api reference - huawei cloud · ssl certificate manager api reference issue 03 date 2020-01-20...
TRANSCRIPT
SSL Certificate Manager
API Reference
Issue 03
Date 2020-01-20
HUAWEI TECHNOLOGIES CO., LTD.
Copyright © Huawei Technologies Co., Ltd. 2020. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without priorwritten consent of Huawei Technologies Co., Ltd. Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respectiveholders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei andthe customer. All or part of the products, services and features described in this document may not bewithin the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,information, and recommendations in this document are provided "AS IS" without warranties, guaranteesor representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied.
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. i
Contents
1 Before You Start....................................................................................................................... 11.1 Overview.................................................................................................................................................................................... 11.2 API Calling..................................................................................................................................................................................11.3 Endpoints....................................................................................................................................................................................11.4 Constraints................................................................................................................................................................................. 21.5 Concepts..................................................................................................................................................................................... 21.6 Selecting an API Type.............................................................................................................................................................3
2 API Overview............................................................................................................................ 4
3 Calling APIs............................................................................................................................... 63.1 Making an API Request......................................................................................................................................................... 63.2 Authentication.......................................................................................................................................................................... 93.3 Returned Values.................................................................................................................................................................... 10
4 SCM APIs..................................................................................................................................124.1 Purchasing an SSL Certificate........................................................................................................................................... 124.2 Querying the Certificate List............................................................................................................................................. 154.3 Querying Details of a Certificate..................................................................................................................................... 194.4 Modifying a Certificate....................................................................................................................................................... 234.5 Querying the Product Type of a Certificate................................................................................................................. 244.6 Querying the Product Details of a Certificate.............................................................................................................274.7 Applying for a Certificate................................................................................................................................................... 294.8 Verifying a CSR...................................................................................................................................................................... 334.9 Saving Certificate Information......................................................................................................................................... 354.10 Reading the Information Entered When Applying for a Certificate..................................................................384.11 Canceling an Application................................................................................................................................................. 414.12 Deleting a Certificate........................................................................................................................................................ 424.13 Uploading Authentication Information...................................................................................................................... 434.14 Downloading a Certificate...............................................................................................................................................454.15 Uploading a Certificate.....................................................................................................................................................464.16 Revoking a Certificate....................................................................................................................................................... 474.17 Pushing a Certificate......................................................................................................................................................... 494.18 Querying Push Records.....................................................................................................................................................504.19 Canceling Authorization for Privacy Information.................................................................................................... 52
SSL Certificate ManagerAPI Reference Contents
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. ii
4.20 Adding an Additional Domain Name.......................................................................................................................... 53
5 Permissions Policies and Supported Actions...................................................................565.1 Introduction to Permissions Policies and Supported Actions.................................................................................565.2 API Actions.............................................................................................................................................................................. 57
A Appendix................................................................................................................................. 61A.1 Status Codes........................................................................................................................................................................... 61A.2 Error Codes............................................................................................................................................................................. 62A.3 Obtaining a Project ID........................................................................................................................................................ 65
B Change History...................................................................................................................... 67
SSL Certificate ManagerAPI Reference Contents
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. iii
1 Before You Start
1.1 OverviewWelcome to SSL Certificate Manager (SCM) API Reference. SCM providescustomers with a one-stop management service for SSL certificates throughouttheir lifecycles. Jointly developed by HUAWEI CLOUD and globally well-knowndigital certificate agencies, SCM implements trusted identity authentication andsecure data transmission for websites.
You can use the APIs provided in this document to perform operations oncertificates, such as certificate application, querying the certificate list, anddeleting a certificate. For details about all supported operations, see APIOverview.
Before calling SCM APIs, ensure that you have understood the concepts related toSCM. For more information, see What Is SSL Certificate Manager?
1.2 API CallingSCM supports Representational State Transfer (REST) APIs, allowing you to callAPIs using HTTPS. For details about API calling, see Calling APIs.
1.3 EndpointsAn endpoint is the request address for calling an API. SCM is a global servicedeployed for all physical regions. Table 1-1 lists the endpoints of SCM. You canobtain SCM endpoints at Regions and Endpoints.
Table 1-1 SCM endpoints
Region EndpointRegion
Endpoint Protocol Type
All All scm.cn-north-4.myhuaweicloud.com
HTTPS
SSL Certificate ManagerAPI Reference 1 Before You Start
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 1
1.4 ConstraintsFor more constraints, see the API description.
1.5 Concepts● Account
An account is created upon successful registration with HUAWEI CLOUD. Theaccount has full access permissions for all of its cloud services and resources.It can be used to reset user passwords and grant user permissions. Theaccount is a payment entity and should not be used directly to performroutine management. For security purposes, create IAM users and grant thempermissions for routine management.
● IAM userAn IAM user is created using an account to use cloud services. Each IAM userhas its own identity credentials (password and access keys).An IAM user can view the account ID and user ID on the My Credentialspage of the console. The account name, username, and password will berequired for API authentication.
