Trust Chain Manager API v1

Upload and manage CA certificate trust chains to authenticate a client certificate from a user's browser.

Learn more:

Overview

The Trust Chain Manager API lets you create and manage certificate sets that allow Akamai to authenticate a client certificate from a user’s browser.

Each certificate set contains a collection of certificates that validate the client certificates presented by a user during the TLS handshake at the edge server, a process called mutual authentication.

You can specify intermediate and root certificates that sign their client certificates while grouping them into sets for deployment on the staging or production networks. Certificate sets are available for use on all contracts within the account that creates them. Using the Certificate Provisioning System (CPS), you can apply a certificate set to one or more server certificates on a contract, enabling mutual authentication on those certificates. This eliminates the need to use system operations to push out certificate sets for mutual authentication. For details, see the CPS documentation.

Note: The Trust Chain Manager application is available only in Tech Preview mode. To join the program, contact your account team.

Get started

To configure this API for the first time:

  • Review Get Started with APIs for details on how to set up client tokens to access any Akamai API. These tokens appear as custom hostnames that look like this: https://akzz-XXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXX.luna.akamaiapis.net.

  • To enable this API, choose the API service named Trust Chain Manager, and set the access level to READ-WRITE.

  • To use this API to its full extent, including the operations that change the state of the system, you need the TCMEdit role. To use the API limited to read-only operations, you can have a restricted TCMViewOnly role.

API concepts

To understand this API’s various URL resources and the data it exchanges, you need to familiarize yourself with these concepts:

  • Root certificate. A primary, self-signed certificate that meets the X.509 standard. This certificate identifies the certificate authority (CA) that signs a client’s certificate.

  • Intermediate certificate. A secondary certificate that meets the X.509 standard. This certificate serves as an extra level of security and a link of trust that provides the necessary chaining to the trusted root certificate in a secure socket layer connection.

  • Trust chain. A collection of root and intermediate certificates that allows edge servers to verify that the client and all CAs are trustworthy. Each certificate in the chain needs to either be a self-signed root certificate or signed by a root CA, and be within its current validity period.

  • Certificate set. A collection, also referred to as a set, of one or more valid trust chains. A certificate set contains the target deployment network for a new set or the deployment status of an existing set. See the SetFullData object type. You can use certificate sets to pair with edge certificates for the purposes of establishing mutual authentication in the Certificate Provisioning System. See the CPS API.

  • Validation. When you create a certificate set, the API checks each trust chain to make sure its certificates are valid. You can use the Validate a set operation before activating the set on the staging or production network. After your set is active, you can enable mutual authentication for the set in the Certificate Provisioning System.

  • Deployment. Specifies the networks on which you want to deploy your certificate set. You can deploy to the staging or production networks and validate your sets before deployment. For the PUT requests, to deploy a set or a version of a set, see the Deployment object type.

  • Version. A specific revision of a given certificate set. Each version of a certificate set serves as a collection of trust chains. Version numbers start at 1 and increment as you create new versions for a set. When you deploy a certificate set to the production network, you activate a specific version of that set.

  • Latest version. The most recent version of a certificate set deployed to the Akamai network.

  • Active version. The versions of a certificate set currently deployed or in the process of deployment to the production network. An active version includes an ascending integer ID and a time stamp with the username who modified the version. You can continue to change a set’s version until it’s active on the production network. Once active, you need to create a new version to make further changes to it. A set may include a failed version if it’s the latest version of the set deployed to the network.

API workflows

Follow this basic workflow to create and deploy a certificate set:

  1. Create a set. This operation deploys your certificate set to the staging, production, or both networks. Note that you can’t test the new certificate set deployed to the staging network only. To test a certificate set, you need to deploy any version of the set to the production network.

  2. Once the set is deployed to production, enable mutual authentication in the Certificate Provisioning System. Learn more. Note that you can test your mutual authentication configuration on the staging network before enabling it on the production network.

Follow this basic workflow to modify or update a certificate set:

  1. List sets available for your account.

  2. List versions of the selected set.

  3. Get the set’s selected version of the set.

  4. Update the set’s version as needed.

  5. Validate the trust chains in the new version of the set to make sure it meets all requirements.

  6. Deploy the set’s new version to the staging network for testing. Note that if an older version of your set is already deployed to production, it is sufficient to only deploy the new version to staging to test it.

  7. Deploy the set to the production network.

Resources

This section describes the API’s workflow and provides details on how to interact with each operation.

API summary

Download the RAML descriptors for this API.

Operation Method Endpoint
List sets GET /trust-chain-manager/v1/sets{?name,deployedOnStaging,deployedOnProduction}
Create a set POST /trust-chain-manager/v1/sets
Get the latest set GET /trust-chain-manager/v1/sets/{setId}
Update a set PUT /trust-chain-manager/v1/sets/{setId}
Remove a set DELETE /trust-chain-manager/v1/sets/{setId}
List versions GET /trust-chain-manager/v1/sets/{setId}/versions
Get a version GET /trust-chain-manager/v1/sets/{setId}/versions/{version}
List the latest version’s certificates GET /trust-chain-manager/v1/sets/{setId}/certificates
List a version’s certificates GET /trust-chain-manager/v1/sets/{setId}/certificates/versions/{version}
Get a certificate GET /trust-chain-manager/v1/sets/{setId}/certificates/{certificateId}
List the latest version’s certificate IDs GET /trust-chain-manager/v1/sets/{setId}/certificateIds
Get a version’s certificate IDs GET /trust-chain-manager/v1/sets/{setId}/certificateIds/versions/{version}
List active versions’ trust chains GET /trust-chain-manager/v1/sets/{setId}/trustchains
Get a set’s deployment GET /trust-chain-manager/v1/sets/{setId}/deployments
Deploy a set PUT /trust-chain-manager/v1/sets/{setId}/deployments
Get a version’s deployment GET /trust-chain-manager/v1/sets/{setId}/deployments/versions/{version}
Deploy a version PUT /trust-chain-manager/v1/sets/{setId}/deployments/versions/{version}
Validate a set POST /trust-chain-manager/v1/sets/validator

List sets

Returns a list of available certificate sets for your account. Optionally, use query parameters to filter deployment locations for a specific set or a specific deployment location for all sets.

GET /trust-chain-manager/v1/sets{?name,deployedOnStaging,deployedOnProduction}

Sample: /trust-chain-manager/v1/sets?name=Set1&deployedOnStaging=true&deployedOnProduction=false

Parameter Type Sample Description
Optional query parameters
deployedOnProduction Boolean false Whether to return the certificate sets deployed to the production network. Set to false by default.
deployedOnStaging Boolean true Whether to return the certificate sets deployed to the staging network. Set to false by default.
name String Set1 A descriptive name for the set. This parameter doesn’t match substrings.

Status 200 application/json

Object type: Sets

Download schema: sets.json

Response body:

{
    "accountId": "A-123DGC",
    "sets": [
        {
            "name": "Set1",
            "id": 123456,
            "deployment": {
                "staging": true,
                "production": true
            }
        },
        {
            "name": "Set10",
            "id": 789123,
            "deployment": {
                "staging": true,
                "production": false
            }
        }
    ]
}

If you want to see deployment locations for a specific set:

  1. From the sets array, choose the name you want.

  2. From the deployment array, store the relevant staging value as the deployedOnStaging parameter and store the relevant production value as the deployedOnProduction parameter.

  3. Make a GET request to /trust-chain-manager/v1/sets{?name,deployedOnStaging,deployedOnProduction}.

  4. The operation responds with a Set object.

If you want to see all sets deployed to either staging or production:

  1. From the deployment array, store either the staging value as the deployedOnStaging parameter or the production value as the deployedOnProduction parameter.

  2. Make a GET request to either /trust-chain-manager/v1/sets{deployedOnStaging} for staging or /trust-chain-manager/v1/sets{deployedOnProduction} for production.

  3. The operation responds with a Sets object.

Create a set

Creates a certificate set. If the staging and production values are null, the API only validates the set and returns the new version in the response. To save and deploy the new version, set the production value to true. See API workflows.

POST /trust-chain-manager/v1/sets

Content-Type: application/json

Object type: SetFullData

Download schema: set-full-data.json

Request body:

{
    "name": "Set1",
    "deployment": {
        "staging": true,
        "production": true
    },
    "chains": [
        {
            "name": "Chain1",
            "certificates": "-----BEGIN CERTIFICATE-----\nMIICiTCCAfKgAwIBAgIJAJHSGaH2s0otMA0GCSqGSIb3DQEBCwUAMF8xCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxHjAcBgNVBAMMFXNvbWUtcm9vdC5leGFtcGxlLmNvbTAeFw0xOTAz\nMDgxOTA3MDhaFw00NjA3MjMxOTA3MDhaMGcxCzAJBgNVBAYTAlVTMQswCQYDVQQI\nDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxJjAkBgNV\nBAMMHXNvbWUtaW50ZXJtZWRpYXRlLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB\nAQUAA4GNADCBiQKBgQCzuzTQHsW8HHB6cHv7jT/4cETl53jHB1QOK7aVdVO/cK5i\nv8YFB/O2zcXfHbObJTMDp5T33tiy2dTa4X/9OirC/FcEKK7pFL07r60nkyLbnX1P\nOLE7TrfBbzFpBxWXTSuXFi4Y002dvxKfxsgruxD3JVsdwBh4jZS6IkyUJHmopwID\nAQABo0UwQzAdBgNVHQ4EFgQUAveECjwgwk+MHozpCpMauW1TftkwEgYDVR0TAQH/\nBAgwBgEB/wIBATAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADgYEAxRxv\n4NadAtvJx7xBGBcR9C3NEz9WR84bpfHP720ZpgR8WRPXxjQZz/clwADi6PpE1/7B\nqybde5hE38XnbGOhzIDyIXd8Hfztaaj7vxR5DiEOAY3jE5Ix98WQ0ZrbYTSu4o1b\ncSPdPt3JWFygdtur9ikw9FRFPNhcH195X5LGJas=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIICNTCCAZ4CCQC+2uIuN+erCTANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWth\nbWFpMR4wHAYDVQQDDBVzb21lLXJvb3QuZXhhbXBsZS5jb20wHhcNMTkwMzA4MTkw\nMzE4WhcNNDYwNzIzMTkwMzE4WjBfMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTUEx\nEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWthbWFpMR4wHAYDVQQDDBVz\nb21lLXJvb3QuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB\nANpc8vud0MhTRDBB1JZGfEAuutQf/CQ8ToyDor4TBvE1pa24DvT1DEaaDUMhVPXK\naJC95re6xV2NOvCrvOjZBNH94DWCldRg93DOVPmUEVcEcB81zfdfT0iEW96C2RFf\nI1Hv0tJynmxDI5k5lK4Js6/nonJbUVHL8X63yMvmR9HNAgMBAAEwDQYJKoZIhvcN\nAQELBQADgYEABnpsP51MLW0069megs/czB3EJWeMt2ynCD6RlQPqXBlkVsengT3y\ntRnKJwD5SYjr8sW9Vq5Rp2dm7X7i9osB+CSveORw3hWbu4TmiA18qJr/SSUwo5Xf\nbsjfV2IUQtNLEExhp1nBjvJNmTP3g/NiVVWHEQafynwXlNAj1ySuUzs=\n-----END CERTIFICATE-----"
        },
        {
            "name": "ChainN",
            "certificates": "-----BEGIN CERTIFICATE-----\nMIICijCCAfOgAwIBAgIJAJHSGaH2s0osMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxIDAeBgNVBAMMF3RjbS1yb290LWNhLmV4YW1wbGUuY29tMB4XDTE5\nMDIyNDIzMzUxN1oXDTQ2MDcxMTIzMzUxN1owZjELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAk1BMRIwEAYDVQQHDAlDYW1icmlkZ2UxDzANBgNVBAoMBkFrYW1haTElMCMG\nA1UEAwwcdGNtLWludGVybWVkaWF0ZS5leGFtcGxlLmNvbTCBnzANBgkqhkiG9w0B\nAQEFAAOBjQAwgYkCgYEAw6JPmMaZD/SOBkQ+PISBF+o+gQ0/zz6ei7GCfgN3k7db\nAm6GsqxG7yKJfQYhHMTQQsUNgNzYNSFRdJNyHM8Edjr3sCGIei571HNu3Yik95T3\nPJpInaY24yfye+v9ln2hKu/53r5G3xdsSm/ZyI1wK7nRj6bzbwnGlXEfMKmhcg8C\nAwEAAaNFMEMwHQYDVR0OBBYEFHu2jZE6TpHcoQwZaSNmj/VJ+p8TMBIGA1UdEwEB\n/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4GBABR8\nZ1blA+Vx32a39OhOX+Ul/PC8fX4Z0El7tiOGAA2xCoHK7cZqd+QkdKV9ju3Z2ah0\nSCHOPqBT7tZaXPrtx7sxtlb0U6IJdklb78BjeK1KlM5x4jfnAaAvouaGX2SU9fp2\na1P/IsuOD6zHBddTysuX8W3YEycdT7JzhCWpROKF\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIICOTCCAaICCQDPV5YuumF6sDANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWth\nbWFpMSAwHgYDVQQDDBd0Y20tcm9vdC1jYS5leGFtcGxlLmNvbTAeFw0xOTAyMjQy\nMzM0MjJaFw00NjA3MTEyMzM0MjJaMGExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxIDAeBgNVBAMM\nF3RjbS1yb290LWNhLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\niQKBgQDXFPDgDFXXcS7Pa6G02VP6OGL3YYGBJm2AqtkB0MeLWOk3RsBIPcEgY1eq\n+32n8fObXUr0UX22sjyv/PkMkYWIru01dE9pc2KCDNYF7Gea8kM9C0VQx0gog5SL\nesYHABEox+t0ZVhVvOfUIlqK6GN7eEiN6PTgKhpEVnoowne81QIDAQABMA0GCSqGvSIb3DQEBCwUAA4GBALK8Hko9UU62XYX1IdJ2EA/XRWHPin2OXurEPRDv0X4q9oc9\nBMvDR36pXMMEFd9pRp7MQnGq266qecNWBkmcSY9k/ct8GtG6t4k+lBQvQPBERs7I\niiCDgIa53ofoJSi2rN9+HuluSwFLIObt2pKhrgfy6UV9VasTyxcLw8wD4z8u\n-----END CERTIFICATE-----"
        }
    ]
}

