5YuumF6sDANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWth\nbWFpMSAwHgYDVQQDDBd0Y20tcm9vdC1jYS5leGFtcGxlLmNvbTAeFw0xOTAyMjQy\nMzM0MjJaFw00NjA3MTEyMzM0MjJaMGExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxIDAeBgNVBAMM\nF3RjbS1yb290LWNhLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\niQKBgQDXFPDgDFXXcS7Pa6G02VP6OGL3YYGBJm2AqtkB0MeLWOk3RsBIPcEgY1eq\n+32n8fObXUr0UX22sjyv/PkMkYWIru01dE9pc2KCDNYF7Gea8kM9C0VQx0gog5SL\nesYHABEox+t0ZVhVvOfUIlqK6GN7eEiN6PTgKhpEVnoowne81QIDAQABMA0GCSqGvSIb3DQEBCwUAA4GBALK8Hko9UU62XYX1IdJ2EA/XRWHPin2OXurEPRDv0X4q9oc9\nBMvDR36pXMMEFd9pRp7MQnGq266qecNWBkmcSY9k/ct8GtG6t4k+lBQvQPBERs7I\niiCDgIa53ofoJSi2rN9+HuluSwFLIObt2pKhrgfy6UV9VasTyxcLw8wD4z8u\n-----END CERTIFICATE-----"
        }
    ]
}

Update a CA set

Updates an existing CA set with the supplied SetFullData object. This creates a new version of the CA set and deploys it to the networks specified in the object. Note that if both Staging and Production fields are set to NULL, the CA set undergoes validation. This returns validation results to the caller, but does not create or deploy a new version. See Certificate chain best practice for guidance on certificate validation.

PUT /trust-chain-manager/v1/sets/{setId}

Sample: /trust-chain-manager/v1/sets/100

Content-Type: application/json

Object type: SetFullData

Download schema: set-full-data.json

Request body:

{
    "id": 123456,
    "version": 75361,
    "name": "Set1",
    "requireRootCertificate": false,
    "deployment": {
        "staging": true,
        "production": true
    },
    "chains": [
        {
            "name": "Chain1",
            "certificates": "-----BEGIN CERTIFICATE-----\nMIICiTCCAfKgAwIBAgIJAJHSGaH2s0otMA0GCSqGSIb3DQEBCwUAMF8xCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxHjAcBgNVBAMMFXNvbWUtcm9vdC5leGFtcGxlLmNvbTAeFw0xOTAz\nMDgxOTA3MDhaFw00NjA3MjMxOTA3MDhaMGcxCzAJBgNVBAYTAlVTMQswCQYDVQQI\nDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxJjAkBgNV\nBAMMHXNvbWUtaW50ZXJtZWRpYXRlLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB\nAQUAA4GNADCBiQKBgQCzuzTQHsW8HHB6cHv7jT/4cETl53jHB1QOK7aVdVO/cK5i\nv8YFB/O2zcXfHbObJTMDp5T33tiy2dTa4X/9OirC/FcEKK7pFL07r60nkyLbnX1P\nOLE7TrfBbzFpBxWXTSuXFi4Y002dvxKfxsgruxD3JVsdwBh4jZS6IkyUJHmopwID\nAQABo0UwQzAdBgNVHQ4EFgQUAveECjwgwk+MHozpCpMauW1TftkwEgYDVR0TAQH/\nBAgwBgEB/wIBATAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADgYEAxRxv\n4NadAtvJx7xBGBcR9C3NEz9WR84bpfHP720ZpgR8WRPXxjQZz/clwADi6PpE1/7B\nqybde5hE38XnbGOhzIDyIXd8Hfztaaj7vxR5DiEOAY3jE5Ix98WQ0ZrbYTSu4o1b\ncSPdPt3JWFygdtur9ikw9FRFPNhcH195X5LGJas=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIICNTCCAZ4CCQC+2uIuN+erCTANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWth\nbWFpMR4wHAYDVQQDDBVzb21lLXJvb3QuZXhhbXBsZS5jb20wHhcNMTkwMzA4MTkw\nMzE4WhcNNDYwNzIzMTkwMzE4WjBfMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTUEx\nEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWthbWFpMR4wHAYDVQQDDBVz\nb21lLXJvb3QuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB\nANpc8vud0MhTRDBB1JZGfEAuutQf/CQ8ToyDor4TBvE1pa24DvT1DEaaDUMhVPXK\naJC95re6xV2NOvCrvOjZBNH94DWCldRg93DOVPmUEVcEcB81zfdfT0iEW96C2RFf\nI1Hv0tJynmxDI5k5lK4Js6/nonJbUVHL8X63yMvmR9HNAgMBAAEwDQYJKoZIhvcN\nAQELBQADgYEABnpsP51MLW0069megs/czB3EJWeMt2ynCD6RlQPqXBlkVsengT3y\ntRnKJwD5SYjr8sW9Vq5Rp2dm7X7i9osB+CSveORw3hWbu4TmiA18qJr/SSUwo5Xf\nbsjfV2IUQtNLEExhp1nBjvJNmTP3g/NiVVWHEQafynwXlNAj1ySuUzs=\n-----END CERTIFICATE-----"
        },
        {
            "name": "ChainN",
            "certificates": "-----BEGIN CERTIFICATE-----\nMIICijCCAfOgAwIBAgIJAJHSGaH2s0osMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxIDAeBgNVBAMMF3RjbS1yb290LWNhLmV4YW1wbGUuY29tMB4XDTE5\nMDIyNDIzMzUxN1oXDTQ2MDcxMTIzMzUxN1owZjELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAk1BMRIwEAYDVQQHDAlDYW1icmlkZ2UxDzANBgNVBAoMBkFrYW1haTElMCMG\nA1UEAwwcdGNtLWludGVybWVkaWF0ZS5leGFtcGxlLmNvbTCBnzANBgkqhkiG9w0B\nAQEFAAOBjQAwgYkCgYEAw6JPmMaZD/SOBkQ+PISBF+o+gQ0/zz6ei7GCfgN3k7db\nAm6GsqxG7yKJfQYhHMTQQsUNgNzYNSFRdJNyHM8Edjr3sCGIei571HNu3Yik95T3\nPJpInaY24yfye+v9ln2hKu/53r5G3xdsSm/ZyI1wK7nRj6bzbwnGlXEfMKmhcg8C\nAwEAAaNFMEMwHQYDVR0OBBYEFHu2jZE6TpHcoQwZaSNmj/VJ+p8TMBIGA1UdEwEB\n/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4GBABR8\nZ1blA+Vx32a39OhOX+Ul/PC8fX4Z0El7tiOGAA2xCoHK7cZqd+QkdKV9ju3Z2ah0\nSCHOPqBT7tZaXPrtx7sxtlb0U6IJdklb78BjeK1KlM5x4jfnAaAvouaGX2SU9fp2\na1P/IsuOD6zHBddTysuX8W3YEycdT7JzhCWpROKF\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIICOTCCAaICCQDPV5YuumF6sDANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWth\nbWFpMSAwHgYDVQQDDBd0Y20tcm9vdC1jYS5leGFtcGxlLmNvbTAeFw0xOTAyMjQy\nMzM0MjJaFw00NjA3MTEyMzM0MjJaMGExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxIDAeBgNVBAMM\nF3RjbS1yb290LWNhLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\niQKBgQDXFPDgDFXXcS7Pa6G02VP6OGL3YYGBJm2AqtkB0MeLWOk3RsBIPcEgY1eq\n+32n8fObXUr0UX22sjyv/PkMkYWIru01dE9pc2KCDNYF7Gea8kM9C0VQx0gog5SL\nesYHABEox+t0ZVhVvOfUIlqK6GN7eEiN6PTgKhpEVnoowne81QIDAQABMA0GCSqGvSIb3DQEBCwUAA4GBALK8Hko9UU62XYX1IdJ2EA/XRWHPin2OXurEPRDv0X4q9oc9\nBMvDR36pXMMEFd9pRp7MQnGq266qecNWBkmcSY9k/ct8GtG6t4k+lBQvQPBERs7I\niiCDgIa53ofoJSi2rN9+HuluSwFLIObt2pKhrgfy6UV9VasTyxcLw8wD4z8u\n-----END CERTIFICATE-----"
        }
    ]
}
Parameter Type Sample Description
URL path parameters
setId Integer 100 A unique identifier for each set.

Status 202 application/json

Object type: SetRef

Download schema: set-ref.json

Response body:

{
    "accountId": "A-1234BD",
    "set": "/trust-chain-manager-api/v1/sets/10000",
    "name": "Set1"
}

Delete a CA set

Removes a CA set from the account. This operation succeeds only if the set is not used by any slot.

DELETE /trust-chain-manager/v1/sets/{setId}

Sample: /trust-chain-manager/v1/sets/100

Parameter Type Sample Description
URL path parameters
setId Integer 100 A unique identifier for each set.

Status 204

Get IDs of all active versions of a CA set

Active versions of a set are the versions currently deployed, or in the process of deployment to the network. A failed version is included if it is the latest version of the set deployed to the network. Version ID and a minimal collection of accompanying metadata items is listed for each version.

GET /trust-chain-manager/v1/sets/{setId}/versions

Sample: /trust-chain-manager/v1/sets/100/versions

Parameter Type Sample Description
URL path parameters
setId Integer 100 A unique identifier for each set.

Status 200 application/json

Download schema: versions.json

Response body:

{
    "id": 76927,
    "name": "PartnerB2B",
    "hasAcknowledgedNoRootCertificate": true,
    "versions": [
        {
            "version": 77152,
            "requireRootCertificate": true,
            "deployment": {
                "staging": "DEPLOYED",
                "production": "DEPLOYING"
            },
            "lastModifiedBy": "jmarczew",
            "timestamp": "2020-04-21T19:31:11.808"
        },
        {
            "version": 78453,
            "requireRootCertificate": false,
            "deployment": {
                "staging": "DEPLOYED",
                "production": "DEPLOYED"
            },
            "lastModifiedBy": "jmarczew",
            "timestamp": "2020-06-03T10:15:08.231"
        }
    ]
}

Get a certain version of the CA set

Gets the specified version of the CA set.