Status 202 application/json

Object type: SetRef

Download schema: set-ref.json

Response body:

{
    "accountId": "A-1234BD",
    "set": "/trust-chain-manager-api/v1/sets/10000",
    "name": "Set1"
}

  1. Build a SetFullData object.

  2. Optionally, Validate the set. If you skip this step, the system validates the set when creating and deploying the set to a network. Note that you can deploy only valid sets.

  3. POST the object to /trust-chain-manager/v1/sets.

  4. The operation responds with a SetRef object.

  5. Optionally, you can run Get the set’s deployment to check the deployment status of the set.

Get the latest set

Returns information about the latest version for a specific certificate set.

GET /trust-chain-manager/v1/sets/{setId}

Sample: /trust-chain-manager/v1/sets/100

Parameter Type Sample Description
URL path parameters
setId Integer 100 Identifies the certificate set.

Status 200 application/json

Object type: SetFullData

Download schema: set-full-data.json

Response body:

{
    "id": 123456,
    "version": 75361,
    "name": "Set1",
    "deployment": {
        "staging": true,
        "production": true
    },
    "chains": [
        {
            "name": "Chain1",
            "certificates": "-----BEGIN CERTIFICATE-----\nMIICiTCCAfKgAwIBAgIJAJHSGaH2s0otMA0GCSqGSIb3DQEBCwUAMF8xCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxHjAcBgNVBAMMFXNvbWUtcm9vdC5leGFtcGxlLmNvbTAeFw0xOTAz\nMDgxOTA3MDhaFw00NjA3MjMxOTA3MDhaMGcxCzAJBgNVBAYTAlVTMQswCQYDVQQI\nDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxJjAkBgNV\nBAMMHXNvbWUtaW50ZXJtZWRpYXRlLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB\nAQUAA4GNADCBiQKBgQCzuzTQHsW8HHB6cHv7jT/4cETl53jHB1QOK7aVdVO/cK5i\nv8YFB/O2zcXfHbObJTMDp5T33tiy2dTa4X/9OirC/FcEKK7pFL07r60nkyLbnX1P\nOLE7TrfBbzFpBxWXTSuXFi4Y002dvxKfxsgruxD3JVsdwBh4jZS6IkyUJHmopwID\nAQABo0UwQzAdBgNVHQ4EFgQUAveECjwgwk+MHozpCpMauW1TftkwEgYDVR0TAQH/\nBAgwBgEB/wIBATAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADgYEAxRxv\n4NadAtvJx7xBGBcR9C3NEz9WR84bpfHP720ZpgR8WRPXxjQZz/clwADi6PpE1/7B\nqybde5hE38XnbGOhzIDyIXd8Hfztaaj7vxR5DiEOAY3jE5Ix98WQ0ZrbYTSu4o1b\ncSPdPt3JWFygdtur9ikw9FRFPNhcH195X5LGJas=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIICNTCCAZ4CCQC+2uIuN+erCTANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWth\nbWFpMR4wHAYDVQQDDBVzb21lLXJvb3QuZXhhbXBsZS5jb20wHhcNMTkwMzA4MTkw\nMzE4WhcNNDYwNzIzMTkwMzE4WjBfMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTUEx\nEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWthbWFpMR4wHAYDVQQDDBVz\nb21lLXJvb3QuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB\nANpc8vud0MhTRDBB1JZGfEAuutQf/CQ8ToyDor4TBvE1pa24DvT1DEaaDUMhVPXK\naJC95re6xV2NOvCrvOjZBNH94DWCldRg93DOVPmUEVcEcB81zfdfT0iEW96C2RFf\nI1Hv0tJynmxDI5k5lK4Js6/nonJbUVHL8X63yMvmR9HNAgMBAAEwDQYJKoZIhvcN\nAQELBQADgYEABnpsP51MLW0069megs/czB3EJWeMt2ynCD6RlQPqXBlkVsengT3y\ntRnKJwD5SYjr8sW9Vq5Rp2dm7X7i9osB+CSveORw3hWbu4TmiA18qJr/SSUwo5Xf\nbsjfV2IUQtNLEExhp1nBjvJNmTP3g/NiVVWHEQafynwXlNAj1ySuUzs=\n-----END CERTIFICATE-----"
        },
        {
            "name": "ChainN",
            "certificates": "-----BEGIN CERTIFICATE-----\nMIICijCCAfOgAwIBAgIJAJHSGaH2s0osMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxIDAeBgNVBAMMF3RjbS1yb290LWNhLmV4YW1wbGUuY29tMB4XDTE5\nMDIyNDIzMzUxN1oXDTQ2MDcxMTIzMzUxN1owZjELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAk1BMRIwEAYDVQQHDAlDYW1icmlkZ2UxDzANBgNVBAoMBkFrYW1haTElMCMG\nA1UEAwwcdGNtLWludGVybWVkaWF0ZS5leGFtcGxlLmNvbTCBnzANBgkqhkiG9w0B\nAQEFAAOBjQAwgYkCgYEAw6JPmMaZD/SOBkQ+PISBF+o+gQ0/zz6ei7GCfgN3k7db\nAm6GsqxG7yKJfQYhHMTQQsUNgNzYNSFRdJNyHM8Edjr3sCGIei571HNu3Yik95T3\nPJpInaY24yfye+v9ln2hKu/53r5G3xdsSm/ZyI1wK7nRj6bzbwnGlXEfMKmhcg8C\nAwEAAaNFMEMwHQYDVR0OBBYEFHu2jZE6TpHcoQwZaSNmj/VJ+p8TMBIGA1UdEwEB\n/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4GBABR8\nZ1blA+Vx32a39OhOX+Ul/PC8fX4Z0El7tiOGAA2xCoHK7cZqd+QkdKV9ju3Z2ah0\nSCHOPqBT7tZaXPrtx7sxtlb0U6IJdklb78BjeK1KlM5x4jfnAaAvouaGX2SU9fp2\na1P/IsuOD6zHBddTysuX8W3YEycdT7JzhCWpROKF\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIICOTCCAaICCQDPV5YuumF6sDANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWth\nbWFpMSAwHgYDVQQDDBd0Y20tcm9vdC1jYS5leGFtcGxlLmNvbTAeFw0xOTAyMjQy\nMzM0MjJaFw00NjA3MTEyMzM0MjJaMGExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxIDAeBgNVBAMM\nF3RjbS1yb290LWNhLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\niQKBgQDXFPDgDFXXcS7Pa6G02VP6OGL3YYGBJm2AqtkB0MeLWOk3RsBIPcEgY1eq\n+32n8fObXUr0UX22sjyv/PkMkYWIru01dE9pc2KCDNYF7Gea8kM9C0VQx0gog5SL\nesYHABEox+t0ZVhVvOfUIlqK6GN7eEiN6PTgKhpEVnoowne81QIDAQABMA0GCSqGvSIb3DQEBCwUAA4GBALK8Hko9UU62XYX1IdJ2EA/XRWHPin2OXurEPRDv0X4q9oc9\nBMvDR36pXMMEFd9pRp7MQnGq266qecNWBkmcSY9k/ct8GtG6t4k+lBQvQPBERs7I\niiCDgIa53ofoJSi2rN9+HuluSwFLIObt2pKhrgfy6UV9VasTyxcLw8wD4z8u\n-----END CERTIFICATE-----"
        }
    ]
}

  1. If you don’t have the setId value, run List sets.

  2. From the sets array, store the relevant id value as the setId parameter.

  3. Make a GET request to /trust-chain-manager/v1/sets/{setId}.

  4. The operation responds with a SetFullData object.

Update a set

Updates a specific certificate set and creates a version of that set. The new version deploys to the networks specified in the SetFullData object’s staging and production members. If the staging and production values are null, the API only validates the set and returns the new version in the response. To save and deploy the new version, run Deploy a version and set the production value to true.

PUT /trust-chain-manager/v1/sets/{setId}

Sample: /trust-chain-manager/v1/sets/100

Content-Type: application/json

Object type: SetFullData

Download schema: set-full-data.json

Request body:

{
    "id": 123456,
    "version": 75361,
    "name": "Set1",
    "deployment": {
        "staging": true,
        "production": true
    },
    "chains": [
        {
            "name": "Chain1",
            "certificates": "-----BEGIN CERTIFICATE-----\nMIICiTCCAfKgAwIBAgIJAJHSGaH2s0otMA0GCSqGSIb3DQEBCwUAMF8xCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxHjAcBgNVBAMMFXNvbWUtcm9vdC5leGFtcGxlLmNvbTAeFw0xOTAz\nMDgxOTA3MDhaFw00NjA3MjMxOTA3MDhaMGcxCzAJBgNVBAYTAlVTMQswCQYDVQQI\nDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxJjAkBgNV\nBAMMHXNvbWUtaW50ZXJtZWRpYXRlLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB\nAQUAA4GNADCBiQKBgQCzuzTQHsW8HHB6cHv7jT/4cETl53jHB1QOK7aVdVO/cK5i\nv8YFB/O2zcXfHbObJTMDp5T33tiy2dTa4X/9OirC/FcEKK7pFL07r60nkyLbnX1P\nOLE7TrfBbzFpBxWXTSuXFi4Y002dvxKfxsgruxD3JVsdwBh4jZS6IkyUJHmopwID\nAQABo0UwQzAdBgNVHQ4EFgQUAveECjwgwk+MHozpCpMauW1TftkwEgYDVR0TAQH/\nBAgwBgEB/wIBATAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADgYEAxRxv\n4NadAtvJx7xBGBcR9C3NEz9WR84bpfHP720ZpgR8WRPXxjQZz/clwADi6PpE1/7B\nqybde5hE38XnbGOhzIDyIXd8Hfztaaj7vxR5DiEOAY3jE5Ix98WQ0ZrbYTSu4o1b\ncSPdPt3JWFygdtur9ikw9FRFPNhcH195X5LGJas=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIICNTCCAZ4CCQC+2uIuN+erCTANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWth\nbWFpMR4wHAYDVQQDDBVzb21lLXJvb3QuZXhhbXBsZS5jb20wHhcNMTkwMzA4MTkw\nMzE4WhcNNDYwNzIzMTkwMzE4WjBfMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTUEx\nEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWthbWFpMR4wHAYDVQQDDBVz\nb21lLXJvb3QuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB\nANpc8vud0MhTRDBB1JZGfEAuutQf/CQ8ToyDor4TBvE1pa24DvT1DEaaDUMhVPXK\naJC95re6xV2NOvCrvOjZBNH94DWCldRg93DOVPmUEVcEcB81zfdfT0iEW96C2RFf\nI1Hv0tJynmxDI5k5lK4Js6/nonJbUVHL8X63yMvmR9HNAgMBAAEwDQYJKoZIhvcN\nAQELBQADgYEABnpsP51MLW0069megs/czB3EJWeMt2ynCD6RlQPqXBlkVsengT3y\ntRnKJwD5SYjr8sW9Vq5Rp2dm7X7i9osB+CSveORw3hWbu4TmiA18qJr/SSUwo5Xf\nbsjfV2IUQtNLEExhp1nBjvJNmTP3g/NiVVWHEQafynwXlNAj1ySuUzs=\n-----END CERTIFICATE-----"
        },
        {
            "name": "ChainN",
            "certificates": "-----BEGIN CERTIFICATE-----\nMIICijCCAfOgAwIBAgIJAJHSGaH2s0osMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxIDAeBgNVBAMMF3RjbS1yb290LWNhLmV4YW1wbGUuY29tMB4XDTE5\nMDIyNDIzMzUxN1oXDTQ2MDcxMTIzMzUxN1owZjELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAk1BMRIwEAYDVQQHDAlDYW1icmlkZ2UxDzANBgNVBAoMBkFrYW1haTElMCMG\nA1UEAwwcdGNtLWludGVybWVkaWF0ZS5leGFtcGxlLmNvbTCBnzANBgkqhkiG9w0B\nAQEFAAOBjQAwgYkCgYEAw6JPmMaZD/SOBkQ+PISBF+o+gQ0/zz6ei7GCfgN3k7db\nAm6GsqxG7yKJfQYhHMTQQsUNgNzYNSFRdJNyHM8Edjr3sCGIei571HNu3Yik95T3\nPJpInaY24yfye+v9ln2hKu/53r5G3xdsSm/ZyI1wK7nRj6bzbwnGlXEfMKmhcg8C\nAwEAAaNFMEMwHQYDVR0OBBYEFHu2jZE6TpHcoQwZaSNmj/VJ+p8TMBIGA1UdEwEB\n/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4GBABR8\nZ1blA+Vx32a39OhOX+Ul/PC8fX4Z0El7tiOGAA2xCoHK7cZqd+QkdKV9ju3Z2ah0\nSCHOPqBT7tZaXPrtx7sxtlb0U6IJdklb78BjeK1KlM5x4jfnAaAvouaGX2SU9fp2\na1P/IsuOD6zHBddTysuX8W3YEycdT7JzhCWpROKF\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIICOTCCAaICCQDPV5YuumF6sDANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWth\nbWFpMSAwHgYDVQQDDBd0Y20tcm9vdC1jYS5leGFtcGxlLmNvbTAeFw0xOTAyMjQy\nMzM0MjJaFw00NjA3MTEyMzM0MjJaMGExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxIDAeBgNVBAMM\nF3RjbS1yb290LWNhLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\niQKBgQDXFPDgDFXXcS7Pa6G02VP6OGL3YYGBJm2AqtkB0MeLWOk3RsBIPcEgY1eq\n+32n8fObXUr0UX22sjyv/PkMkYWIru01dE9pc2KCDNYF7Gea8kM9C0VQx0gog5SL\nesYHABEox+t0ZVhVvOfUIlqK6GN7eEiN6PTgKhpEVnoowne81QIDAQABMA0GCSqGvSIb3DQEBCwUAA4GBALK8Hko9UU62XYX1IdJ2EA/XRWHPin2OXurEPRDv0X4q9oc9\nBMvDR36pXMMEFd9pRp7MQnGq266qecNWBkmcSY9k/ct8GtG6t4k+lBQvQPBERs7I\niiCDgIa53ofoJSi2rN9+HuluSwFLIObt2pKhrgfy6UV9VasTyxcLw8wD4z8u\n-----END CERTIFICATE-----"
        }
    ]
}
Parameter Type Sample Description
URL path parameters
setId Integer 100 Identifies the certificate set.

Status 202 application/json

Object type: SetRef

Download schema: set-ref.json

Response body:

{
    "accountId": "A-1234BD",
    "set": "/trust-chain-manager-api/v1/sets/10000",
    "name": "Set1"
}

  1. If you don’t have the setId value, run List sets.

  2. From the sets array, store the relevant id value as the setId parameter.

  3. Get the latest set.

  4. Modify the SetFullData object.

  5. PUT the object to /trust-chain-manager/v1/sets/{setId}.

  6. The operation responds with a SetRef object.

Remove a set

Removes a specific certificate set from your account. This operation fails if the set is enabled for mutual authentication in the Certificate Provisioning System. Learn more.

DELETE /trust-chain-manager/v1/sets/{setId}

Sample: /trust-chain-manager/v1/sets/100

Parameter Type Sample Description
URL path parameters
setId Integer 100 Identifies the certificate set.

Status 204

  1. If you don’t have the setId value, run List sets.

  2. From the sets array, store the relevant id value as the setId parameter.

  3. Make a DELETE request to /trust-chain-manager/v1/sets/{setId}.

List versions

Lists identifiers of active versions for a specific certificate set. See API concepts.

GET /trust-chain-manager/v1/sets/{setId}/versions

Sample: /trust-chain-manager/v1/sets/100/versions

Parameter Type Sample Description
URL path parameters
setId Integer 100 Identifies the certificate set.

Status 200 application/json

Object type: Versions

Download schema: versions.json

Response body:

{
    "id": 76927,
    "name": "PartnerB2B",
    "versions": [
        {
            "version": 77152,
            "deployment": {
                "staging": "DEPLOYED",
                "production": "DEPLOYING"
            },
            "lastModifiedBy": "jmarczew",
            "timestamp": "2020-04-21T19:31:11.808"
        },
        {
            "version": 78453,
            "deployment": {
                "staging": "DEPLOYED",
                "production": "DEPLOYED"
            },
            "lastModifiedBy": "jmarczew",
            "timestamp": "2020-06-03T10:15:08.231"
        }
    ]
}

  1. If you don’t have the setId value, run List sets.

  2. From the sets array, store the relevant id value as the setId parameter.

  3. Make a GET request to /trust-chain-manager/v1/sets/{setId}/versions.

  4. The operation responds with a Versions object.

Get a version

Returns a specific version of the certificate set. Optionally, omit the /versions/{version} segment of the path to return the latest version of the set. See Get the latest set.

GET /trust-chain-manager/v1/sets/{setId}/versions/{version}

Sample: /trust-chain-manager/v1/sets/100/versions/75361

Parameter Type Sample Description
URL path parameters
setId Integer 100 Identifies the certificate set.
version Integer 75361 Uniquely identifies a certificate set’s version.

Status 200 application/json

Object type: SetFullData

Download schema: set-full-data.json

Response body:

{
    "id": 123456,
    "version": 75361,
    "name": "Set1",
    "deployment": {
        "staging": true,
        "production": true
    },
    "chains": [
        {
            "name": "Chain1",
            "certificates": "-----BEGIN CERTIFICATE-----\nMIICiTCCAfKgAwIBAgIJAJHSGaH2s0otMA0GCSqGSIb3DQEBCwUAMF8xCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxHjAcBgNVBAMMFXNvbWUtcm9vdC5leGFtcGxlLmNvbTAeFw0xOTAz\nMDgxOTA3MDhaFw00NjA3MjMxOTA3MDhaMGcxCzAJBgNVBAYTAlVTMQswCQYDVQQI\nDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxJjAkBgNV\nBAMMHXNvbWUtaW50ZXJtZWRpYXRlLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB\nAQUAA4GNADCBiQKBgQCzuzTQHsW8HHB6cHv7jT/4cETl53jHB1QOK7aVdVO/cK5i\nv8YFB/O2zcXfHbObJTMDp5T33tiy2dTa4X/9OirC/FcEKK7pFL07r60nkyLbnX1P\nOLE7TrfBbzFpBxWXTSuXFi4Y002dvxKfxsgruxD3JVsdwBh4jZS6IkyUJHmopwID\nAQABo0UwQzAdBgNVHQ4EFgQUAveECjwgwk+MHozpCpMauW1TftkwEgYDVR0TAQH/\nBAgwBgEB/wIBATAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADgYEAxRxv\n4NadAtvJx7xBGBcR9C3NEz9WR84bpfHP720ZpgR8WRPXxjQZz/clwADi6PpE1/7B\nqybde5hE38XnbGOhzIDyIXd8Hfztaaj7vxR5DiEOAY3jE5Ix98WQ0ZrbYTSu4o1b\ncSPdPt3JWFygdtur9ikw9FRFPNhcH195X5LGJas=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIICNTCCAZ4CCQC+2uIuN+erCTANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWth\nbWFpMR4wHAYDVQQDDBVzb21lLXJvb3QuZXhhbXBsZS5jb20wHhcNMTkwMzA4MTkw\nMzE4WhcNNDYwNzIzMTkwMzE4WjBfMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTUEx\nEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWthbWFpMR4wHAYDVQQDDBVz\nb21lLXJvb3QuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB\nANpc8vud0MhTRDBB1JZGfEAuutQf/CQ8ToyDor4TBvE1pa24DvT1DEaaDUMhVPXK\naJC95re6xV2NOvCrvOjZBNH94DWCldRg93DOVPmUEVcEcB81zfdfT0iEW96C2RFf\nI1Hv0tJynmxDI5k5lK4Js6/nonJbUVHL8X63yMvmR9HNAgMBAAEwDQYJKoZIhvcN\nAQELBQADgYEABnpsP51MLW0069megs/czB3EJWeMt2ynCD6RlQPqXBlkVsengT3y\ntRnKJwD5SYjr8sW9Vq5Rp2dm7X7i9osB+CSveORw3hWbu4TmiA18qJr/SSUwo5Xf\nbsjfV2IUQtNLEExhp1nBjvJNmTP3g/NiVVWHEQafynwXlNAj1ySuUzs=\n-----END CERTIFICATE-----"
        },
        {
            "name": "ChainN",
            "certificates": "-----BEGIN CERTIFICATE-----\nMIICijCCAfOgAwIBAgIJAJHSGaH2s0osMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxIDAeBgNVBAMMF3RjbS1yb290LWNhLmV4YW1wbGUuY29tMB4XDTE5\nMDIyNDIzMzUxN1oXDTQ2MDcxMTIzMzUxN1owZjELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAk1BMRIwEAYDVQQHDAlDYW1icmlkZ2UxDzANBgNVBAoMBkFrYW1haTElMCMG\nA1UEAwwcdGNtLWludGVybWVkaWF0ZS5leGFtcGxlLmNvbTCBnzANBgkqhkiG9w0B\nAQEFAAOBjQAwgYkCgYEAw6JPmMaZD/SOBkQ+PISBF+o+gQ0/zz6ei7GCfgN3k7db\nAm6GsqxG7yKJfQYhHMTQQsUNgNzYNSFRdJNyHM8Edjr3sCGIei571HNu3Yik95T3\nPJpInaY24yfye+v9ln2hKu/53r5G3xdsSm/ZyI1wK7nRj6bzbwnGlXEfMKmhcg8C\nAwEAAaNFMEMwHQYDVR0OBBYEFHu2jZE6TpHcoQwZaSNmj/VJ+p8TMBIGA1UdEwEB\n/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4GBABR8\nZ1blA+Vx32a39OhOX+Ul/PC8fX4Z0El7tiOGAA2xCoHK7cZqd+QkdKV9ju3Z2ah0\nSCHOPqBT7tZaXPrtx7sxtlb0U6IJdklb78BjeK1KlM5x4jfnAaAvouaGX2SU9fp2\na1P/IsuOD6zHBddTysuX8W3YEycdT7JzhCWpROKF\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIICOTCCAaICCQDPV5YuumF6sDANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWth\nbWFpMSAwHgYDVQQDDBd0Y20tcm9vdC1jYS5leGFtcGxlLmNvbTAeFw0xOTAyMjQy\nMzM0MjJaFw00NjA3MTEyMzM0MjJaMGExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxIDAeBgNVBAMM\nF3RjbS1yb290LWNhLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\niQKBgQDXFPDgDFXXcS7Pa6G02VP6OGL3YYGBJm2AqtkB0MeLWOk3RsBIPcEgY1eq\n+32n8fObXUr0UX22sjyv/PkMkYWIru01dE9pc2KCDNYF7Gea8kM9C0VQx0gog5SL\nesYHABEox+t0ZVhVvOfUIlqK6GN7eEiN6PTgKhpEVnoowne81QIDAQABMA0GCSqGvSIb3DQEBCwUAA4GBALK8Hko9UU62XYX1IdJ2EA/XRWHPin2OXurEPRDv0X4q9oc9\nBMvDR36pXMMEFd9pRp7MQnGq266qecNWBkmcSY9k/ct8GtG6t4k+lBQvQPBERs7I\niiCDgIa53ofoJSi2rN9+HuluSwFLIObt2pKhrgfy6UV9VasTyxcLw8wD4z8u\n-----END CERTIFICATE-----"
        }
    ]
}

  1. If you don’t have the setId value, run List sets.

  2. From the sets array, store the relevant id value as the setId parameter.

  3. If you don’t have the set’s version value, run List versions and store the relevant version.

  4. Make a GET request to /trust-chain-manager/v1/sets/{setId}/versions/{version}.

  5. The operation responds with a SetFullData object.

List certificates for the latest version

Returns the latest version of available certificate sets under your account, with each set’s certificates listed individually.

GET /trust-chain-manager/v1/sets/{setId}/certificates

Sample: /trust-chain-manager/v1/sets/100/certificates

Parameter Type Sample Description
URL path parameters
setId Integer 100 Identifies the certificate set.

Status 200 application/json

Object type: SetFullData

Download schema: set-certificates.json

Response body:

{
    "id": 75469,
    "name": "devqaSetId276",
    "version": 75221,
    "chains": [
        {
            "name": "chain2",
            "certificates": [
                {
                    "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate.tcm-11-example.com",
                    "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-13-example.com",
                    "expiryDate": "2020-04-07T17:33:39",
                    "startDate": "2019-04-08T17:33:39",
                    "certificate": "-----BEGIN CERTIFICATE-----\nMIIDDzCCAnKgAwIBAgIJAJHSGaH2s0pCMAoGCCqGSM49BAMCMFwxCzAJBgNVBAYT\nAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZB\na2FtYWkxGzAZBgNVBAMMEnRjbS0xMy1leGFtcGxlLmNvbTAeFw0xOTA0MDgxNzMz\nMzlaFw0yMDA0MDcxNzMzMzlaMGkxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNQTES\nMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxKDAmBgNVBAMMH2lu\ndGVybWVkaWF0ZS50Y20tMTEtZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDaotqwVMcQUoje6z353HxTItlOSiKVP4kDv+OuSGz2K8eX\nl2Wv2oRVCqSZ5oYuVooA+2JtviVnjsAidx6VK4+qc6BUmqSF2FEWbBhSm2hi6Pzt\nFp+heVBEdJUKtxHehtI5n1xw8Id5ziQLi5ywKAR5CQLjRScFGIWkj0zMJXUYwjJl\nNkVpJiD4PO1cFqGIIa/VyqlNCNwH3dfZEwBlhmRG1cDBEoOLb/F7159pMNIe/3aB\nlNyehMfLj7vSesFmYCw24nrAwW2gL+gx+uwMJaU3Hzk+yhzcVeOIiw4Gsm/elJzN\nVwJRUxoVSigcYi2Z8BcHWk+HDOZxnO9x0lVeyLZdAgMBAAGjRTBDMB0GA1UdDgQW\nBBR8j0E4g1vIdtpawhc7ZJ72v9qebDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1Ud\nDwEB/wQEAwIBhjAKBggqhkjOPQQDAgOBigAwgYYCQSp2p1MrZIwGadKK4NrEI0o9\n49g3ISzZ5APw/XqMwen8s6rOlnJJhUN+7zzdp/gIvdPVlMDQBAqb447mPTVn250r\nAkEGJfMps1E9XmWilKXtcZzorYMeO1wCCiEfibYtgVUKoItZqs144K77DfovjUD8\nwvbndItQEOm8sx+MLzQ1aWrduw==\n-----END CERTIFICATE-----",
                    "id": 75754
                },
                {
                    "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate1.tcm-11-example.com",
                    "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate.tcm-11-example.com",
                    "expiryDate": "2020-04-07T17:43:58",
                    "startDate": "2019-04-08T17:43:58",
                    "certificate": "-----BEGIN CERTIFICATE-----\nMIIDmzCCAoOgAwIBAgIJAJHSGaH2s0pDMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxKDAmBgNVBAMMH2ludGVybWVkaWF0ZS50Y20tMTEtZXhhbXBsZS5j\nb20wHhcNMTkwNDA4MTc0MzU4WhcNMjAwNDA3MTc0MzU4WjBqMQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWth\nbWFpMSkwJwYDVQQDDCBpbnRlcm1lZGlhdGUxLnRjbS0xMS1leGFtcGxlLmNvbTCC\nASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALgwBUMjpHQcU3gnZBlPaT7y\nFAlwVjP/tjpxrnc9o92HJdta6yukQuPJ+FjY1AYvCaf5bF8KHpo08Vz2X43tQhMu\nHMBRMUTb6HxYitQbiTijVw0gClSMmvBV4wk8osh81L9aNH/6OljSzWce99UnBefn\nfDZlfg1Y4lFK/zGyFhLcils5lVVd5JfNuwn+54cWdqoTcuaMHvz5i5/cASEI1w8T\nUicdMHUv+32cVcppfhncGxIPqIrdnsWotRrgr7RkYs/ubp8Gm81j6dYNAMJ0YYxG\nn6ppv23poXapuiUjEQc7o8xDtoyI7WnsWrxzd/bm2fXde5krum4CL9X/ugBYV/EC\nAwEAAaNFMEMwHQYDVR0OBBYEFPGRnc9xmEaNZlKWVX+WY+NUHVVDMBIGA1UdEwEB\n/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQDW\nsZV2VOIO7LSjsgRZIWO8iaJ/CVaK+KqY/WhdIoXHcazX8qITnzcPgdci1pCGReDa\nYCjuvGPbHiPqN8n9g8NtbTGoVUBGFPchxK+pLgJUASa11FmOG2HQFngAz/MBjfNC\n/E7AgC3LxDJwf4Sm7jQtzmEMgONGrxQbhJhUIFuUIFrmlQclOxtoIu2aFSEoskob\nh9bDyYKCIiMGY2IFOSP7/oQEY1zkFcH/b1Im5gesNcbEjArmiEdPKlRyPeTiQ1F0\nFIOqaPoIgzwstD1k8cPvvAU9+sH/AhetU1i94U28SFg2Mt6jQM3iG63mHzjFzo14\n6e/YKx6F+MTdsUdP4AFn\n-----END CERTIFICATE-----",
                    "id": 75755
                }
            ]
        },
        {
            "name": "chain1",
            "certificates": [
                {
                    "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-13-example.com",
                    "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-13-example.com",
                    "expiryDate": "2020-04-07T17:27:35",
                    "startDate": "2019-04-08T17:27:35",
                    "certificate": "-----BEGIN CERTIFICATE-----\nMIIECzCCA22gAwIBAgIJAOW+qN6sBoEgMAoGCCqGSM49BAMCMFwxCzAJBgNVBAYT\nAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZB\na2FtYWkxGzAZBgNVBAMMEnRjbS0xMy1leGFtcGxlLmNvbTAeFw0xOTA0MDgxNzI3\nMzVaFw0yMDA0MDcxNzI3MzVaMFwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNQTES\nMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxGzAZBgNVBAMMEnRj\nbS0xMy1leGFtcGxlLmNvbTCCAlwwggHPBgcqhkjOPQIBMIIBwgIBATBNBgcqhkjO\nPQEBAkIB////////////////////////////////////////////////////////\n//////////////////////////////8wgZ4EQgH/////////////////////////\n/////////////////////////////////////////////////////////////ARB\nUZU+uWGOHJofkpohoLaFQO6i2nJbmbMV87i0iZGO8QnhVhk5Uex+k3sWUsC9O7G/\nBzVz34g9LDTx70Uf1GtQPwADFQDQnogAKRy4U5bMZxc5MoSqoNpkugSBhQQAxoWO\nBrcEBOnNnj7LZiOVtEKcZIE5BT+1Ifgor2BrTT26oUted+/nWSj+HcEnov+o3jNI\ns8GFakKb+X5+McLlvWYBGDkpaniaO8AEXIpftCx9G9mY9URJV5tEaBevvRcnPmYs\nl+5ymV70JkDFULkBP60HYTU8cIaicsJAiL6Udp/RZlACQgH/////////////////\n//////////////////////////pRhoeDvy+Wa3/MAUj3CaXQO7XJuImcR667b7ce\nkThkCQIBAQOBhgAEAEXztKDE0BsR1r7q/rN2qc4KyTPjjgwlk8Va8VCqA/Elz57Q\nU4Lzt/XEk6vJd2YccgqK/oDffhT7MXT10Kb1DNI/AQryxSAJNlLurHA7G5U4M4xv\nBNgy4vtJJ40Xvbv3Fd7IM42CZBsKsaroKgrfk0NbjU0im9ETgAfUtq//njMiYJo3\noxMwETAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA4GLADCBhwJBPQEZG2pi\nL5iHKGMzb+IKGns1iguNCWEfZT3llAk0P8xb5A1tULWOxP+dJ6ezInRF3QdGGlEN\n2qiMl1vBSTTBsa8CQgGx1vr+0WcgcIRG6F04mKC2ikS+W/9/FuDqbRRHjd2fMWYl\nquT9SnmYbuK2jpM52fmKa85KUUdL2ypPWXSbKKHpQQ==\n-----END CERTIFICATE-----",
                    "id": 75756
                }
            ]
        },
        {
            "name": "chain31",
            "certificates": [
                {
                    "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-5-example.com",
                    "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-5-example.com",
                    "expiryDate": "2020-03-30T05:07:35",
                    "startDate": "2019-03-31T05:07:35",
                    "certificate": "-----BEGIN CERTIFICATE-----\nMIIDTDCCAjSgAwIBAgIJALVysyVJNlL0MA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxGjAYBgNVBAMMEXRjbS01LWV4YW1wbGUuY29tMB4XDTE5MDMzMTA1\nMDczNVoXDTIwMDMzMDA1MDczNVowWzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1B\nMRIwEAYDVQQHDAlDYW1icmlkZ2UxDzANBgNVBAoMBkFrYW1haTEaMBgGA1UEAwwR\ndGNtLTUtZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\nAQC7Q04nJTVIt7/ywgmk8K5WsghDaqzS4VT2dc/qedqa7qr86Bn7EJrftg6RNC8b\nNuRdJfG3CbJpxVMfMLkkFS3+6W1TC6WGJzD/54jRJ3wvAg8bhyAVeQ6xC09mG7i3\nKpZFRHRYfdAu9GRLj25Fih4mrjfEbl042euSB8XQa9ekchwfmh80tFqIJxZZFdX6\n3RbbKQ3afiW+aII/78CA0mOXcbsft53UYpQMYlcWpKSreMyBunFDHUum+b/oYpm1\nlHOE0EvoijRpBLTnGk/nrBoSYGshL7p8QaJxWQ+YBMJLQ4o8QuLQk9s5qW1u9IxJ\n5Pqr0PsSnwtX3TAyKa5YtdcdAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJ\nKoZIhvcNAQELBQADggEBAFWLGPA/Kqd9KVaY5h0IAJm0zN365VJC2i8dA87CDE1+\nESQyseRXm7uFczyJZgFVwG18iUgs8/8JJ6T7bWwRn/9iomjMvejADywk+ylgkrZI\n6nWGK+XIxQ9XT5+6cFQoXrhDM+o102173ncu6xEbfIPXgd6yY3Rk52Dy6i+vMfE8\n5BVzOmY1KCRGU/K1oo6cOtu6rch8UpBiCcBIBdCCOWVoqAYmznFVwjOaRtfiwbMa\nHB8VKsoEawUIha6nJQbVzgTh5D+gXR9lNMJxNjOeDdGJJBChtnyp69AwsCO/8N3k\naOy6P+6a4hnLUu0E95DW2rOTH1APWuGPJ+HEGwgVPiA=\n-----END CERTIFICATE-----",
                    "id": 75757
                },
                {
                    "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate.tcm-5-example.com",
                    "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-5-example.com",
                    "expiryDate": "2020-03-31T03:41:07",
                    "startDate": "2019-04-01T03:41:07",
                    "certificate": "-----BEGIN CERTIFICATE-----\nMIIDBzCCAe+gAwIBAgIJAJHSGaH2s0o2MA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxGjAYBgNVBAMMEXRjbS01LWV4YW1wbGUuY29tMB4XDTE5MDQwMTAz\nNDEwN1oXDTIwMDMzMTAzNDEwN1owaDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1B\nMRIwEAYDVQQHDAlDYW1icmlkZ2UxDzANBgNVBAoMBkFrYW1haTEnMCUGA1UEAwwe\naW50ZXJtZWRpYXRlLnRjbS01LWV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUA\nA4GNADCBiQKBgQDsTUmurNg0FMi0MGOcBT2DImzr+RtSNomGq/NsxhuLiQFAaCnO\niY6yIO0KrOC6NZHcHEWwvQso3OKls/c5pkFGxex4CNR7jpQ/XfoUqVir75fWYR7U\nCSrxaKTSuQyL21OcrO7SN4UCVaIvPTJyIIMh2WQAdjZmzwlujkIsp+USywIDAQAB\no0UwQzAdBgNVHQ4EFgQUln84iBJyViKO4kXJrO6y+O5oPjcwEgYDVR0TAQH/BAgw\nBgEB/wIBATAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBAIsbu2dx\nY/hpQg+g4cvihIuMpaN6y/avGm4x9TSILTP+4pcdis8QIMdnBi+2w6+Hhv80rX9w\nCulARg1qTnCf5mkR5iGnF5mEqeIe5xRop1rgmNAkC3D2SwJSLcB4zPHve9ijgk/U\nALe2ucvguaO7WNh3ykmthMLCf5aDr+XnP95F5gXxJ88zmAfx5EExp6QYNahuXgvp\nXhTCkYkhHQeZlw6M8Fx7G5XZAk/kHw4FUmWc8sOj4LtilL7zf9risyPxO3nOW+vF\nFqBS0BLtHbMws6ow2Hhn17WDYFCpF13owqFt6oX407QPhx8jyR2DHwVAPBgF7+BV\niPpNC6TdnL7PVHM=\n-----END CERTIFICATE-----",
                    "id": 75758
                }
            ]
        }
    ]
}

  1. If you don’t have the setId value, run List sets.

  2. From the sets array, store the relevant id value as the setId parameter.

  3. Make a GET request to /trust-chain-manager/v1/sets/{setId}/certificates.

  4. The operation responds with a SetFullData object.

List certificates for a version

Returns a specific version of a certificate set and its certificates.