GET /trust-chain-manager/v1/sets/{setId}/versions/{version}

Sample: /trust-chain-manager/v1/sets/100/versions/75361

Parameter Type Sample Description
URL path parameters
setId Integer 100 A unique identifier for each set.
version Integer 75361 A version number.

Status 200 application/json

Object type: SetFullData

Download schema: set-full-data.json

Response body:

{
    "id": 123456,
    "version": 75361,
    "name": "Set1",
    "hasAcknowledgedNoRootCertificate": true,
    "requireRootCertificate": false,
    "deployment": {
        "staging": true,
        "production": true
    },
    "chains": [
        {
            "name": "Chain1",
            "certificates": "-----BEGIN CERTIFICATE-----\nMIICiTCCAfKgAwIBAgIJAJHSGaH2s0otMA0GCSqGSIb3DQEBCwUAMF8xCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxHjAcBgNVBAMMFXNvbWUtcm9vdC5leGFtcGxlLmNvbTAeFw0xOTAz\nMDgxOTA3MDhaFw00NjA3MjMxOTA3MDhaMGcxCzAJBgNVBAYTAlVTMQswCQYDVQQI\nDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxJjAkBgNV\nBAMMHXNvbWUtaW50ZXJtZWRpYXRlLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB\nAQUAA4GNADCBiQKBgQCzuzTQHsW8HHB6cHv7jT/4cETl53jHB1QOK7aVdVO/cK5i\nv8YFB/O2zcXfHbObJTMDp5T33tiy2dTa4X/9OirC/FcEKK7pFL07r60nkyLbnX1P\nOLE7TrfBbzFpBxWXTSuXFi4Y002dvxKfxsgruxD3JVsdwBh4jZS6IkyUJHmopwID\nAQABo0UwQzAdBgNVHQ4EFgQUAveECjwgwk+MHozpCpMauW1TftkwEgYDVR0TAQH/\nBAgwBgEB/wIBATAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADgYEAxRxv\n4NadAtvJx7xBGBcR9C3NEz9WR84bpfHP720ZpgR8WRPXxjQZz/clwADi6PpE1/7B\nqybde5hE38XnbGOhzIDyIXd8Hfztaaj7vxR5DiEOAY3jE5Ix98WQ0ZrbYTSu4o1b\ncSPdPt3JWFygdtur9ikw9FRFPNhcH195X5LGJas=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIICNTCCAZ4CCQC+2uIuN+erCTANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWth\nbWFpMR4wHAYDVQQDDBVzb21lLXJvb3QuZXhhbXBsZS5jb20wHhcNMTkwMzA4MTkw\nMzE4WhcNNDYwNzIzMTkwMzE4WjBfMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTUEx\nEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWthbWFpMR4wHAYDVQQDDBVz\nb21lLXJvb3QuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB\nANpc8vud0MhTRDBB1JZGfEAuutQf/CQ8ToyDor4TBvE1pa24DvT1DEaaDUMhVPXK\naJC95re6xV2NOvCrvOjZBNH94DWCldRg93DOVPmUEVcEcB81zfdfT0iEW96C2RFf\nI1Hv0tJynmxDI5k5lK4Js6/nonJbUVHL8X63yMvmR9HNAgMBAAEwDQYJKoZIhvcN\nAQELBQADgYEABnpsP51MLW0069megs/czB3EJWeMt2ynCD6RlQPqXBlkVsengT3y\ntRnKJwD5SYjr8sW9Vq5Rp2dm7X7i9osB+CSveORw3hWbu4TmiA18qJr/SSUwo5Xf\nbsjfV2IUQtNLEExhp1nBjvJNmTP3g/NiVVWHEQafynwXlNAj1ySuUzs=\n-----END CERTIFICATE-----"
        },
        {
            "name": "ChainN",
            "certificates": "-----BEGIN CERTIFICATE-----\nMIICijCCAfOgAwIBAgIJAJHSGaH2s0osMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxIDAeBgNVBAMMF3RjbS1yb290LWNhLmV4YW1wbGUuY29tMB4XDTE5\nMDIyNDIzMzUxN1oXDTQ2MDcxMTIzMzUxN1owZjELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAk1BMRIwEAYDVQQHDAlDYW1icmlkZ2UxDzANBgNVBAoMBkFrYW1haTElMCMG\nA1UEAwwcdGNtLWludGVybWVkaWF0ZS5leGFtcGxlLmNvbTCBnzANBgkqhkiG9w0B\nAQEFAAOBjQAwgYkCgYEAw6JPmMaZD/SOBkQ+PISBF+o+gQ0/zz6ei7GCfgN3k7db\nAm6GsqxG7yKJfQYhHMTQQsUNgNzYNSFRdJNyHM8Edjr3sCGIei571HNu3Yik95T3\nPJpInaY24yfye+v9ln2hKu/53r5G3xdsSm/ZyI1wK7nRj6bzbwnGlXEfMKmhcg8C\nAwEAAaNFMEMwHQYDVR0OBBYEFHu2jZE6TpHcoQwZaSNmj/VJ+p8TMBIGA1UdEwEB\n/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4GBABR8\nZ1blA+Vx32a39OhOX+Ul/PC8fX4Z0El7tiOGAA2xCoHK7cZqd+QkdKV9ju3Z2ah0\nSCHOPqBT7tZaXPrtx7sxtlb0U6IJdklb78BjeK1KlM5x4jfnAaAvouaGX2SU9fp2\na1P/IsuOD6zHBddTysuX8W3YEycdT7JzhCWpROKF\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIICOTCCAaICCQDPV5YuumF6sDANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWth\nbWFpMSAwHgYDVQQDDBd0Y20tcm9vdC1jYS5leGFtcGxlLmNvbTAeFw0xOTAyMjQy\nMzM0MjJaFw00NjA3MTEyMzM0MjJaMGExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxIDAeBgNVBAMM\nF3RjbS1yb290LWNhLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\niQKBgQDXFPDgDFXXcS7Pa6G02VP6OGL3YYGBJm2AqtkB0MeLWOk3RsBIPcEgY1eq\n+32n8fObXUr0UX22sjyv/PkMkYWIru01dE9pc2KCDNYF7Gea8kM9C0VQx0gog5SL\nesYHABEox+t0ZVhVvOfUIlqK6GN7eEiN6PTgKhpEVnoowne81QIDAQABMA0GCSqGvSIb3DQEBCwUAA4GBALK8Hko9UU62XYX1IdJ2EA/XRWHPin2OXurEPRDv0X4q9oc9\nBMvDR36pXMMEFd9pRp7MQnGq266qecNWBkmcSY9k/ct8GtG6t4k+lBQvQPBERs7I\niiCDgIa53ofoJSi2rN9+HuluSwFLIObt2pKhrgfy6UV9VasTyxcLw8wD4z8u\n-----END CERTIFICATE-----"
        }
    ]
}

Get the latest version of the CA set with certificates listed individually

By default, gets the latest version of the CA set with certificates listed individually.

GET /trust-chain-manager/v1/sets/{setId}/certificates

Sample: /trust-chain-manager/v1/sets/100/certificates

Parameter Type Sample Description
URL path parameters
setId Integer 100 A unique identifier for each set.

Status 200 application/json

Download schema: set-certificates.json

Response body:

{
    "id": 75469,
    "name": "devqaSetId276",
    "version": 75221,
    "hasAcknowledgedNoRootCertificate": true,
    "requireRootCertificate": false,
    "chains": [
        {
            "name": "chain2",
            "certificates": [
                {
                    "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate.tcm-11-example.com",
                    "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-13-example.com",
                    "expiryDate": "2020-04-07T17:33:39",
                    "startDate": "2019-04-08T17:33:39",
                    "certificate": "-----BEGIN CERTIFICATE-----\nMIIDDzCCAnKgAwIBAgIJAJHSGaH2s0pCMAoGCCqGSM49BAMCMFwxCzAJBgNVBAYT\nAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZB\na2FtYWkxGzAZBgNVBAMMEnRjbS0xMy1leGFtcGxlLmNvbTAeFw0xOTA0MDgxNzMz\nMzlaFw0yMDA0MDcxNzMzMzlaMGkxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNQTES\nMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxKDAmBgNVBAMMH2lu\ndGVybWVkaWF0ZS50Y20tMTEtZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDaotqwVMcQUoje6z353HxTItlOSiKVP4kDv+OuSGz2K8eX\nl2Wv2oRVCqSZ5oYuVooA+2JtviVnjsAidx6VK4+qc6BUmqSF2FEWbBhSm2hi6Pzt\nFp+heVBEdJUKtxHehtI5n1xw8Id5ziQLi5ywKAR5CQLjRScFGIWkj0zMJXUYwjJl\nNkVpJiD4PO1cFqGIIa/VyqlNCNwH3dfZEwBlhmRG1cDBEoOLb/F7159pMNIe/3aB\nlNyehMfLj7vSesFmYCw24nrAwW2gL+gx+uwMJaU3Hzk+yhzcVeOIiw4Gsm/elJzN\nVwJRUxoVSigcYi2Z8BcHWk+HDOZxnO9x0lVeyLZdAgMBAAGjRTBDMB0GA1UdDgQW\nBBR8j0E4g1vIdtpawhc7ZJ72v9qebDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1Ud\nDwEB/wQEAwIBhjAKBggqhkjOPQQDAgOBigAwgYYCQSp2p1MrZIwGadKK4NrEI0o9\n49g3ISzZ5APw/XqMwen8s6rOlnJJhUN+7zzdp/gIvdPVlMDQBAqb447mPTVn250r\nAkEGJfMps1E9XmWilKXtcZzorYMeO1wCCiEfibYtgVUKoItZqs144K77DfovjUD8\nwvbndItQEOm8sx+MLzQ1aWrduw==\n-----END CERTIFICATE-----",
                    "id": 75754
                },
                {
                    "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate1.tcm-11-example.com",
                    "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate.tcm-11-example.com",
                    "expiryDate": "2020-04-07T17:43:58",
                    "startDate": "2019-04-08T17:43:58",
                    "certificate": "-----BEGIN CERTIFICATE-----\nMIIDmzCCAoOgAwIBAgIJAJHSGaH2s0pDMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxKDAmBgNVBAMMH2ludGVybWVkaWF0ZS50Y20tMTEtZXhhbXBsZS5j\nb20wHhcNMTkwNDA4MTc0MzU4WhcNMjAwNDA3MTc0MzU4WjBqMQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWth\nbWFpMSkwJwYDVQQDDCBpbnRlcm1lZGlhdGUxLnRjbS0xMS1leGFtcGxlLmNvbTCC\nASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALgwBUMjpHQcU3gnZBlPaT7y\nFAlwVjP/tjpxrnc9o92HJdta6yukQuPJ+FjY1AYvCaf5bF8KHpo08Vz2X43tQhMu\nHMBRMUTb6HxYitQbiTijVw0gClSMmvBV4wk8osh81L9aNH/6OljSzWce99UnBefn\nfDZlfg1Y4lFK/zGyFhLcils5lVVd5JfNuwn+54cWdqoTcuaMHvz5i5/cASEI1w8T\nUicdMHUv+32cVcppfhncGxIPqIrdnsWotRrgr7RkYs/ubp8Gm81j6dYNAMJ0YYxG\nn6ppv23poXapuiUjEQc7o8xDtoyI7WnsWrxzd/bm2fXde5krum4CL9X/ugBYV/EC\nAwEAAaNFMEMwHQYDVR0OBBYEFPGRnc9xmEaNZlKWVX+WY+NUHVVDMBIGA1UdEwEB\n/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQDW\nsZV2VOIO7LSjsgRZIWO8iaJ/CVaK+KqY/WhdIoXHcazX8qITnzcPgdci1pCGReDa\nYCjuvGPbHiPqN8n9g8NtbTGoVUBGFPchxK+pLgJUASa11FmOG2HQFngAz/MBjfNC\n/E7AgC3LxDJwf4Sm7jQtzmEMgONGrxQbhJhUIFuUIFrmlQclOxtoIu2aFSEoskob\nh9bDyYKCIiMGY2IFOSP7/oQEY1zkFcH/b1Im5gesNcbEjArmiEdPKlRyPeTiQ1F0\nFIOqaPoIgzwstD1k8cPvvAU9+sH/AhetU1i94U28SFg2Mt6jQM3iG63mHzjFzo14\n6e/YKx6F+MTdsUdP4AFn\n-----END CERTIFICATE-----",
                    "id": 75755
                }
            ]
        },
        {
            "name": "chain1",
            "certificates": [
                {
                    "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-13-example.com",
                    "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-13-example.com",
                    "expiryDate": "2020-04-07T17:27:35",
                    "startDate": "2019-04-08T17:27:35",
                    "certificate": "-----BEGIN CERTIFICATE-----\nMIIECzCCA22gAwIBAgIJAOW+qN6sBoEgMAoGCCqGSM49BAMCMFwxCzAJBgNVBAYT\nAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZB\na2FtYWkxGzAZBgNVBAMMEnRjbS0xMy1leGFtcGxlLmNvbTAeFw0xOTA0MDgxNzI3\nMzVaFw0yMDA0MDcxNzI3MzVaMFwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNQTES\nMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxGzAZBgNVBAMMEnRj\nbS0xMy1leGFtcGxlLmNvbTCCAlwwggHPBgcqhkjOPQIBMIIBwgIBATBNBgcqhkjO\nPQEBAkIB////////////////////////////////////////////////////////\n//////////////////////////////8wgZ4EQgH/////////////////////////\n/////////////////////////////////////////////////////////////ARB\nUZU+uWGOHJofkpohoLaFQO6i2nJbmbMV87i0iZGO8QnhVhk5Uex+k3sWUsC9O7G/\nBzVz34g9LDTx70Uf1GtQPwADFQDQnogAKRy4U5bMZxc5MoSqoNpkugSBhQQAxoWO\nBrcEBOnNnj7LZiOVtEKcZIE5BT+1Ifgor2BrTT26oUted+/nWSj+HcEnov+o3jNI\ns8GFakKb+X5+McLlvWYBGDkpaniaO8AEXIpftCx9G9mY9URJV5tEaBevvRcnPmYs\nl+5ymV70JkDFULkBP60HYTU8cIaicsJAiL6Udp/RZlACQgH/////////////////\n//////////////////////////pRhoeDvy+Wa3/MAUj3CaXQO7XJuImcR667b7ce\nkThkCQIBAQOBhgAEAEXztKDE0BsR1r7q/rN2qc4KyTPjjgwlk8Va8VCqA/Elz57Q\nU4Lzt/XEk6vJd2YccgqK/oDffhT7MXT10Kb1DNI/AQryxSAJNlLurHA7G5U4M4xv\nBNgy4vtJJ40Xvbv3Fd7IM42CZBsKsaroKgrfk0NbjU0im9ETgAfUtq//njMiYJo3\noxMwETAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA4GLADCBhwJBPQEZG2pi\nL5iHKGMzb+IKGns1iguNCWEfZT3llAk0P8xb5A1tULWOxP+dJ6ezInRF3QdGGlEN\n2qiMl1vBSTTBsa8CQgGx1vr+0WcgcIRG6F04mKC2ikS+W/9/FuDqbRRHjd2fMWYl\nquT9SnmYbuK2jpM52fmKa85KUUdL2ypPWXSbKKHpQQ==\n-----END CERTIFICATE-----",
                    "id": 75756
                }
            ]
        },
        {
            "name": "chain31",
            "certificates": [
                {
                    "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-5-example.com",
                    "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-5-example.com",
                    "expiryDate": "2020-03-30T05:07:35",
                    "startDate": "2019-03-31T05:07:35",
                    "certificate": "-----BEGIN CERTIFICATE-----\nMIIDTDCCAjSgAwIBAgIJALVysyVJNlL0MA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxGjAYBgNVBAMMEXRjbS01LWV4YW1wbGUuY29tMB4XDTE5MDMzMTA1\nMDczNVoXDTIwMDMzMDA1MDczNVowWzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1B\nMRIwEAYDVQQHDAlDYW1icmlkZ2UxDzANBgNVBAoMBkFrYW1haTEaMBgGA1UEAwwR\ndGNtLTUtZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\nAQC7Q04nJTVIt7/ywgmk8K5WsghDaqzS4VT2dc/qedqa7qr86Bn7EJrftg6RNC8b\nNuRdJfG3CbJpxVMfMLkkFS3+6W1TC6WGJzD/54jRJ3wvAg8bhyAVeQ6xC09mG7i3\nKpZFRHRYfdAu9GRLj25Fih4mrjfEbl042euSB8XQa9ekchwfmh80tFqIJxZZFdX6\n3RbbKQ3afiW+aII/78CA0mOXcbsft53UYpQMYlcWpKSreMyBunFDHUum+b/oYpm1\nlHOE0EvoijRpBLTnGk/nrBoSYGshL7p8QaJxWQ+YBMJLQ4o8QuLQk9s5qW1u9IxJ\n5Pqr0PsSnwtX3TAyKa5YtdcdAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJ\nKoZIhvcNAQELBQADggEBAFWLGPA/Kqd9KVaY5h0IAJm0zN365VJC2i8dA87CDE1+\nESQyseRXm7uFczyJZgFVwG18iUgs8/8JJ6T7bWwRn/9iomjMvejADywk+ylgkrZI\n6nWGK+XIxQ9XT5+6cFQoXrhDM+o102173ncu6xEbfIPXgd6yY3Rk52Dy6i+vMfE8\n5BVzOmY1KCRGU/K1oo6cOtu6rch8UpBiCcBIBdCCOWVoqAYmznFVwjOaRtfiwbMa\nHB8VKsoEawUIha6nJQbVzgTh5D+gXR9lNMJxNjOeDdGJJBChtnyp69AwsCO/8N3k\naOy6P+6a4hnLUu0E95DW2rOTH1APWuGPJ+HEGwgVPiA=\n-----END CERTIFICATE-----",
                    "id": 75757
                },
                {
                    "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate.tcm-5-example.com",
                    "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-5-example.com",
                    "expiryDate": "2020-03-31T03:41:07",
                    "startDate": "2019-04-01T03:41:07",
                    "certificate": "-----BEGIN CERTIFICATE-----\nMIIDBzCCAe+gAwIBAgIJAJHSGaH2s0o2MA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxGjAYBgNVBAMMEXRjbS01LWV4YW1wbGUuY29tMB4XDTE5MDQwMTAz\nNDEwN1oXDTIwMDMzMTAzNDEwN1owaDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1B\nMRIwEAYDVQQHDAlDYW1icmlkZ2UxDzANBgNVBAoMBkFrYW1haTEnMCUGA1UEAwwe\naW50ZXJtZWRpYXRlLnRjbS01LWV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUA\nA4GNADCBiQKBgQDsTUmurNg0FMi0MGOcBT2DImzr+RtSNomGq/NsxhuLiQFAaCnO\niY6yIO0KrOC6NZHcHEWwvQso3OKls/c5pkFGxex4CNR7jpQ/XfoUqVir75fWYR7U\nCSrxaKTSuQyL21OcrO7SN4UCVaIvPTJyIIMh2WQAdjZmzwlujkIsp+USywIDAQAB\no0UwQzAdBgNVHQ4EFgQUln84iBJyViKO4kXJrO6y+O5oPjcwEgYDVR0TAQH/BAgw\nBgEB/wIBATAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBAIsbu2dx\nY/hpQg+g4cvihIuMpaN6y/avGm4x9TSILTP+4pcdis8QIMdnBi+2w6+Hhv80rX9w\nCulARg1qTnCf5mkR5iGnF5mEqeIe5xRop1rgmNAkC3D2SwJSLcB4zPHve9ijgk/U\nALe2ucvguaO7WNh3ykmthMLCf5aDr+XnP95F5gXxJ88zmAfx5EExp6QYNahuXgvp\nXhTCkYkhHQeZlw6M8Fx7G5XZAk/kHw4FUmWc8sOj4LtilL7zf9risyPxO3nOW+vF\nFqBS0BLtHbMws6ow2Hhn17WDYFCpF13owqFt6oX407QPhx8jyR2DHwVAPBgF7+BV\niPpNC6TdnL7PVHM=\n-----END CERTIFICATE-----",
                    "id": 75758
                }
            ]
        }
    ]
}

Get a certain version of the CA set with certificates listed individually

Gets the specified version of the CA set with certificates listed individually.