GET /trust-chain-manager/v1/sets/{setId}/certificates/versions/{version}

Sample: /trust-chain-manager/v1/sets/100/certificates/versions/75361

Parameter Type Sample Description
URL path parameters
setId Integer 100 Identifies the certificate set.
version Integer 75361 Uniquely identifies a certificate set’s version.

Status 200 application/json

Object type: SetFullData

Download schema: set-certificates.json

Response body:

{
    "id": 75469,
    "name": "devqaSetId276",
    "version": 75221,
    "chains": [
        {
            "name": "chain2",
            "certificates": [
                {
                    "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate.tcm-11-example.com",
                    "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-13-example.com",
                    "expiryDate": "2020-04-07T17:33:39",
                    "startDate": "2019-04-08T17:33:39",
                    "certificate": "-----BEGIN CERTIFICATE-----\nMIIDDzCCAnKgAwIBAgIJAJHSGaH2s0pCMAoGCCqGSM49BAMCMFwxCzAJBgNVBAYT\nAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZB\na2FtYWkxGzAZBgNVBAMMEnRjbS0xMy1leGFtcGxlLmNvbTAeFw0xOTA0MDgxNzMz\nMzlaFw0yMDA0MDcxNzMzMzlaMGkxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNQTES\nMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxKDAmBgNVBAMMH2lu\ndGVybWVkaWF0ZS50Y20tMTEtZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDaotqwVMcQUoje6z353HxTItlOSiKVP4kDv+OuSGz2K8eX\nl2Wv2oRVCqSZ5oYuVooA+2JtviVnjsAidx6VK4+qc6BUmqSF2FEWbBhSm2hi6Pzt\nFp+heVBEdJUKtxHehtI5n1xw8Id5ziQLi5ywKAR5CQLjRScFGIWkj0zMJXUYwjJl\nNkVpJiD4PO1cFqGIIa/VyqlNCNwH3dfZEwBlhmRG1cDBEoOLb/F7159pMNIe/3aB\nlNyehMfLj7vSesFmYCw24nrAwW2gL+gx+uwMJaU3Hzk+yhzcVeOIiw4Gsm/elJzN\nVwJRUxoVSigcYi2Z8BcHWk+HDOZxnO9x0lVeyLZdAgMBAAGjRTBDMB0GA1UdDgQW\nBBR8j0E4g1vIdtpawhc7ZJ72v9qebDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1Ud\nDwEB/wQEAwIBhjAKBggqhkjOPQQDAgOBigAwgYYCQSp2p1MrZIwGadKK4NrEI0o9\n49g3ISzZ5APw/XqMwen8s6rOlnJJhUN+7zzdp/gIvdPVlMDQBAqb447mPTVn250r\nAkEGJfMps1E9XmWilKXtcZzorYMeO1wCCiEfibYtgVUKoItZqs144K77DfovjUD8\nwvbndItQEOm8sx+MLzQ1aWrduw==\n-----END CERTIFICATE-----",
                    "id": 75754
                },
                {
                    "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate1.tcm-11-example.com",
                    "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate.tcm-11-example.com",
                    "expiryDate": "2020-04-07T17:43:58",
                    "startDate": "2019-04-08T17:43:58",
                    "certificate": "-----BEGIN CERTIFICATE-----\nMIIDmzCCAoOgAwIBAgIJAJHSGaH2s0pDMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxKDAmBgNVBAMMH2ludGVybWVkaWF0ZS50Y20tMTEtZXhhbXBsZS5j\nb20wHhcNMTkwNDA4MTc0MzU4WhcNMjAwNDA3MTc0MzU4WjBqMQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWth\nbWFpMSkwJwYDVQQDDCBpbnRlcm1lZGlhdGUxLnRjbS0xMS1leGFtcGxlLmNvbTCC\nASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALgwBUMjpHQcU3gnZBlPaT7y\nFAlwVjP/tjpxrnc9o92HJdta6yukQuPJ+FjY1AYvCaf5bF8KHpo08Vz2X43tQhMu\nHMBRMUTb6HxYitQbiTijVw0gClSMmvBV4wk8osh81L9aNH/6OljSzWce99UnBefn\nfDZlfg1Y4lFK/zGyFhLcils5lVVd5JfNuwn+54cWdqoTcuaMHvz5i5/cASEI1w8T\nUicdMHUv+32cVcppfhncGxIPqIrdnsWotRrgr7RkYs/ubp8Gm81j6dYNAMJ0YYxG\nn6ppv23poXapuiUjEQc7o8xDtoyI7WnsWrxzd/bm2fXde5krum4CL9X/ugBYV/EC\nAwEAAaNFMEMwHQYDVR0OBBYEFPGRnc9xmEaNZlKWVX+WY+NUHVVDMBIGA1UdEwEB\n/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQDW\nsZV2VOIO7LSjsgRZIWO8iaJ/CVaK+KqY/WhdIoXHcazX8qITnzcPgdci1pCGReDa\nYCjuvGPbHiPqN8n9g8NtbTGoVUBGFPchxK+pLgJUASa11FmOG2HQFngAz/MBjfNC\n/E7AgC3LxDJwf4Sm7jQtzmEMgONGrxQbhJhUIFuUIFrmlQclOxtoIu2aFSEoskob\nh9bDyYKCIiMGY2IFOSP7/oQEY1zkFcH/b1Im5gesNcbEjArmiEdPKlRyPeTiQ1F0\nFIOqaPoIgzwstD1k8cPvvAU9+sH/AhetU1i94U28SFg2Mt6jQM3iG63mHzjFzo14\n6e/YKx6F+MTdsUdP4AFn\n-----END CERTIFICATE-----",
                    "id": 75755
                }
            ]
        },
        {
            "name": "chain1",
            "certificates": [
                {
                    "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-13-example.com",
                    "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-13-example.com",
                    "expiryDate": "2020-04-07T17:27:35",
                    "startDate": "2019-04-08T17:27:35",
                    "certificate": "-----BEGIN CERTIFICATE-----\nMIIECzCCA22gAwIBAgIJAOW+qN6sBoEgMAoGCCqGSM49BAMCMFwxCzAJBgNVBAYT\nAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZB\na2FtYWkxGzAZBgNVBAMMEnRjbS0xMy1leGFtcGxlLmNvbTAeFw0xOTA0MDgxNzI3\nMzVaFw0yMDA0MDcxNzI3MzVaMFwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNQTES\nMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxGzAZBgNVBAMMEnRj\nbS0xMy1leGFtcGxlLmNvbTCCAlwwggHPBgcqhkjOPQIBMIIBwgIBATBNBgcqhkjO\nPQEBAkIB////////////////////////////////////////////////////////\n//////////////////////////////8wgZ4EQgH/////////////////////////\n/////////////////////////////////////////////////////////////ARB\nUZU+uWGOHJofkpohoLaFQO6i2nJbmbMV87i0iZGO8QnhVhk5Uex+k3sWUsC9O7G/\nBzVz34g9LDTx70Uf1GtQPwADFQDQnogAKRy4U5bMZxc5MoSqoNpkugSBhQQAxoWO\nBrcEBOnNnj7LZiOVtEKcZIE5BT+1Ifgor2BrTT26oUted+/nWSj+HcEnov+o3jNI\ns8GFakKb+X5+McLlvWYBGDkpaniaO8AEXIpftCx9G9mY9URJV5tEaBevvRcnPmYs\nl+5ymV70JkDFULkBP60HYTU8cIaicsJAiL6Udp/RZlACQgH/////////////////\n//////////////////////////pRhoeDvy+Wa3/MAUj3CaXQO7XJuImcR667b7ce\nkThkCQIBAQOBhgAEAEXztKDE0BsR1r7q/rN2qc4KyTPjjgwlk8Va8VCqA/Elz57Q\nU4Lzt/XEk6vJd2YccgqK/oDffhT7MXT10Kb1DNI/AQryxSAJNlLurHA7G5U4M4xv\nBNgy4vtJJ40Xvbv3Fd7IM42CZBsKsaroKgrfk0NbjU0im9ETgAfUtq//njMiYJo3\noxMwETAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA4GLADCBhwJBPQEZG2pi\nL5iHKGMzb+IKGns1iguNCWEfZT3llAk0P8xb5A1tULWOxP+dJ6ezInRF3QdGGlEN\n2qiMl1vBSTTBsa8CQgGx1vr+0WcgcIRG6F04mKC2ikS+W/9/FuDqbRRHjd2fMWYl\nquT9SnmYbuK2jpM52fmKa85KUUdL2ypPWXSbKKHpQQ==\n-----END CERTIFICATE-----",
                    "id": 75756
                }
            ]
        },
        {
            "name": "chain31",
            "certificates": [
                {
                    "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-5-example.com",
                    "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-5-example.com",
                    "expiryDate": "2020-03-30T05:07:35",
                    "startDate": "2019-03-31T05:07:35",
                    "certificate": "-----BEGIN CERTIFICATE-----\nMIIDTDCCAjSgAwIBAgIJALVysyVJNlL0MA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxGjAYBgNVBAMMEXRjbS01LWV4YW1wbGUuY29tMB4XDTE5MDMzMTA1\nMDczNVoXDTIwMDMzMDA1MDczNVowWzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1B\nMRIwEAYDVQQHDAlDYW1icmlkZ2UxDzANBgNVBAoMBkFrYW1haTEaMBgGA1UEAwwR\ndGNtLTUtZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\nAQC7Q04nJTVIt7/ywgmk8K5WsghDaqzS4VT2dc/qedqa7qr86Bn7EJrftg6RNC8b\nNuRdJfG3CbJpxVMfMLkkFS3+6W1TC6WGJzD/54jRJ3wvAg8bhyAVeQ6xC09mG7i3\nKpZFRHRYfdAu9GRLj25Fih4mrjfEbl042euSB8XQa9ekchwfmh80tFqIJxZZFdX6\n3RbbKQ3afiW+aII/78CA0mOXcbsft53UYpQMYlcWpKSreMyBunFDHUum+b/oYpm1\nlHOE0EvoijRpBLTnGk/nrBoSYGshL7p8QaJxWQ+YBMJLQ4o8QuLQk9s5qW1u9IxJ\n5Pqr0PsSnwtX3TAyKa5YtdcdAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJ\nKoZIhvcNAQELBQADggEBAFWLGPA/Kqd9KVaY5h0IAJm0zN365VJC2i8dA87CDE1+\nESQyseRXm7uFczyJZgFVwG18iUgs8/8JJ6T7bWwRn/9iomjMvejADywk+ylgkrZI\n6nWGK+XIxQ9XT5+6cFQoXrhDM+o102173ncu6xEbfIPXgd6yY3Rk52Dy6i+vMfE8\n5BVzOmY1KCRGU/K1oo6cOtu6rch8UpBiCcBIBdCCOWVoqAYmznFVwjOaRtfiwbMa\nHB8VKsoEawUIha6nJQbVzgTh5D+gXR9lNMJxNjOeDdGJJBChtnyp69AwsCO/8N3k\naOy6P+6a4hnLUu0E95DW2rOTH1APWuGPJ+HEGwgVPiA=\n-----END CERTIFICATE-----",
                    "id": 75757
                },
                {
                    "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate.tcm-5-example.com",
                    "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-5-example.com",
                    "expiryDate": "2020-03-31T03:41:07",
                    "startDate": "2019-04-01T03:41:07",
                    "certificate": "-----BEGIN CERTIFICATE-----\nMIIDBzCCAe+gAwIBAgIJAJHSGaH2s0o2MA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxGjAYBgNVBAMMEXRjbS01LWV4YW1wbGUuY29tMB4XDTE5MDQwMTAz\nNDEwN1oXDTIwMDMzMTAzNDEwN1owaDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1B\nMRIwEAYDVQQHDAlDYW1icmlkZ2UxDzANBgNVBAoMBkFrYW1haTEnMCUGA1UEAwwe\naW50ZXJtZWRpYXRlLnRjbS01LWV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUA\nA4GNADCBiQKBgQDsTUmurNg0FMi0MGOcBT2DImzr+RtSNomGq/NsxhuLiQFAaCnO\niY6yIO0KrOC6NZHcHEWwvQso3OKls/c5pkFGxex4CNR7jpQ/XfoUqVir75fWYR7U\nCSrxaKTSuQyL21OcrO7SN4UCVaIvPTJyIIMh2WQAdjZmzwlujkIsp+USywIDAQAB\no0UwQzAdBgNVHQ4EFgQUln84iBJyViKO4kXJrO6y+O5oPjcwEgYDVR0TAQH/BAgw\nBgEB/wIBATAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBAIsbu2dx\nY/hpQg+g4cvihIuMpaN6y/avGm4x9TSILTP+4pcdis8QIMdnBi+2w6+Hhv80rX9w\nCulARg1qTnCf5mkR5iGnF5mEqeIe5xRop1rgmNAkC3D2SwJSLcB4zPHve9ijgk/U\nALe2ucvguaO7WNh3ykmthMLCf5aDr+XnP95F5gXxJ88zmAfx5EExp6QYNahuXgvp\nXhTCkYkhHQeZlw6M8Fx7G5XZAk/kHw4FUmWc8sOj4LtilL7zf9risyPxO3nOW+vF\nFqBS0BLtHbMws6ow2Hhn17WDYFCpF13owqFt6oX407QPhx8jyR2DHwVAPBgF7+BV\niPpNC6TdnL7PVHM=\n-----END CERTIFICATE-----",
                    "id": 75758
                }
            ]
        }
    ]
}