GET /trust-chain-manager/v1/sets/{setId}/certificates/versions/{version}

Sample: /trust-chain-manager/v1/sets/100/certificates/versions/75361

Parameter Type Sample Description
URL path parameters
setId Integer 100 A unique identifier for each set.
version Integer 75361 A version number.

Status 200 application/json

Download schema: set-certificates.json

Response body:

{
    "id": 75469,
    "name": "devqaSetId276",
    "version": 75221,
    "hasAcknowledgedNoRootCertificate": true,
    "requireRootCertificate": false,
    "chains": [
        {
            "name": "chain2",
            "certificates": [
                {
                    "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate.tcm-11-example.com",
                    "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-13-example.com",
                    "expiryDate": "2020-04-07T17:33:39",
                    "startDate": "2019-04-08T17:33:39",
                    "certificate": "-----BEGIN CERTIFICATE-----\nMIIDDzCCAnKgAwIBAgIJAJHSGaH2s0pCMAoGCCqGSM49BAMCMFwxCzAJBgNVBAYT\nAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZB\na2FtYWkxGzAZBgNVBAMMEnRjbS0xMy1leGFtcGxlLmNvbTAeFw0xOTA0MDgxNzMz\nMzlaFw0yMDA0MDcxNzMzMzlaMGkxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNQTES\nMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxKDAmBgNVBAMMH2lu\ndGVybWVkaWF0ZS50Y20tMTEtZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDaotqwVMcQUoje6z353HxTItlOSiKVP4kDv+OuSGz2K8eX\nl2Wv2oRVCqSZ5oYuVooA+2JtviVnjsAidx6VK4+qc6BUmqSF2FEWbBhSm2hi6Pzt\nFp+heVBEdJUKtxHehtI5n1xw8Id5ziQLi5ywKAR5CQLjRScFGIWkj0zMJXUYwjJl\nNkVpJiD4PO1cFqGIIa/VyqlNCNwH3dfZEwBlhmRG1cDBEoOLb/F7159pMNIe/3aB\nlNyehMfLj7vSesFmYCw24nrAwW2gL+gx+uwMJaU3Hzk+yhzcVeOIiw4Gsm/elJzN\nVwJRUxoVSigcYi2Z8BcHWk+HDOZxnO9x0lVeyLZdAgMBAAGjRTBDMB0GA1UdDgQW\nBBR8j0E4g1vIdtpawhc7ZJ72v9qebDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1Ud\nDwEB/wQEAwIBhjAKBggqhkjOPQQDAgOBigAwgYYCQSp2p1MrZIwGadKK4NrEI0o9\n49g3ISzZ5APw/XqMwen8s6rOlnJJhUN+7zzdp/gIvdPVlMDQBAqb447mPTVn250r\nAkEGJfMps1E9XmWilKXtcZzorYMeO1wCCiEfibYtgVUKoItZqs144K77DfovjUD8\nwvbndItQEOm8sx+MLzQ1aWrduw==\n-----END CERTIFICATE-----",
                    "id": 75754
                },
                {
                    "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate1.tcm-11-example.com",
                    "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate.tcm-11-example.com",
                    "expiryDate": "2020-04-07T17:43:58",
                    "startDate": "2019-04-08T17:43:58",
                    "certificate": "-----BEGIN CERTIFICATE-----\nMIIDmzCCAoOgAwIBAgIJAJHSGaH2s0pDMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxKDAmBgNVBAMMH2ludGVybWVkaWF0ZS50Y20tMTEtZXhhbXBsZS5j\nb20wHhcNMTkwNDA4MTc0MzU4WhcNMjAwNDA3MTc0MzU4WjBqMQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWth\nbWFpMSkwJwYDVQQDDCBpbnRlcm1lZGlhdGUxLnRjbS0xMS1leGFtcGxlLmNvbTCC\nASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALgwBUMjpHQcU3gnZBlPaT7y\nFAlwVjP/tjpxrnc9o92HJdta6yukQuPJ+FjY1AYvCaf5bF8KHpo08Vz2X43tQhMu\nHMBRMUTb6HxYitQbiTijVw0gClSMmvBV4wk8osh81L9aNH/6OljSzWce99UnBefn\nfDZlfg1Y4lFK/zGyFhLcils5lVVd5JfNuwn+54cWdqoTcuaMHvz5i5/cASEI1w8T\nUicdMHUv+32cVcppfhncGxIPqIrdnsWotRrgr7RkYs/ubp8Gm81j6dYNAMJ0YYxG\nn6ppv23poXapuiUjEQc7o8xDtoyI7WnsWrxzd/bm2fXde5krum4CL9X/ugBYV/EC\nAwEAAaNFMEMwHQYDVR0OBBYEFPGRnc9xmEaNZlKWVX+WY+NUHVVDMBIGA1UdEwEB\n/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQDW\nsZV2VOIO7LSjsgRZIWO8iaJ/CVaK+KqY/WhdIoXHcazX8qITnzcPgdci1pCGReDa\nYCjuvGPbHiPqN8n9g8NtbTGoVUBGFPchxK+pLgJUASa11FmOG2HQFngAz/MBjfNC\n/E7AgC3LxDJwf4Sm7jQtzmEMgONGrxQbhJhUIFuUIFrmlQclOxtoIu2aFSEoskob\nh9bDyYKCIiMGY2IFOSP7/oQEY1zkFcH/b1Im5gesNcbEjArmiEdPKlRyPeTiQ1F0\nFIOqaPoIgzwstD1k8cPvvAU9+sH/AhetU1i94U28SFg2Mt6jQM3iG63mHzjFzo14\n6e/YKx6F+MTdsUdP4AFn\n-----END CERTIFICATE-----",
                    "id": 75755
                }
            ]
        },
        {
            "name": "chain1",
            "certificates": [
                {
                    "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-13-example.com",
                    "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-13-example.com",
                    "expiryDate": "2020-04-07T17:27:35",
                    "startDate": "2019-04-08T17:27:35",
                    "certificate": "-----BEGIN CERTIFICATE-----\nMIIECzCCA22gAwIBAgIJAOW+qN6sBoEgMAoGCCqGSM49BAMCMFwxCzAJBgNVBAYT\nAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZB\na2FtYWkxGzAZBgNVBAMMEnRjbS0xMy1leGFtcGxlLmNvbTAeFw0xOTA0MDgxNzI3\nMzVaFw0yMDA0MDcxNzI3MzVaMFwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNQTES\nMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxGzAZBgNVBAMMEnRj\nbS0xMy1leGFtcGxlLmNvbTCCAlwwggHPBgcqhkjOPQIBMIIBwgIBATBNBgcqhkjO\nPQEBAkIB////////////////////////////////////////////////////////\n//////////////////////////////8wgZ4EQgH/////////////////////////\n/////////////////////////////////////////////////////////////ARB\nUZU+uWGOHJofkpohoLaFQO6i2nJbmbMV87i0iZGO8QnhVhk5Uex+k3sWUsC9O7G/\nBzVz34g9LDTx70Uf1GtQPwADFQDQnogAKRy4U5bMZxc5MoSqoNpkugSBhQQAxoWO\nBrcEBOnNnj7LZiOVtEKcZIE5BT+1Ifgor2BrTT26oUted+/nWSj+HcEnov+o3jNI\ns8GFakKb+X5+McLlvWYBGDkpaniaO8AEXIpftCx9G9mY9URJV5tEaBevvRcnPmYs\nl+5ymV70JkDFULkBP60HYTU8cIaicsJAiL6Udp/RZlACQgH/////////////////\n//////////////////////////pRhoeDvy+Wa3/MAUj3CaXQO7XJuImcR667b7ce\nkThkCQIBAQOBhgAEAEXztKDE0BsR1r7q/rN2qc4KyTPjjgwlk8Va8VCqA/Elz57Q\nU4Lzt/XEk6vJd2YccgqK/oDffhT7MXT10Kb1DNI/AQryxSAJNlLurHA7G5U4M4xv\nBNgy4vtJJ40Xvbv3Fd7IM42CZBsKsaroKgrfk0NbjU0im9ETgAfUtq//njMiYJo3\noxMwETAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA4GLADCBhwJBPQEZG2pi\nL5iHKGMzb+IKGns1iguNCWEfZT3llAk0P8xb5A1tULWOxP+dJ6ezInRF3QdGGlEN\n2qiMl1vBSTTBsa8CQgGx1vr+0WcgcIRG6F04mKC2ikS+W/9/FuDqbRRHjd2fMWYl\nquT9SnmYbuK2jpM52fmKa85KUUdL2ypPWXSbKKHpQQ==\n-----END CERTIFICATE-----",
                    "id": 75756
                }
            ]
        },
        {
            "name": "chain31",
            "certificates": [
                {
                    "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-5-example.com",
                    "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-5-example.com",
                    "expiryDate": "2020-03-30T05:07:35",
                    "startDate": "2019-03-31T05:07:35",
                    "certificate": "-----BEGIN CERTIFICATE-----\nMIIDTDCCAjSgAwIBAgIJALVysyVJNlL0MA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxGjAYBgNVBAMMEXRjbS01LWV4YW1wbGUuY29tMB4XDTE5MDMzMTA1\nMDczNVoXDTIwMDMzMDA1MDczNVowWzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1B\nMRIwEAYDVQQHDAlDYW1icmlkZ2UxDzANBgNVBAoMBkFrYW1haTEaMBgGA1UEAwwR\ndGNtLTUtZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\nAQC7Q04nJTVIt7/ywgmk8K5WsghDaqzS4VT2dc/qedqa7qr86Bn7EJrftg6RNC8b\nNuRdJfG3CbJpxVMfMLkkFS3+6W1TC6WGJzD/54jRJ3wvAg8bhyAVeQ6xC09mG7i3\nKpZFRHRYfdAu9GRLj25Fih4mrjfEbl042euSB8XQa9ekchwfmh80tFqIJxZZFdX6\n3RbbKQ3afiW+aII/78CA0mOXcbsft53UYpQMYlcWpKSreMyBunFDHUum+b/oYpm1\nlHOE0EvoijRpBLTnGk/nrBoSYGshL7p8QaJxWQ+YBMJLQ4o8QuLQk9s5qW1u9IxJ\n5Pqr0PsSnwtX3TAyKa5YtdcdAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJ\nKoZIhvcNAQELBQADggEBAFWLGPA/Kqd9KVaY5h0IAJm0zN365VJC2i8dA87CDE1+\nESQyseRXm7uFczyJZgFVwG18iUgs8/8JJ6T7bWwRn/9iomjMvejADywk+ylgkrZI\n6nWGK+XIxQ9XT5+6cFQoXrhDM+o102173ncu6xEbfIPXgd6yY3Rk52Dy6i+vMfE8\n5BVzOmY1KCRGU/K1oo6cOtu6rch8UpBiCcBIBdCCOWVoqAYmznFVwjOaRtfiwbMa\nHB8VKsoEawUIha6nJQbVzgTh5D+gXR9lNMJxNjOeDdGJJBChtnyp69AwsCO/8N3k\naOy6P+6a4hnLUu0E95DW2rOTH1APWuGPJ+HEGwgVPiA=\n-----END CERTIFICATE-----",
                    "id": 75757
                },
                {
                    "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate.tcm-5-example.com",
                    "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-5-example.com",
                    "expiryDate": "2020-03-31T03:41:07",
                    "startDate": "2019-04-01T03:41:07",
                    "certificate": "-----BEGIN CERTIFICATE-----\nMIIDBzCCAe+gAwIBAgIJAJHSGaH2s0o2MA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxGjAYBgNVBAMMEXRjbS01LWV4YW1wbGUuY29tMB4XDTE5MDQwMTAz\nNDEwN1oXDTIwMDMzMTAzNDEwN1owaDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1B\nMRIwEAYDVQQHDAlDYW1icmlkZ2UxDzANBgNVBAoMBkFrYW1haTEnMCUGA1UEAwwe\naW50ZXJtZWRpYXRlLnRjbS01LWV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUA\nA4GNADCBiQKBgQDsTUmurNg0FMi0MGOcBT2DImzr+RtSNomGq/NsxhuLiQFAaCnO\niY6yIO0KrOC6NZHcHEWwvQso3OKls/c5pkFGxex4CNR7jpQ/XfoUqVir75fWYR7U\nCSrxaKTSuQyL21OcrO7SN4UCVaIvPTJyIIMh2WQAdjZmzwlujkIsp+USywIDAQAB\no0UwQzAdBgNVHQ4EFgQUln84iBJyViKO4kXJrO6y+O5oPjcwEgYDVR0TAQH/BAgw\nBgEB/wIBATAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBAIsbu2dx\nY/hpQg+g4cvihIuMpaN6y/avGm4x9TSILTP+4pcdis8QIMdnBi+2w6+Hhv80rX9w\nCulARg1qTnCf5mkR5iGnF5mEqeIe5xRop1rgmNAkC3D2SwJSLcB4zPHve9ijgk/U\nALe2ucvguaO7WNh3ykmthMLCf5aDr+XnP95F5gXxJ88zmAfx5EExp6QYNahuXgvp\nXhTCkYkhHQeZlw6M8Fx7G5XZAk/kHw4FUmWc8sOj4LtilL7zf9risyPxO3nOW+vF\nFqBS0BLtHbMws6ow2Hhn17WDYFCpF13owqFt6oX407QPhx8jyR2DHwVAPBgF7+BV\niPpNC6TdnL7PVHM=\n-----END CERTIFICATE-----",
                    "id": 75758
                }
            ]
        }
    ]
}

Get the certificate by ID

Gets the certificate source and its X.509 elements

GET /trust-chain-manager/v1/sets/{setId}/certificates/{certificateId}

Sample: /trust-chain-manager/v1/sets/100/certificates/{certificateId}

Parameter Type Sample Description
URL path parameters
setId Integer 100 A unique identifier for each set.

Status 200 application/json

Download schema: certificate.json

Response body:

{
    "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate.tcm-11-example.com",
    "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-13-example.com",
    "expiryDate": "2020-04-07T17:33:39",
    "startDate": "2019-04-08T17:33:39",
    "certificate": "-----BEGIN CERTIFICATE-----\nMIIDDzCCAnKgAwIBAgIJAJHSGaH2s0pCMAoGCCqGSM49BAMCMFwxCzAJBgNVBAYT\nAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZB\na2FtYWkxGzAZBgNVBAMMEnRjbS0xMy1leGFtcGxlLmNvbTAeFw0xOTA0MDgxNzMz\nMzlaFw0yMDA0MDcxNzMzMzlaMGkxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNQTES\nMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxKDAmBgNVBAMMH2lu\ndGVybWVkaWF0ZS50Y20tMTEtZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDaotqwVMcQUoje6z353HxTItlOSiKVP4kDv+OuSGz2K8eX\nl2Wv2oRVCqSZ5oYuVooA+2JtviVnjsAidx6VK4+qc6BUmqSF2FEWbBhSm2hi6Pzt\nFp+heVBEdJUKtxHehtI5n1xw8Id5ziQLi5ywKAR5CQLjRScFGIWkj0zMJXUYwjJl\nNkVpJiD4PO1cFqGIIa/VyqlNCNwH3dfZEwBlhmRG1cDBEoOLb/F7159pMNIe/3aB\nlNyehMfLj7vSesFmYCw24nrAwW2gL+gx+uwMJaU3Hzk+yhzcVeOIiw4Gsm/elJzN\nVwJRUxoVSigcYi2Z8BcHWk+HDOZxnO9x0lVeyLZdAgMBAAGjRTBDMB0GA1UdDgQW\nBBR8j0E4g1vIdtpawhc7ZJ72v9qebDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1Ud\nDwEB/wQEAwIBhjAKBggqhkjOPQQDAgOBigAwgYYCQSp2p1MrZIwGadKK4NrEI0o9\n49g3ISzZ5APw/XqMwen8s6rOlnJJhUN+7zzdp/gIvdPVlMDQBAqb447mPTVn250r\nAkEGJfMps1E9XmWilKXtcZzorYMeO1wCCiEfibYtgVUKoItZqs144K77DfovjUD8\nwvbndItQEOm8sx+MLzQ1aWrduw==\n-----END CERTIFICATE-----",
    "id": 77109
}

Get a list of certificates in the latest version of the CA set

By default, gets a list of certificate IDs in the latest version of the CA set.

GET /trust-chain-manager/v1/sets/{setId}/certificateIds

Sample: /trust-chain-manager/v1/sets/100/certificateIds

Parameter Type Sample Description
URL path parameters
setId Integer 100 A unique identifier for each set.

Status 200 application/json

Download schema: certificateIds.json

Response body:

{
    "id": 75469,
    "name": "devqaSetId276",
    "version": 75221,
    "hasAcknowledgedNoRootCertificate": true,
    "requireRootCertificate": false,
    "certificateIds": [
        75754,
        75755
    ]
}

Get a list of certificates in a certain version of the CA set

Gets a list of certificate IDs in the specified version of the CA set.

GET /trust-chain-manager/v1/sets/{setId}/certificateIds/versions/{version}

Sample: /trust-chain-manager/v1/sets/100/certificateIds/versions/75361

Parameter Type Sample Description
URL path parameters
setId Integer 100 A unique identifier for each set.
version Integer 75361 A version number.

Status 200 application/json

Download schema: certificateIds.json

Response body:

{
    "id": 75469,
    "name": "devqaSetId276",
    "version": 75221,
    "hasAcknowledgedNoRootCertificate": true,
    "requireRootCertificate": false,
    "certificateIds": [
        75754,
        75755
    ]
}

Get all active versions of a CA set including trust chains

Active versions of a set are the versions currently deployed, or in the process of deployment to the network. A failed version is included if it is the latest version of the set deployed to the network. Each version of the CA set is presented as a collection of trust chains.

GET /trust-chain-manager/v1/sets/{setId}/trustchains

Sample: /trust-chain-manager/v1/sets/100/trustchains

Parameter Type Sample Description
URL path parameters
setId Integer 100 A unique identifier for each set.