  1. If you don’t have the setId value, run List sets.

  2. From the sets array, store the relevant id value as the setId parameter.

  3. If you don’t have the set’s version value, run List versions and store the relevant version.

  4. Make a GET request to /trust-chain-manager/v1/sets/{setId}/certificates/versions/{version}.

  5. The operation responds with a SetFullData object.

Get a certificate

Returns information about a specific certificate.

GET /trust-chain-manager/v1/sets/{setId}/certificates/{certificateId}

Sample: /trust-chain-manager/v1/sets/100/certificates/77109

Parameter Type Sample Description
URL path parameters
setId Integer 100 Identifies the certificate set.
certificateId String 77109 Identifies each certificate.

Status 200 application/json

Object type: SetFullData

Download schema: certificate.json

Response body:

{
    "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate.tcm-11-example.com",
    "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-13-example.com",
    "expiryDate": "2020-04-07T17:33:39",
    "startDate": "2019-04-08T17:33:39",
    "certificate": "-----BEGIN CERTIFICATE-----\nMIIDDzCCAnKgAwIBAgIJAJHSGaH2s0pCMAoGCCqGSM49BAMCMFwxCzAJBgNVBAYT\nAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZB\na2FtYWkxGzAZBgNVBAMMEnRjbS0xMy1leGFtcGxlLmNvbTAeFw0xOTA0MDgxNzMz\nMzlaFw0yMDA0MDcxNzMzMzlaMGkxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNQTES\nMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxKDAmBgNVBAMMH2lu\ndGVybWVkaWF0ZS50Y20tMTEtZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDaotqwVMcQUoje6z353HxTItlOSiKVP4kDv+OuSGz2K8eX\nl2Wv2oRVCqSZ5oYuVooA+2JtviVnjsAidx6VK4+qc6BUmqSF2FEWbBhSm2hi6Pzt\nFp+heVBEdJUKtxHehtI5n1xw8Id5ziQLi5ywKAR5CQLjRScFGIWkj0zMJXUYwjJl\nNkVpJiD4PO1cFqGIIa/VyqlNCNwH3dfZEwBlhmRG1cDBEoOLb/F7159pMNIe/3aB\nlNyehMfLj7vSesFmYCw24nrAwW2gL+gx+uwMJaU3Hzk+yhzcVeOIiw4Gsm/elJzN\nVwJRUxoVSigcYi2Z8BcHWk+HDOZxnO9x0lVeyLZdAgMBAAGjRTBDMB0GA1UdDgQW\nBBR8j0E4g1vIdtpawhc7ZJ72v9qebDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1Ud\nDwEB/wQEAwIBhjAKBggqhkjOPQQDAgOBigAwgYYCQSp2p1MrZIwGadKK4NrEI0o9\n49g3ISzZ5APw/XqMwen8s6rOlnJJhUN+7zzdp/gIvdPVlMDQBAqb447mPTVn250r\nAkEGJfMps1E9XmWilKXtcZzorYMeO1wCCiEfibYtgVUKoItZqs144K77DfovjUD8\nwvbndItQEOm8sx+MLzQ1aWrduw==\n-----END CERTIFICATE-----",
    "id": 77109
}

  1. If you don’t have the setId value, run List sets.

  2. From the sets array, store the relevant id value as the setId parameter.

  3. If you don’t have the certificateId value, run List the latest version’s certificate IDs or Get a version’s certificate IDs.

  4. From the certificatesIds array, store the relevant id value as a certificateId parameter.

  5. Make a GET request to /trust-chain-manager/v1/sets/{setId}/certificates/{certificateId}.

  6. The operation responds with a SetFullData object.

List certificate IDs for the latest version

Returns the latest version of the certificate set and its certificate identifiers.

GET /trust-chain-manager/v1/sets/{setId}/certificateIds

Sample: /trust-chain-manager/v1/sets/100/certificateIds

Parameter Type Sample Description
URL path parameters
setId Integer 100 Identifies the certificate set.

Status 200 application/json

Object type: CertificateIDs

Download schema: certificateIds.json

Response body:

{
    "id": 75469,
    "name": "devqaSetId276",
    "version": 75221,
    "certificateIds": [
        75754,
        75755
    ]
}

  1. If you don’t have the setId value, run List sets.

  2. From the sets array, store the relevant id value as the setId parameter.

  3. Make a GET request to /trust-chain-manager/v1/sets/{setId}/certificateIds.

  4. The operation responds with a CertificateIDs object.

Get certificate IDs for a version

Returns a specific version of the certificate set and its certificate identifiers.

GET /trust-chain-manager/v1/sets/{setId}/certificateIds/versions/{version}

Sample: /trust-chain-manager/v1/sets/100/certificateIds/versions/75361

Parameter Type Sample Description
URL path parameters
setId Integer 100 Identifies the certificate set.
version Integer 75361 Uniquely identifies a certificate set’s version.

Status 200 application/json

Object type: CertificateIDs

Download schema: certificateIds.json

Response body:

{
    "id": 75469,
    "name": "devqaSetId276",
    "version": 75221,
    "certificateIds": [
        75754,
        75755
    ]
}

  1. If you don’t have the setId value, run List sets.

  2. From the sets array, store the relevant id value as the setId parameter.

  3. If you don’t have the set’s version value, run List versions and store the relevant version.

  4. Make a GET request to /trust-chain-manager/v1/sets/{setId}/certificateIds/versions/{version}

  5. The operation responds with a CertificateIDs object.

List trust chains for active versions

Returns all active versions for a specific certificate set, including each version’s trust chains. See API concepts.

GET /trust-chain-manager/v1/sets/{setId}/trustchains

Sample: /trust-chain-manager/v1/sets/100/trustchains

Parameter Type Sample Description
URL path parameters
setId Integer 100 Identifies the certificate set.

Status 200 application/json

Object type: SetFullData

Download schema: set-trustchains.json

Response body:

{
    "id": 75221,
    "name": "tcmAutomation-2019-06-18-21-47-10",
    "versions": [
        {
            "version": 75378,
            "production": "DEPLOYING",
            "staging": "DEPLOYED",
            "lastModifiedBy": "ccare2",
            "timestamp": "2019-06-20T15:04:03.46",
            "tree": [
                {
                    "certificate": {
                        "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,OU=IPQA,CN=IOT,E=plevin@akamai.com",
                        "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,OU=IPQA,CN=IOT,E=plevin@akamai.com",
                        "expiryDate": "2020-03-24T17:37:53",
                        "startDate": "2019-03-25T17:37:53",
                        "id": 75438
                    }
                },
                {
                    "certificate": {
                        "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-15-example.com",
                        "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-15-example.com",
                        "expiryDate": "2020-04-08T03:59:27",
                        "startDate": "2019-04-09T03:59:27",
                        "id": 75437
                    }
                }
            ]
        },
        {
            "version": 75371,
            "production": "DEPLOYED",
            "staging": "DEPLOYMENT_FAILED",
            "lastModifiedBy": "ccare2",
            "timestamp": "2019-06-19T15:25:51.049",
            "tree": [
                {
                    "certificate": {
                        "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,OU=IPQA,CN=IOT,E=plevin@akamai.com",
                        "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,OU=IPQA,CN=IOT,E=plevin@akamai.com",
                        "expiryDate": "2020-03-24T17:37:53",
                        "startDate": "2019-03-25T17:37:53",
                        "id": 75430
                    }
                }
            ]
        },
        {
            "version": 75361,
            "production": "",
            "staging": "DEPLOYING",
            "lastModifiedBy": "ccare2",
            "timestamp": "2019-06-19T01:47:11.675",
            "tree": [
                {
                    "certificate": {
                        "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-5-example.com",
                        "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-5-example.com",
                        "expiryDate": "2020-03-30T05:07:35",
                        "startDate": "2019-03-31T05:07:35",
                        "id": 76274
                    },
                    "certificates": [
                        {
                            "certificate": {
                                "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate.tcm-5-example.com",
                                "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-5-example.com",
                                "expiryDate": "2020-03-31T03:41:07",
                                "startDate": "2019-04-01T03:41:07",
                                "id": 76275
                            }
                        }
                    ]
                },
                {
                    "certificate": {
                        "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-13-example.com",
                        "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-13-example.com",
                        "expiryDate": "2020-04-07T17:27:35",
                        "startDate": "2019-04-08T17:27:35",
                        "id": 76273
                    },
                    "certificates": [
                        {
                            "certificate": {
                                "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate.tcm-11-example.com",
                                "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-13-example.com",
                                "expiryDate": "2020-04-07T17:33:39",
                                "startDate": "2019-04-08T17:33:39",
                                "id": 76271
                            },
                            "certificates": [
                                {
                                    "certificate": {
                                        "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate1.tcm-12-example.com",
                                        "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate.tcm-11-example.com",
                                        "expiryDate": "2020-04-07T17:43:58",
                                        "startDate": "2019-04-08T17:43:58",
                                        "id": 76272
                                    }
                                }
                            ]
                        }
                    ]
                }
            ]
        }
    ]
}

  1. If you don’t have the setId value, run List sets.

  2. From the sets array, store the relevant id value as the setId parameter.

  3. Make a GET request to /trust-chain-manager/v1/sets/{setId}/trustchains.

  4. The operation responds with a SetFullData object.

Get a deployment for a set

Returns the deployment state for the latest version of a specific certificate set.

GET /trust-chain-manager/v1/sets/{setId}/deployments

Sample: /trust-chain-manager/v1/sets/100/deployments

Parameter Type Sample Description
URL path parameters
setId Integer 100 Identifies the certificate set.

Status 200 application/json

Object type: DeploymentState

Download schema: deployment-state.json

Response body:

{
    "name": "Set1",
    "id": 123456,
    "version": 76152,
    "deployment": {
        "staging": "DEPLOYED",
        "production": "DEPLOYING"
    }
}

  1. If you don’t have the setId value, run List sets.

  2. From the sets array, store the relevant id value as the setId parameter.

  3. Make a GET request to /trust-chain-manager/v1/sets/{setId}/deployments.

  4. The operation responds with a DeploymentState object.

Deploy a set

Modifies the deployment location for the latest version of a specific certificate set.

PUT /trust-chain-manager/v1/sets/{setId}/deployments

Sample: /trust-chain-manager/v1/sets/100/deployments

Content-Type: application/json

Object type: Deployment

Download schema: deployment.json

Request body:

{
    "deployment": {
        "staging": false,
        "production": true
    }
}
Parameter Type Sample Description
URL path parameters
setId Integer 100 Identifies the certificate set.

Status 204

  1. If you don’t have the setId value, run List sets.

  2. From the sets array, store the relevant id value as the setId parameter.

  3. Build a Deployment object or optionally modify a Get the latest set response with new staging and production values.

  4. PUT the object to /trust-chain-manager/v1/sets/{setId}/deployments.

  5. The operation responds with a Deployment object.

Get a deployment for a version

Returns the deployment state for a specific version of a certificate set.

GET /trust-chain-manager/v1/sets/{setId}/deployments/versions/{version}

Sample: /trust-chain-manager/v1/sets/100/deployments/versions/76152

Parameter Type Sample Description
URL path parameters
setId Integer 100 Identifies the certificate set.
version Integer 76152 Uniquely identifies this certificate set’s version.