Status 200 application/json

Download schema: versions.json

Response body:

{
    "id": 75221,
    "name": "tcmAutomation-2019-06-18-21-47-10",
    "hasAcknowledgedNoRootCertificate": false,
    "versions": [
        {
            "version": 75378,
            "requireRootCertificate": true,
            "production": "DEPLOYING",
            "staging": "DEPLOYED",
            "lastModifiedBy": "ccare2",
            "timestamp": "2019-06-20T15:04:03.46",
            "tree": [
                {
                    "certificate": {
                        "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,OU=IPQA,CN=IOT,E=plevin@akamai.com",
                        "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,OU=IPQA,CN=IOT,E=plevin@akamai.com",
                        "expiryDate": "2020-03-24T17:37:53",
                        "startDate": "2019-03-25T17:37:53",
                        "id": 75438
                    }
                },
                {
                    "certificate": {
                        "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-15-example.com",
                        "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-15-example.com",
                        "expiryDate": "2020-04-08T03:59:27",
                        "startDate": "2019-04-09T03:59:27",
                        "id": 75437
                    }
                }
            ]
        },
        {
            "version": 75371,
            "requireRootCertificate": true,
            "production": "DEPLOYED",
            "staging": "DEPLOYMENT_FAILED",
            "lastModifiedBy": "ccare2",
            "timestamp": "2019-06-19T15:25:51.049",
            "tree": [
                {
                    "certificate": {
                        "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,OU=IPQA,CN=IOT,E=plevin@akamai.com",
                        "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,OU=IPQA,CN=IOT,E=plevin@akamai.com",
                        "expiryDate": "2020-03-24T17:37:53",
                        "startDate": "2019-03-25T17:37:53",
                        "id": 75430
                    }
                }
            ]
        },
        {
            "version": 75361,
            "production": "",
            "staging": "DEPLOYING",
            "lastModifiedBy": "ccare2",
            "timestamp": "2019-06-19T01:47:11.675",
            "tree": [
                {
                    "certificate": {
                        "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-5-example.com",
                        "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-5-example.com",
                        "expiryDate": "2020-03-30T05:07:35",
                        "startDate": "2019-03-31T05:07:35",
                        "id": 76274
                    },
                    "certificates": [
                        {
                            "certificate": {
                                "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate.tcm-5-example.com",
                                "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-5-example.com",
                                "expiryDate": "2020-03-31T03:41:07",
                                "startDate": "2019-04-01T03:41:07",
                                "id": 76275
                            }
                        }
                    ]
                },
                {
                    "certificate": {
                        "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-13-example.com",
                        "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-13-example.com",
                        "expiryDate": "2020-04-07T17:27:35",
                        "startDate": "2019-04-08T17:27:35",
                        "id": 76273
                    },
                    "certificates": [
                        {
                            "certificate": {
                                "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate.tcm-11-example.com",
                                "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-13-example.com",
                                "expiryDate": "2020-04-07T17:33:39",
                                "startDate": "2019-04-08T17:33:39",
                                "id": 76271
                            },
                            "certificates": [
                                {
                                    "certificate": {
                                        "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate1.tcm-12-example.com",
                                        "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate.tcm-11-example.com",
                                        "expiryDate": "2020-04-07T17:43:58",
                                        "startDate": "2019-04-08T17:43:58",
                                        "id": 76272
                                    }
                                }
                            ]
                        }
                    ]
                }
            ]
        }
    ]
}

Get the deployment status of a CA set

Returns the deployment state of the specified CA set on each network. By default, returns deployment status of the latest version.

GET /trust-chain-manager/v1/sets/{setId}/deployments

Sample: /trust-chain-manager/v1/sets/100/deployments

Parameter Type Sample Description
URL path parameters
setId Integer 100 A unique identifier for each set.

Status 200 application/json

Object type: DeploymentState

Download schema: deployment-state.json

Response body:

{
    "name": "Set1",
    "id": 123456,
    "version": 76152,
    "deployment": {
        "staging": "DEPLOYED",
        "production": "DEPLOYING"
    }
}

Deploy a CA set to the network

Modifies a CA set’s deployment and requests that the set deploys on the specified networks. By default, deploys the latest version of the set.

PUT /trust-chain-manager/v1/sets/{setId}/deployments

Sample: /trust-chain-manager/v1/sets/100/deployments

Content-Type: application/json

Object type: Deployment

Download schema: deployment.json

Request body:

{
    "deployment": {
        "staging": false,
        "production": true
    }
}
Parameter Type Sample Description
URL path parameters
setId Integer 100 A unique identifier for each set.

Status 204

Get deployment status of a certain version of the CA set

Returns the deployment state of the specified version of the CA set on each network.

GET /trust-chain-manager/v1/sets/{setId}/deployments/versions/{version}

Sample: /trust-chain-manager/v1/sets/100/deployments/versions/76152

Parameter Type Sample Description
URL path parameters
setId Integer 100 A unique identifier for each set.
version Integer 76152 A version number.

Status 200 application/json

Object type: DeploymentState

Download schema: deployment-state.json

Response body:

{
    "name": "Set1",
    "id": 123456,
    "version": 76152,
    "deployment": {
        "staging": "DEPLOYED",
        "production": "DEPLOYING"
    }
}

Deploy a certain version of the CA set to the network

Modifies deployment of a certain version of the CA set and requests that the version deploys on the specified networks.

PUT /trust-chain-manager/v1/sets/{setId}/deployments/versions/{version}

Sample: /trust-chain-manager/v1/sets/100/deployments/versions/76152

Content-Type: application/json

Object type: Deployment

Download schema: deployment.json

Request body:

{
    "deployment": {
        "staging": false,
        "production": true
    }
}
Parameter Type Sample Description
URL path parameters
setId Integer 100 A unique identifier for each set.
version Integer 76152 A version number.

Status 204

Validate a CA set

If valid, returns the CA set formatted as a tree structure composed of root and intermediate certificates. See Certificate chain best practice for guidance on certificate validation.

POST /trust-chain-manager/v1/sets/validator

Content-Type: application/json

Object type: SetFullData

Download schema: set-full-data.json

Request body:

{
    "name": "devqaSetId225",
    "requireRootCertificate": true,
    "deployment": {
        "staging": true,
        "production": true
    },
    "chains": [
        {
            "name": "chain1",
            "certificates": "-----BEGIN CERTIFICATE-----\nMIIECzCCA22gAwIBAgIJAOW+qN6sBoEgMAoGCCqGSM49BAMCMFwxCzAJBgNVBAYT\nAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZB\na2FtYWkxGzAZBgNVBAMMEnRjbS0xMy1leGFtcGxlLmNvbTAeFw0xOTA0MDgxNzI3\nMzVaFw0yMDA0MDcxNzI3MzVaMFwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNQTES\nMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxGzAZBgNVBAMMEnRj\nbS0xMy1leGFtcGxlLmNvbTCCAlwwggHPBgcqhkjOPQIBMIIBwgIBATBNBgcqhkjO\nPQEBAkIB////////////////////////////////////////////////////////\n//////////////////////////////8wgZ4EQgH/////////////////////////\n/////////////////////////////////////////////////////////////ARB\nUZU+uWGOHJofkpohoLaFQO6i2nJbmbMV87i0iZGO8QnhVhk5Uex+k3sWUsC9O7G/\nBzVz34g9LDTx70Uf1GtQPwADFQDQnogAKRy4U5bMZxc5MoSqoNpkugSBhQQAxoWO\nBrcEBOnNnj7LZiOVtEKcZIE5BT+1Ifgor2BrTT26oUted+/nWSj+HcEnov+o3jNI\ns8GFakKb+X5+McLlvWYBGDkpaniaO8AEXIpftCx9G9mY9URJV5tEaBevvRcnPmYs\nl+5ymV70JkDFULkBP60HYTU8cIaicsJAiL6Udp/RZlACQgH/////////////////\n//////////////////////////pRhoeDvy+Wa3/MAUj3CaXQO7XJuImcR667b7ce\nkThkCQIBAQOBhgAEAEXztKDE0BsR1r7q/rN2qc4KyTPjjgwlk8Va8VCqA/Elz57Q\nU4Lzt/XEk6vJd2YccgqK/oDffhT7MXT10Kb1DNI/AQryxSAJNlLurHA7G5U4M4xv\nBNgy4vtJJ40Xvbv3Fd7IM42CZBsKsaroKgrfk0NbjU0im9ETgAfUtq//njMiYJo3\noxMwETAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA4GLADCBhwJBPQEZG2pi\nL5iHKGMzb+IKGns1iguNCWEfZT3llAk0P8xb5A1tULWOxP+dJ6ezInRF3QdGGlEN\n2qiMl1vBSTTBsa8CQgGx1vr+0WcgcIRG6F04mKC2ikS+W/9/FuDqbRRHjd2fMWYl\nquT9SnmYbuK2jpM52fmKa85KUUdL2ypPWXSbKKHpQQ==\n-----END CERTIFICATE-----"
        },
        {
            "name": "chain2",
            "certificates": "-----BEGIN CERTIFICATE-----\nMIIDDzCCAnKgAwIBAgIJAJHSGaH2s0pCMAoGCCqGSM49BAMCMFwxCzAJBgNVBAYT\nAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZB\na2FtYWkxGzAZBgNVBAMMEnRjbS0xMy1leGFtcGxlLmNvbTAeFw0xOTA0MDgxNzMz\nMzlaFw0yMDA0MDcxNzMzMzlaMGkxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNQTES\nMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxKDAmBgNVBAMMH2lu\ndGVybWVkaWF0ZS50Y20tMTEtZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDaotqwVMcQUoje6z353HxTItlOSiKVP4kDv+OuSGz2K8eX\nl2Wv2oRVCqSZ5oYuVooA+2JtviVnjsAidx6VK4+qc6BUmqSF2FEWbBhSm2hi6Pzt\nFp+heVBEdJUKtxHehtI5n1xw8Id5ziQLi5ywKAR5CQLjRScFGIWkj0zMJXUYwjJl\nNkVpJiD4PO1cFqGIIa/VyqlNCNwH3dfZEwBlhmRG1cDBEoOLb/F7159pMNIe/3aB\nlNyehMfLj7vSesFmYCw24nrAwW2gL+gx+uwMJaU3Hzk+yhzcVeOIiw4Gsm/elJzN\nVwJRUxoVSigcYi2Z8BcHWk+HDOZxnO9x0lVeyLZdAgMBAAGjRTBDMB0GA1UdDgQW\nBBR8j0E4g1vIdtpawhc7ZJ72v9qebDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1Ud\nDwEB/wQEAwIBhjAKBggqhkjOPQQDAgOBigAwgYYCQSp2p1MrZIwGadKK4NrEI0o9\n49g3ISzZ5APw/XqMwen8s6rOlnJJhUN+7zzdp/gIvdPVlMDQBAqb447mPTVn250r\nAkEGJfMps1E9XmWilKXtcZzorYMeO1wCCiEfibYtgVUKoItZqs144K77DfovjUD8\nwvbndItQEOm8sx+MLzQ1aWrduw==\n-----END CERTIFICATE-----"
        },
        {
            "name": "chain3",
            "certificates": "-----BEGIN CERTIFICATE-----\nMIIDmzCCAoOgAwIBAgIJAJHSGaH2s0pDMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxKDAmBgNVBAMMH2ludGVybWVkaWF0ZS50Y20tMTEtZXhhbXBsZS5j\nb20wHhcNMTkwNDA4MTc0MzU4WhcNMjAwNDA3MTc0MzU4WjBqMQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWth\nbWFpMSkwJwYDVQQDDCBpbnRlcm1lZGlhdGUxLnRjbS0xMS1leGFtcGxlLmNvbTCC\nASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALgwBUMjpHQcU3gnZBlPaT7y\nFAlwVjP/tjpxrnc9o92HJdta6yukQuPJ+FjY1AYvCaf5bF8KHpo08Vz2X43tQhMu\nHMBRMUTb6HxYitQbiTijVw0gClSMmvBV4wk8osh81L9aNH/6OljSzWce99UnBefn\nfDZlfg1Y4lFK/zGyFhLcils5lVVd5JfNuwn+54cWdqoTcuaMHvz5i5/cASEI1w8T\nUicdMHUv+32cVcppfhncGxIPqIrdnsWotRrgr7RkYs/ubp8Gm81j6dYNAMJ0YYxG\nn6ppv23poXapuiUjEQc7o8xDtoyI7WnsWrxzd/bm2fXde5krum4CL9X/ugBYV/EC\nAwEAAaNFMEMwHQYDVR0OBBYEFPGRnc9xmEaNZlKWVX+WY+NUHVVDMBIGA1UdEwEB\n/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQDW\nsZV2VOIO7LSjsgRZIWO8iaJ/CVaK+KqY/WhdIoXHcazX8qITnzcPgdci1pCGReDa\nYCjuvGPbHiPqN8n9g8NtbTGoVUBGFPchxK+pLgJUASa11FmOG2HQFngAz/MBjfNC\n/E7AgC3LxDJwf4Sm7jQtzmEMgONGrxQbhJhUIFuUIFrmlQclOxtoIu2aFSEoskob\nh9bDyYKCIiMGY2IFOSP7/oQEY1zkFcH/b1Im5gesNcbEjArmiEdPKlRyPeTiQ1F0\nFIOqaPoIgzwstD1k8cPvvAU9+sH/AhetU1i94U28SFg2Mt6jQM3iG63mHzjFzo14\n6e/YKx6F+MTdsUdP4AFn\n-----END CERTIFICATE-----"
        }
    ]
}

Status 200 application/json

Download schema: versions.json

Response body:

{
    "id": null,
    "name": null,
    "hasAcknowledgedNoRootCertificate": false,
    "versions": [
        {
            "version": null,
            "requireRootCertificate": true,
            "staging": "",
            "production": "",
            "status": "INITIAL",
            "lastModifiedBy": "ralexand",
            "timestamp": "2019-06-28T18:11:01.158",
            "tree": [
                {
                    "certificate": {
                        "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-13-example.com",
                        "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-13-example.com",
                        "expiryDate": "2020-04-07T17:27:35",
                        "startDate": "2019-04-08T17:27:35",
                        "id": null
                    },
                    "certificates": [
                        {
                            "certificate": {
                                "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate.tcm-11-example.com",
                                "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-13-example.com",
                                "expiryDate": "2020-04-07T17:33:39",
                                "startDate": "2019-04-08T17:33:39",
                                "id": null
                            },
                            "certificates": [
                                {
                                    "certificate": {
                                        "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate1.tcm-11-example.com",
                                        "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate.tcm-11-example.com",
                                        "expiryDate": "2020-04-07T17:43:58",
                                        "startDate": "2019-04-08T17:43:58",
                                        "id": null
                                    }
                                }
                            ]
                        }
                    ]
                }
            ]
        }
    ]
}

Data

This section provides you with the data model for the Trust Chain Manager API.

Download the JSON schemas for this API.

This section’s data schema tables list membership requirements as follows:

Member is required in requests, or always present in responses, even if its value is empty or null.
Member is optional, and may be omitted in some cases.

SetFullData

Full data presentation of a CA Set.

Download schema: set-full-data.json

Sample GET response, POST, PUT body:

{
    "id": 123456,
    "version": 75361,
    "name": "Set1",
    "hasAcknowledgedNoRootCertificate": true,
    "requireRootCertificate": false,
    "deployment": {
        "staging": true,
        "production": true
    },
    "chains": [
        {
            "name": "Chain1",
            "certificates": "-----BEGIN CERTIFICATE-----\nMIICiTCCAfKgAwIBAgIJAJHSGaH2s0otMA0GCSqGSIb3DQEBCwUAMF8xCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxHjAcBgNVBAMMFXNvbWUtcm9vdC5leGFtcGxlLmNvbTAeFw0xOTAz\nMDgxOTA3MDhaFw00NjA3MjMxOTA3MDhaMGcxCzAJBgNVBAYTAlVTMQswCQYDVQQI\nDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxJjAkBgNV\nBAMMHXNvbWUtaW50ZXJtZWRpYXRlLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB\nAQUAA4GNADCBiQKBgQCzuzTQHsW8HHB6cHv7jT/4cETl53jHB1QOK7aVdVO/cK5i\nv8YFB/O2zcXfHbObJTMDp5T33tiy2dTa4X/9OirC/FcEKK7pFL07r60nkyLbnX1P\nOLE7TrfBbzFpBxWXTSuXFi4Y002dvxKfxsgruxD3JVsdwBh4jZS6IkyUJHmopwID\nAQABo0UwQzAdBgNVHQ4EFgQUAveECjwgwk+MHozpCpMauW1TftkwEgYDVR0TAQH/\nBAgwBgEB/wIBATAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADgYEAxRxv\n4NadAtvJx7xBGBcR9C3NEz9WR84bpfHP720ZpgR8WRPXxjQZz/clwADi6PpE1/7B\nqybde5hE38XnbGOhzIDyIXd8Hfztaaj7vxR5DiEOAY3jE5Ix98WQ0ZrbYTSu4o1b\ncSPdPt3JWFygdtur9ikw9FRFPNhcH195X5LGJas=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIICNTCCAZ4CCQC+2uIuN+erCTANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWth\nbWFpMR4wHAYDVQQDDBVzb21lLXJvb3QuZXhhbXBsZS5jb20wHhcNMTkwMzA4MTkw\nMzE4WhcNNDYwNzIzMTkwMzE4WjBfMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTUEx\nEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWthbWFpMR4wHAYDVQQDDBVz\nb21lLXJvb3QuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB\nANpc8vud0MhTRDBB1JZGfEAuutQf/CQ8ToyDor4TBvE1pa24DvT1DEaaDUMhVPXK\naJC95re6xV2NOvCrvOjZBNH94DWCldRg93DOVPmUEVcEcB81zfdfT0iEW96C2RFf\nI1Hv0tJynmxDI5k5lK4Js6/nonJbUVHL8X63yMvmR9HNAgMBAAEwDQYJKoZIhvcN\nAQELBQADgYEABnpsP51MLW0069megs/czB3EJWeMt2ynCD6RlQPqXBlkVsengT3y\ntRnKJwD5SYjr8sW9Vq5Rp2dm7X7i9osB+CSveORw3hWbu4TmiA18qJr/SSUwo5Xf\nbsjfV2IUQtNLEExhp1nBjvJNmTP3g/NiVVWHEQafynwXlNAj1ySuUzs=\n-----END CERTIFICATE-----"
        },
        {
            "name": "ChainN",
            "certificates": "-----BEGIN CERTIFICATE-----\nMIICijCCAfOgAwIBAgIJAJHSGaH2s0osMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxIDAeBgNVBAMMF3RjbS1yb290LWNhLmV4YW1wbGUuY29tMB4XDTE5\nMDIyNDIzMzUxN1oXDTQ2MDcxMTIzMzUxN1owZjELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAk1BMRIwEAYDVQQHDAlDYW1icmlkZ2UxDzANBgNVBAoMBkFrYW1haTElMCMG\nA1UEAwwcdGNtLWludGVybWVkaWF0ZS5leGFtcGxlLmNvbTCBnzANBgkqhkiG9w0B\nAQEFAAOBjQAwgYkCgYEAw6JPmMaZD/SOBkQ+PISBF+o+gQ0/zz6ei7GCfgN3k7db\nAm6GsqxG7yKJfQYhHMTQQsUNgNzYNSFRdJNyHM8Edjr3sCGIei571HNu3Yik95T3\nPJpInaY24yfye+v9ln2hKu/53r5G3xdsSm/ZyI1wK7nRj6bzbwnGlXEfMKmhcg8C\nAwEAAaNFMEMwHQYDVR0OBBYEFHu2jZE6TpHcoQwZaSNmj/VJ+p8TMBIGA1UdEwEB\n/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4GBABR8\nZ1blA+Vx32a39OhOX+Ul/PC8fX4Z0El7tiOGAA2xCoHK7cZqd+QkdKV9ju3Z2ah0\nSCHOPqBT7tZaXPrtx7sxtlb0U6IJdklb78BjeK1KlM5x4jfnAaAvouaGX2SU9fp2\na1P/IsuOD6zHBddTysuX8W3YEycdT7JzhCWpROKF\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIICOTCCAaICCQDPV5YuumF6sDANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWth\nbWFpMSAwHgYDVQQDDBd0Y20tcm9vdC1jYS5leGFtcGxlLmNvbTAeFw0xOTAyMjQy\nMzM0MjJaFw00NjA3MTEyMzM0MjJaMGExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxIDAeBgNVBAMM\nF3RjbS1yb290LWNhLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\niQKBgQDXFPDgDFXXcS7Pa6G02VP6OGL3YYGBJm2AqtkB0MeLWOk3RsBIPcEgY1eq\n+32n8fObXUr0UX22sjyv/PkMkYWIru01dE9pc2KCDNYF7Gea8kM9C0VQx0gog5SL\nesYHABEox+t0ZVhVvOfUIlqK6GN7eEiN6PTgKhpEVnoowne81QIDAQABMA0GCSqGvSIb3DQEBCwUAA4GBALK8Hko9UU62XYX1IdJ2EA/XRWHPin2OXurEPRDv0X4q9oc9\nBMvDR36pXMMEFd9pRp7MQnGq266qecNWBkmcSY9k/ct8GtG6t4k+lBQvQPBERs7I\niiCDgIa53ofoJSi2rN9+HuluSwFLIObt2pKhrgfy6UV9VasTyxcLw8wD4z8u\n-----END CERTIFICATE-----"
        }
    ]
}