Status 200 application/json

Object type: DeploymentState

Download schema: deployment-state.json

Response body:

{
    "name": "Set1",
    "id": 123456,
    "version": 76152,
    "deployment": {
        "staging": "DEPLOYED",
        "production": "DEPLOYING"
    }
}

  1. If you don’t have the setId value, run List sets.

  2. From the sets array, store the relevant id value as the setId parameter.

  3. If you don’t have the set’s version value, run List versions and store the relevant version.

  4. Make a GET request to /trust-chain-manager/v1/sets/{setId}/deployments/versions/{version}.

  5. The operation responds with a DeploymentState object.

Deploy a version

Modifies the deployment location of the latest version for a specific certificate set.

PUT /trust-chain-manager/v1/sets/{setId}/deployments/versions/{version}

Sample: /trust-chain-manager/v1/sets/100/deployments/versions/76152

Content-Type: application/json

Object type: Deployment

Download schema: deployment.json

Request body:

{
    "deployment": {
        "staging": false,
        "production": true
    }
}
Parameter Type Sample Description
URL path parameters
setId Integer 100 Identifies the certificate set.
version Integer 76152 Uniquely identifies this certificate set’s version.

Status 204

  1. If you don’t have the setId value, run List sets.

  2. From the sets array, store the relevant id value as the setId parameter.

  3. If you don’t have the set’s version value, run List versions and store the relevant version.

  4. Get a version.

  5. Build a Deployment object or optionally modify a Get a version response with the new staging and production values.

  6. PUT the object to /trust-chain-manager/v1/sets/{setId}/deployments/versions/{version}.

  7. The operation responds with a Deployment object.

Validate a set

Checks a certificate set’s trust chains to ensure that each certificate meets the X.509 standard, is either a self-signed root certificate or signed by a root CA, and is within its current validity period. If the trust chains are valid, the operation responds with the set formatted as a tree structure, consisting of the CA root certificate and intermediate certificates.

POST /trust-chain-manager/v1/sets/validator

Content-Type: application/json

Object type: SetFullData

Download schema: set-full-data.json

Request body:

{
    "name": "devqaSetId225",
    "deployment": {
        "staging": true,
        "production": true
    },
    "chains": [
        {
            "name": "chain1",
            "certificates": "-----BEGIN CERTIFICATE-----\nMIIECzCCA22gAwIBAgIJAOW+qN6sBoEgMAoGCCqGSM49BAMCMFwxCzAJBgNVBAYT\nAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZB\na2FtYWkxGzAZBgNVBAMMEnRjbS0xMy1leGFtcGxlLmNvbTAeFw0xOTA0MDgxNzI3\nMzVaFw0yMDA0MDcxNzI3MzVaMFwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNQTES\nMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxGzAZBgNVBAMMEnRj\nbS0xMy1leGFtcGxlLmNvbTCCAlwwggHPBgcqhkjOPQIBMIIBwgIBATBNBgcqhkjO\nPQEBAkIB////////////////////////////////////////////////////////\n//////////////////////////////8wgZ4EQgH/////////////////////////\n/////////////////////////////////////////////////////////////ARB\nUZU+uWGOHJofkpohoLaFQO6i2nJbmbMV87i0iZGO8QnhVhk5Uex+k3sWUsC9O7G/\nBzVz34g9LDTx70Uf1GtQPwADFQDQnogAKRy4U5bMZxc5MoSqoNpkugSBhQQAxoWO\nBrcEBOnNnj7LZiOVtEKcZIE5BT+1Ifgor2BrTT26oUted+/nWSj+HcEnov+o3jNI\ns8GFakKb+X5+McLlvWYBGDkpaniaO8AEXIpftCx9G9mY9URJV5tEaBevvRcnPmYs\nl+5ymV70JkDFULkBP60HYTU8cIaicsJAiL6Udp/RZlACQgH/////////////////\n//////////////////////////pRhoeDvy+Wa3/MAUj3CaXQO7XJuImcR667b7ce\nkThkCQIBAQOBhgAEAEXztKDE0BsR1r7q/rN2qc4KyTPjjgwlk8Va8VCqA/Elz57Q\nU4Lzt/XEk6vJd2YccgqK/oDffhT7MXT10Kb1DNI/AQryxSAJNlLurHA7G5U4M4xv\nBNgy4vtJJ40Xvbv3Fd7IM42CZBsKsaroKgrfk0NbjU0im9ETgAfUtq//njMiYJo3\noxMwETAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA4GLADCBhwJBPQEZG2pi\nL5iHKGMzb+IKGns1iguNCWEfZT3llAk0P8xb5A1tULWOxP+dJ6ezInRF3QdGGlEN\n2qiMl1vBSTTBsa8CQgGx1vr+0WcgcIRG6F04mKC2ikS+W/9/FuDqbRRHjd2fMWYl\nquT9SnmYbuK2jpM52fmKa85KUUdL2ypPWXSbKKHpQQ==\n-----END CERTIFICATE-----"
        },
        {
            "name": "chain2",
            "certificates": "-----BEGIN CERTIFICATE-----\nMIIDDzCCAnKgAwIBAgIJAJHSGaH2s0pCMAoGCCqGSM49BAMCMFwxCzAJBgNVBAYT\nAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZB\na2FtYWkxGzAZBgNVBAMMEnRjbS0xMy1leGFtcGxlLmNvbTAeFw0xOTA0MDgxNzMz\nMzlaFw0yMDA0MDcxNzMzMzlaMGkxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNQTES\nMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxKDAmBgNVBAMMH2lu\ndGVybWVkaWF0ZS50Y20tMTEtZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDaotqwVMcQUoje6z353HxTItlOSiKVP4kDv+OuSGz2K8eX\nl2Wv2oRVCqSZ5oYuVooA+2JtviVnjsAidx6VK4+qc6BUmqSF2FEWbBhSm2hi6Pzt\nFp+heVBEdJUKtxHehtI5n1xw8Id5ziQLi5ywKAR5CQLjRScFGIWkj0zMJXUYwjJl\nNkVpJiD4PO1cFqGIIa/VyqlNCNwH3dfZEwBlhmRG1cDBEoOLb/F7159pMNIe/3aB\nlNyehMfLj7vSesFmYCw24nrAwW2gL+gx+uwMJaU3Hzk+yhzcVeOIiw4Gsm/elJzN\nVwJRUxoVSigcYi2Z8BcHWk+HDOZxnO9x0lVeyLZdAgMBAAGjRTBDMB0GA1UdDgQW\nBBR8j0E4g1vIdtpawhc7ZJ72v9qebDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1Ud\nDwEB/wQEAwIBhjAKBggqhkjOPQQDAgOBigAwgYYCQSp2p1MrZIwGadKK4NrEI0o9\n49g3ISzZ5APw/XqMwen8s6rOlnJJhUN+7zzdp/gIvdPVlMDQBAqb447mPTVn250r\nAkEGJfMps1E9XmWilKXtcZzorYMeO1wCCiEfibYtgVUKoItZqs144K77DfovjUD8\nwvbndItQEOm8sx+MLzQ1aWrduw==\n-----END CERTIFICATE-----"
        },
        {
            "name": "chain3",
            "certificates": "-----BEGIN CERTIFICATE-----\nMIIDmzCCAoOgAwIBAgIJAJHSGaH2s0pDMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxKDAmBgNVBAMMH2ludGVybWVkaWF0ZS50Y20tMTEtZXhhbXBsZS5j\nb20wHhcNMTkwNDA4MTc0MzU4WhcNMjAwNDA3MTc0MzU4WjBqMQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWth\nbWFpMSkwJwYDVQQDDCBpbnRlcm1lZGlhdGUxLnRjbS0xMS1leGFtcGxlLmNvbTCC\nASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALgwBUMjpHQcU3gnZBlPaT7y\nFAlwVjP/tjpxrnc9o92HJdta6yukQuPJ+FjY1AYvCaf5bF8KHpo08Vz2X43tQhMu\nHMBRMUTb6HxYitQbiTijVw0gClSMmvBV4wk8osh81L9aNH/6OljSzWce99UnBefn\nfDZlfg1Y4lFK/zGyFhLcils5lVVd5JfNuwn+54cWdqoTcuaMHvz5i5/cASEI1w8T\nUicdMHUv+32cVcppfhncGxIPqIrdnsWotRrgr7RkYs/ubp8Gm81j6dYNAMJ0YYxG\nn6ppv23poXapuiUjEQc7o8xDtoyI7WnsWrxzd/bm2fXde5krum4CL9X/ugBYV/EC\nAwEAAaNFMEMwHQYDVR0OBBYEFPGRnc9xmEaNZlKWVX+WY+NUHVVDMBIGA1UdEwEB\n/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQDW\nsZV2VOIO7LSjsgRZIWO8iaJ/CVaK+KqY/WhdIoXHcazX8qITnzcPgdci1pCGReDa\nYCjuvGPbHiPqN8n9g8NtbTGoVUBGFPchxK+pLgJUASa11FmOG2HQFngAz/MBjfNC\n/E7AgC3LxDJwf4Sm7jQtzmEMgONGrxQbhJhUIFuUIFrmlQclOxtoIu2aFSEoskob\nh9bDyYKCIiMGY2IFOSP7/oQEY1zkFcH/b1Im5gesNcbEjArmiEdPKlRyPeTiQ1F0\nFIOqaPoIgzwstD1k8cPvvAU9+sH/AhetU1i94U28SFg2Mt6jQM3iG63mHzjFzo14\n6e/YKx6F+MTdsUdP4AFn\n-----END CERTIFICATE-----"
        }
    ]
}

Status 200 application/json

Object type: SetFullData

Download schema: set-trustchains.json

Response body:

{
    "id": null,
    "name": null,
    "versions": [
        {
            "version": null,
            "staging": "",
            "production": "",
            "status": "INITIAL",
            "lastModifiedBy": "ralexand",
            "timestamp": "2019-06-28T18:11:01.158",
            "tree": [
                {
                    "certificate": {
                        "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-13-example.com",
                        "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-13-example.com",
                        "expiryDate": "2020-04-07T17:27:35",
                        "startDate": "2019-04-08T17:27:35",
                        "id": null
                    },
                    "certificates": [
                        {
                            "certificate": {
                                "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate.tcm-11-example.com",
                                "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=tcm-13-example.com",
                                "expiryDate": "2020-04-07T17:33:39",
                                "startDate": "2019-04-08T17:33:39",
                                "id": null
                            },
                            "certificates": [
                                {
                                    "certificate": {
                                        "subject": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate1.tcm-11-example.com",
                                        "issuer": "C=US,ST=MA,L=Cambridge,O=Akamai,CN=intermediate.tcm-11-example.com",
                                        "expiryDate": "2020-04-07T17:43:58",
                                        "startDate": "2019-04-08T17:43:58",
                                        "id": null
                                    }
                                }
                            ]
                        }
                    ]
                }
            ]
        }
    ]
}

  1. Build a new SetFullData object.

  2. Validate your set by POSTing the object to /trust-chain-manager/v1/sets/validator.

  3. If validation is successful, the operation responds with a SetFullData object.

Data

This section provides details for each type of data object the API exchanges.

Download the JSON schemas for this API.

This section’s data schema tables list membership requirements as follows:

Member is required in requests, or always present in responses, even if its value is empty or null.
Member is optional, and may be omitted in some cases.

SetFullData

Contains information about the certificate set.