SetFullData members

Member Type Required Description
SetFullData: Full data presentation of a CA Set.
chains SetFullData.chains[] User defined groups of certificates for organizational purposes. One or more groups can be defined. Each group contains a collection of one or more valid, non-expired, root or intermediate certificates. (Note: Akamai ignores user defined groupings and references all certificates within the certificate set for mTLS operations. Originally intended for customers to group by individual certificate chains, this specific type of grouping is no longer required.)
deployment SetFullData.deployment Indicates the target networks for this deployment. To validate the CA set without deploying it, set both Staging and Production to NULL. This action does not store the CA set in the system and provides the validation result in the response object.
hasAcknowledgedNoRootCertificate Boolean Read-only. If true, the user acknowledged the risk of not verifying all certificates in the set using certificate path validation to a root certificate and considering each certificate a trust anchor on its own merit. Validation of each version of the set is conducted based on the value of the query parameter requireRootCertificate (true/false) included in the request when the version is created.
id Number A unique identifier for the set. Included in GET responses and not required for POST or PUT operations.
name String The name of the set.
requireRootCertificate Boolean If true, for each certificate in the version, path validation is conducted to a self-signed trust anchor. If false, all certificates in the version no longer verified using certificate path validation to a root certificate and each is considered a trust anchor on its own merit.
version Number A version number of the set. Included in GET responses and not required for POST or PUT operations.
SetFullData.chains[]: User defined groups of certificates for organizational purposes. One or more groups can be defined. Each group contains a collection of one or more valid, non-expired, root or intermediate certificates. (Note: Akamai ignores user defined groupings and references all certificates within the certificate set for mTLS operations. Originally intended for customers to group by individual certificate chains, this specific type of grouping is no longer required.)
certificates String Certificates, either root or intermediate, in PEM format, as are found in Base64 ASCII encoded files.
name String A name used to organize certificates within the certificate set into user defined groups.
SetFullData.deployment: Indicates the target networks for this deployment. To validate the CA set without deploying it, set both Staging and Production to NULL. This action does not store the CA set in the system and provides the validation result in the response object.
production Boolean True if you are deploying to the Production network; false if not.
staging Boolean True if you are deploying to the Staging network; false if not.

SetRef

Encapsulates the identifying information for a CA Set.

Download schema: set-ref.json

Sample POST, PUT response:

{
    "accountId": "A-1234BD",
    "set": "/trust-chain-manager-api/v1/sets/10000",
    "name": "Set1"
}

SetRef members

Member Type Required Description
SetRef: Encapsulates the identifying information for a CA Set.
accountId String Read-only. The account ID associated with the set.
name String Read-only. The name of the set.
set String Read-only. A unique identifier for the set.

Set

Selected data items in a CA Set.

Download schema: set.json

Sample Set:

{
    "name": "Set1",
    "id": 123456,
    "deployment": {
        "staging": false,
        "production": true
    }
}

Set members

Member Type Required Description
Set: Selected data items in a CA Set.
deployment Set.deployment Encapsulates set network deployment options.
hasAcknowledgedNoRootCertificate Boolean Read-only. If true, the user acknowledged the risk of not verifying all certificates in the set using certificate path validation to a root certificate and considering each certificate a trust anchor on its own merit. Validation of each version of the set is conducted based on the value of the query parameter requireRootCertificate (true/false) included in the request when the version is created.
id Number Read-only. A unique identifier for the set.
name String Read-only. The name of the set.
Set.deployment: Encapsulates set network deployment options.
production Boolean Read-only. True if the required deployment network for the set is Production; false if not.
staging Boolean Read-only. True if the required deployment network for the set is Staging; false if not.

Sets

A collection of CA Sets.

Download schema: sets.json

Sample GET response:

{
    "accountId": "A-123DGC",
    "sets": [
        {
            "name": "Set1",
            "id": 123456,
            "hasAcknowledgedNoRootCertificate": true,
            "deployment": {
                "staging": true,
                "production": true
            }
        },
        {
            "name": "Set10",
            "id": 789123,
            "hasAcknowledgedNoRootCertificate": false,
            "deployment": {
                "staging": true,
                "production": false
            }
        }
    ]
}

Sets members

Member Type Required Description
Sets: A collection of CA Sets.
accountId String Read-only. The account ID associated with this set.
sets Sets.sets[] Selected data items in a CA Set.
Sets.sets[]: Selected data items in a CA Set.
deployment Sets.sets[].deployment Encapsulates set network deployment options.
hasAcknowledgedNoRootCertificate Boolean Read-only. If true, the user acknowledged the risk of not verifying all certificates in the set using certificate path validation to a root certificate and considering each certificate a trust anchor on its own merit. Validation of each version of the set is conducted based on the value of the query parameter requireRootCertificate (true/false) included in the request when the version is created.
id Number Read-only. A unique identifier for the set.
name String Read-only. The name of the set.
Sets.sets[].deployment: Encapsulates set network deployment options.
production Boolean Read-only. True if the required deployment network for the set is Production; false if not.
staging Boolean Read-only. True if the required deployment network for the set is Staging; false if not.

Deployment

Indicates the target networks for a deployment and provides validation for draft CA sets when network values are set to null.

Download schema: deployment.json

Sample PUT body:

{
    "deployment": {
        "staging": false,
        "production": true
    }
}

Deployment members

Member Type Required Description
Deployment: Indicates the target networks for a deployment and provides validation for draft CA sets when network values are set to null.
deployment Deployment.deployment Encapsulates set network deployment options.
Deployment.deployment: Encapsulates set network deployment options.
production Boolean True if you are deploying to the Production network; false if not.
staging Boolean True if you are deploying to the Staging network; false if not.

DeploymentState

Indicates deployment status on each network for a CA Set.

Download schema: deployment-state.json

Sample GET response:

{
    "name": "Set1",
    "id": 123456,
    "version": 76152,
    "deployment": {
        "staging": "DEPLOYED",
        "production": "DEPLOYING"
    }
}

DeploymentState members

Member Type Required Description
DeploymentState: Indicates deployment status on each network for a CA Set.
deployment DeploymentState.deployment Encapsulates deployment status of a set on each network.
id Number Read-only. A unique identifier for the set.
name String Read-only. The name of the set.
version Number Read-only. Identifier of the version of the set.
DeploymentState.deployment: Encapsulates deployment status of a set on each network.
production Enumeration Read-only. Deployment status on the Production network, , either PENDING, DEPLOYING, DEPLOYED, or DEPLOYMENT_FAILED.
staging Enumeration Read-only. Deployment status on the Staging network, either PENDING, DEPLOYING, DEPLOYED, or DEPLOYMENT_FAILED.

Errors

Error responses

This is a sample of a typical error response JSON object. The instance field of the object contains an internal trace ID which helps Akamai support team trace the error in the system logs. Should the customer need to contact Akamai for assistance understanding the cause of the error, they will be asked to provide this reference to the representative.

HTTP/1.1 500

{
  "type": "Internal Server Error",
  "title": "INTERNAL_SERVER_ERROR",
  "detail": "Internal Error.",
  "instance": "/trust-chain-manager/error-instances/3fb4c8c3-1253-4443-8cda-f6d5c11a84dd"
}

HTTP status codes

Code Description
200 The Get CA Set operation successfully returned the Set or a collection of Sets.
202 The Create New or Update CA Set resource request was accepted.
204 Successfully processed request; no content returned to the caller.
400 Bad Request.
401 Authentication failure.
403 Access is forbidden.
404 No CA Set is found.
405 Method not supported.
409 Conflict with current state of the CA Set.
415 Unsupported media type.
500 Internal server error.
503 Service is temporarily unavailable.