Download schema: set-full-data.json

Sample GET response, POST, PUT body:

{
    "id": 123456,
    "version": 75361,
    "name": "Set1",
    "deployment": {
        "staging": true,
        "production": true
    },
    "chains": [
        {
            "name": "Chain1",
            "certificates": "-----BEGIN CERTIFICATE-----\nMIICiTCCAfKgAwIBAgIJAJHSGaH2s0otMA0GCSqGSIb3DQEBCwUAMF8xCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxHjAcBgNVBAMMFXNvbWUtcm9vdC5leGFtcGxlLmNvbTAeFw0xOTAz\nMDgxOTA3MDhaFw00NjA3MjMxOTA3MDhaMGcxCzAJBgNVBAYTAlVTMQswCQYDVQQI\nDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxJjAkBgNV\nBAMMHXNvbWUtaW50ZXJtZWRpYXRlLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB\nAQUAA4GNADCBiQKBgQCzuzTQHsW8HHB6cHv7jT/4cETl53jHB1QOK7aVdVO/cK5i\nv8YFB/O2zcXfHbObJTMDp5T33tiy2dTa4X/9OirC/FcEKK7pFL07r60nkyLbnX1P\nOLE7TrfBbzFpBxWXTSuXFi4Y002dvxKfxsgruxD3JVsdwBh4jZS6IkyUJHmopwID\nAQABo0UwQzAdBgNVHQ4EFgQUAveECjwgwk+MHozpCpMauW1TftkwEgYDVR0TAQH/\nBAgwBgEB/wIBATAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADgYEAxRxv\n4NadAtvJx7xBGBcR9C3NEz9WR84bpfHP720ZpgR8WRPXxjQZz/clwADi6PpE1/7B\nqybde5hE38XnbGOhzIDyIXd8Hfztaaj7vxR5DiEOAY3jE5Ix98WQ0ZrbYTSu4o1b\ncSPdPt3JWFygdtur9ikw9FRFPNhcH195X5LGJas=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIICNTCCAZ4CCQC+2uIuN+erCTANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWth\nbWFpMR4wHAYDVQQDDBVzb21lLXJvb3QuZXhhbXBsZS5jb20wHhcNMTkwMzA4MTkw\nMzE4WhcNNDYwNzIzMTkwMzE4WjBfMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTUEx\nEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWthbWFpMR4wHAYDVQQDDBVz\nb21lLXJvb3QuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB\nANpc8vud0MhTRDBB1JZGfEAuutQf/CQ8ToyDor4TBvE1pa24DvT1DEaaDUMhVPXK\naJC95re6xV2NOvCrvOjZBNH94DWCldRg93DOVPmUEVcEcB81zfdfT0iEW96C2RFf\nI1Hv0tJynmxDI5k5lK4Js6/nonJbUVHL8X63yMvmR9HNAgMBAAEwDQYJKoZIhvcN\nAQELBQADgYEABnpsP51MLW0069megs/czB3EJWeMt2ynCD6RlQPqXBlkVsengT3y\ntRnKJwD5SYjr8sW9Vq5Rp2dm7X7i9osB+CSveORw3hWbu4TmiA18qJr/SSUwo5Xf\nbsjfV2IUQtNLEExhp1nBjvJNmTP3g/NiVVWHEQafynwXlNAj1ySuUzs=\n-----END CERTIFICATE-----"
        },
        {
            "name": "ChainN",
            "certificates": "-----BEGIN CERTIFICATE-----\nMIICijCCAfOgAwIBAgIJAJHSGaH2s0osMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQK\nDAZBa2FtYWkxIDAeBgNVBAMMF3RjbS1yb290LWNhLmV4YW1wbGUuY29tMB4XDTE5\nMDIyNDIzMzUxN1oXDTQ2MDcxMTIzMzUxN1owZjELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAk1BMRIwEAYDVQQHDAlDYW1icmlkZ2UxDzANBgNVBAoMBkFrYW1haTElMCMG\nA1UEAwwcdGNtLWludGVybWVkaWF0ZS5leGFtcGxlLmNvbTCBnzANBgkqhkiG9w0B\nAQEFAAOBjQAwgYkCgYEAw6JPmMaZD/SOBkQ+PISBF+o+gQ0/zz6ei7GCfgN3k7db\nAm6GsqxG7yKJfQYhHMTQQsUNgNzYNSFRdJNyHM8Edjr3sCGIei571HNu3Yik95T3\nPJpInaY24yfye+v9ln2hKu/53r5G3xdsSm/ZyI1wK7nRj6bzbwnGlXEfMKmhcg8C\nAwEAAaNFMEMwHQYDVR0OBBYEFHu2jZE6TpHcoQwZaSNmj/VJ+p8TMBIGA1UdEwEB\n/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4GBABR8\nZ1blA+Vx32a39OhOX+Ul/PC8fX4Z0El7tiOGAA2xCoHK7cZqd+QkdKV9ju3Z2ah0\nSCHOPqBT7tZaXPrtx7sxtlb0U6IJdklb78BjeK1KlM5x4jfnAaAvouaGX2SU9fp2\na1P/IsuOD6zHBddTysuX8W3YEycdT7JzhCWpROKF\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIICOTCCAaICCQDPV5YuumF6sDANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEPMA0GA1UECgwGQWth\nbWFpMSAwHgYDVQQDDBd0Y20tcm9vdC1jYS5leGFtcGxlLmNvbTAeFw0xOTAyMjQy\nMzM0MjJaFw00NjA3MTEyMzM0MjJaMGExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxIDAeBgNVBAMM\nF3RjbS1yb290LWNhLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\niQKBgQDXFPDgDFXXcS7Pa6G02VP6OGL3YYGBJm2AqtkB0MeLWOk3RsBIPcEgY1eq\n+32n8fObXUr0UX22sjyv/PkMkYWIru01dE9pc2KCDNYF7Gea8kM9C0VQx0gog5SL\nesYHABEox+t0ZVhVvOfUIlqK6GN7eEiN6PTgKhpEVnoowne81QIDAQABMA0GCSqGvSIb3DQEBCwUAA4GBALK8Hko9UU62XYX1IdJ2EA/XRWHPin2OXurEPRDv0X4q9oc9\nBMvDR36pXMMEFd9pRp7MQnGq266qecNWBkmcSY9k/ct8GtG6t4k+lBQvQPBERs7I\niiCDgIa53ofoJSi2rN9+HuluSwFLIObt2pKhrgfy6UV9VasTyxcLw8wD4z8u\n-----END CERTIFICATE-----"
        }
    ]
}

SetFullData members

Member Type Required Description
SetFullData: Contains information about the certificate set.
chains SetFullData.chains[] A collection of valid, non-expired, root or intermediate certificates.
deployment SetFullData.deployment Specifies on which network you want to deploy the set. To validate the set without deploying or storing it in the system, set both staging and production to null. The validation result appears in the response object.
id Integer A unique identifier for the set. Included in GET responses and not required for POST or PUT operations.
name String A descriptive label for the set.
version Integer An identifying number for the set’s version. Included in GET responses and not required for POST or PUT operations.
SetFullData.chains[]: A collection of valid, non-expired, root or intermediate certificates.
certificates String Either root or intermediate certificates in PEM format, as are found in Base64 ASCII encoded files.
name String The descriptive label for the certificate chain.
SetFullData.deployment: Specifies on which network you want to deploy the set. To validate the set without deploying or storing it in the system, set both staging and production to null. The validation result appears in the response object.
production Boolean Whether the set validates and deploys to the production network.
staging Boolean Whether the set validates and deploys to the staging network.

SetRef

Contains information about a new or recently updated certificate set.

Download schema: set-ref.json

Sample POST, PUT response:

{
    "accountId": "A-1234BD",
    "set": "/trust-chain-manager-api/v1/sets/10000",
    "name": "Set1"
}

SetRef members

Member Type Required Description
SetRef: Contains information about a new or recently updated certificate set.
accountId String Read-only. The account under which the set was created.
name String Read-only. A descriptive label for the set.
set String Read-only. A unique identifier for the set.

Set

Contains the selected information about the certificate set.

Download schema: set.json

Sample Set:

{
    "name": "Set1",
    "id": 123456,
    "deployment": {
        "staging": false,
        "production": true
    }
}

Set members

Member Type Required Description
Set: Contains the selected information about the certificate set.
deployment Set.deployment Collects the set’s network deployment options.
id Integer Read-only. A unique identifier for the set.
name String Read-only. A descriptive label for the set.
Set.deployment: Collects the set’s network deployment options.
production Boolean Read-only. Whether the required deployment network for the set is production.
staging Boolean Read-only. Whether the required deployment network for the set is staging.

Sets

Contains all available certificate sets for your account.

Download schema: sets.json

Sample GET response:

{
    "accountId": "A-123DGC",
    "sets": [
        {
            "name": "Set1",
            "id": 123456,
            "deployment": {
                "staging": true,
                "production": true
            }
        },
        {
            "name": "Set10",
            "id": 789123,
            "deployment": {
                "staging": true,
                "production": false
            }
        }
    ]
}

Sets members

Member Type Required Description
Sets: Contains all available certificate sets for your account.
accountId String Read-only. The account under which the sets were created.
sets Sets.sets[] Contains the selected information about the certificate set.
Sets.sets[]: Contains the selected information about the certificate set.
deployment Sets.sets[].deployment Collects the set’s network deployment options.
id Integer Read-only. A unique identifier for the set.
name String Read-only. A descriptive label for the set.
Sets.sets[].deployment: Collects the set’s network deployment options.
production Boolean Read-only. Whether the required deployment network for the set is production.
staging Boolean Read-only. Whether the required deployment network for the set is staging.

Deployment

Indicates a certificate set’s deployment locations and validates the set when staging and production values are null.

Download schema: deployment.json

Sample PUT body:

{
    "deployment": {
        "staging": false,
        "production": true
    }
}

Deployment members

Member Type Required Description
Deployment: Indicates a certificate set’s deployment locations and validates the set when staging and production values are null.
deployment Deployment.deployment Collects a set’s network deployment locations.
Deployment.deployment: Collects a set’s network deployment locations.
production Boolean Whether you’re deploying the set to the production network.
staging Boolean Whether you’re deploying the set to the staging network.

DeploymentState

Contains information about a certificate set’s deployment status for the staging and production networks.

Download schema: deployment-state.json

Sample GET response:

{
    "name": "Set1",
    "id": 123456,
    "version": 76152,
    "deployment": {
        "staging": "DEPLOYED",
        "production": "DEPLOYING"
    }
}

DeploymentState members

Member Type Required Description
DeploymentState: Contains information about a certificate set’s deployment status for the staging and production networks.
deployment DeploymentState.deployment Collects the deployment status of a set on each network.
id Integer Read-only. A unique identifier for the set.
name String Read-only. A descriptive label for the set.
version Integer Read-only. An identifying number for the set’s version.
DeploymentState.deployment: Collects the deployment status of a set on each network.
production Enumeration Read-only. Deployment status on the production network, either PENDING, DEPLOYING, DEPLOYED, or DEPLOYMENT_FAILED.
staging Enumeration Read-only. Deployment status on the staging network, either PENDING, DEPLOYING, DEPLOYED, or DEPLOYMENT_FAILED.

CertificateIDs

Contains information about certificate identifiers in a set.

Download schema: certificateIds.json

Sample GET:

{
    "id": 75469,
    "name": "devqaSetId276",
    "version": 75221,
    "certificateIds": [
        75754,
        75755
    ]
}

CertificateIDs members

Member Type Required Description
CertificateIDs: Contains information about certificate identifiers in a set.
certificateIds Array A collection of certificate identifiers in the set.
id Integer A unique identifier for the set.
name String A descriptive label for the set.
version Integer An identifying number for the set’s version.

Versions

A collection of active versions for a certificate set. See API concepts.

Download schema: versions.json

Sample GET:

{
    "id": 76927,
    "name": "PartnerB2B",
    "versions": [
        {
            "version": 77152,
            "deployment": {
                "staging": "DEPLOYED",
                "production": "DEPLOYING"
            },
            "lastModifiedBy": "jmarczew",
            "timestamp": "2020-04-21T19:31:11.808"
        },
        {
            "version": 78453,
            "deployment": {
                "staging": "DEPLOYED",
                "production": "DEPLOYED"
            },
            "lastModifiedBy": "jmarczew",
            "timestamp": "2020-06-03T10:15:08.231"
        }
    ]
}

Versions members

Member Type Required Description
Versions: A collection of active versions for a certificate set. See API concepts.
id Integer, Null A unique identifier for the set.
name String, Null A descriptive label for the set.
versions Versions.versions[] A collection of active version for the set.
Versions.versions[]: A collection of active version for the set.
lastModifiedBy String A username who last modified the set.
production String The set’s deployment status on the production network.
staging String The set’s deployment status on the staging network.
timestamp String Indicates when the set was updated, in ISO 8601 format.
version Integer, Null An identifying number for the set’s version.

Errors

This section provides details on the data object that reflects the API’s common response to error cases. It also lists the API’s range of response status codes for both error and success cases.

Error responses

This API responds with JSON objects that adhere to the HTTP Problem Details standard.

This example shows a typical error response JSON object. The object’s instance member specifies an internal trace ID that helps identify errors in system logs. This helps Akamai identify the error in the system logs. If you need assistance, have this information available for your Akamai representative.

HTTP/1.1 500

{
  "type": "Internal Server Error",
  "title": "INTERNAL_SERVER_ERROR",
  "detail": "Internal Error.",
  "instance": "/trust-chain-manager/error-instances/3fb4c8c3-1253-4443-8cda-f6d5c11a84dd"
}

HTTP status codes

Code Description
200 The Get the latest set operation successfully returned the set or a collection of sets.
202 Links to named operations accepted.
204 Successfully processed request. No content returned for the request.
400 Bad request.
401 Authentication failure.
403 Access is forbidden.
404 No signing certificate set found.
405 Method not supported.
409 Conflict with current state of the signing certificate set.
415 Unsupported media type.
500 Internal server error.
503 Service is temporarily unavailable.