● RegionRegions are divided based on geographical location and network latency.Public services, such as Elastic Cloud Server (ECS), Elastic Volume Service(EVS), Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic IP(EIP), and Image Management Service (IMS), are shared within the sameregion. Regions are classified into universal regions and dedicated regions. Auniversal region provides universal cloud services for common tenants. Adedicated region provides specific services for specific tenants.For details, see Region and AZ.
● Availability Zone (AZ)An AZ contains one or more physical data centers. Each AZ has independentcooling, fire extinguishing, moisture-proof, and electricity facilities. Within anAZ, computing, network, storage, and other resources are logically dividedinto multiple clusters. AZs within a region are interconnected using high-speed optical fibers to support cross-AZ high-availability systems.
● ProjectProjects group and isolate resources (including compute, storage, and networkresources) across physical regions. A default project is provided for eachregion, and subprojects can be created under each default project. Users canbe granted permissions to access all resources in a specific project. For morerefined access control, create subprojects under a project and create resourcesin the subprojects. Users can then be assigned permissions to access onlyspecific resources in the subprojects.
SSL Certificate ManagerAPI Reference 1 Before You Start
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 2
Figure 1-1 Project isolating model
1.6 Selecting an API TypeFor SSH key pairs, V2.1 and V2 API Types are available. It is recommended thatyou choose V2.1, which can better meet your demands.
SSL Certificate ManagerAPI Reference 1 Before You Start
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 3
2 API Overview
By using the APIs provided by SCM, you can use all functions of SCM.
API Description
Purchasing an SSLCertificate
Purchase an SSL certificate.
Querying the CertificateList
Query the certificate list.
Querying Details of aCertificate
Query details of a certificate.
Modifying a Certificate Modify the name or description of a certificate.
Querying the ProductType of a Certificate
Query the product type of a certificate.
Querying the ProductDetails of a Certificate
Query the product details of a certificate.
Applying for aCertificate
Apply for a certificate.
Verifying a CSR Verify a CSR.
Saving CertificateInformation
Save the information entered when applying for acertificate.
Reading the InformationEntered When Applyingfor a Certificate
Read the information saved when applying for acertificate.
Canceling anApplication
Cancel an application.
Deleting a Certificate Delete a certificate.
UploadingAuthenticationInformation
Upload authentication information, such as thebank license and company business license.
SSL Certificate ManagerAPI Reference 2 API Overview
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 4
API Description
Downloading aCertificate
Download a certificate.
Uploading a Certificate Upload a certificate.
Revoking a Certificate Revoke a certificate.
Pushing a Certificate Push a certificate to another HUAWEI CLOUDservice.
Querying Push Records Query the records of an SSL certificate to be pushedto another HUAWEI CLOUD service.
Canceling Authorizationfor Privacy Information
Cancel authorization for privacy information.
Adding an AdditionalDomain Name
Add an additional domain name.
SSL Certificate ManagerAPI Reference 2 API Overview
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 5
3 Calling APIs
3.1 Making an API RequestThis section describes the structure of a REST API request, and uses the IAM APIfor obtaining a user token as an example to demonstrate how to call an API. Theobtained token can then be used to authenticate the calling of other APIs.
Request URIA request URI is in the following format:
{URI-scheme} :// {Endpoint} / {resource-path} ? {query-string}
Although a request URI is included in the request header, most programminglanguages or frameworks require the request URI to be transmitted separately.
● URI-scheme:Protocol used to transmit requests. All APIs use HTTPS.
● Endpoint:Domain name or IP address of the server bearing the REST service. Theendpoint varies between services in different regions. It can be obtained fromRegions and Endpoints.For example, the endpoint of IAM in the CN North-Beijing1 region is iam.cn-north-1.myhuaweicloud.com.
● resource-path:Access path of an API for performing a specified operation. Obtain the pathfrom the URI of an API. For example, the resource-path of the API used toobtain a user token is /v3/auth/tokens.
● query-string:Query parameter, which is optional. Ensure that a question mark (?) isincluded before each query parameter that is in the format of "Parametername=Parameter value". For example, ?limit=10 indicates that a maximum of10 data records will be displayed.
For example, to obtain an IAM token in the CN North-Beijing1 region, obtain theendpoint of IAM (iam.cn-north-1.myhuaweicloud.com) for this region and the
SSL Certificate ManagerAPI Reference 3 Calling APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 6
resource-path (/v3/auth/tokens) in the URI of the API used to obtain a usertoken. Then, construct the URI as follows:
https://iam.cn-north-1.myhuaweicloud.com/v3/auth/tokens
Figure 3-1 Example URI
To simplify the URI display in this document, each API is provided only with a resource-path and a request method. The URI-scheme of all APIs is HTTPS, and the endpoints of allAPIs in the same region are identical.
Request MethodsThe HTTP protocol defines the following request methods that can be used tosend a request to the server:
● GET: requests the server to return specified resources.● PUT: requests the server to update specified resources.● POST: requests the server to add resources or perform special operations.● DELETE: requests the server to delete specified resources, for example, an
object.● HEAD: same as GET except that the server must return only the response
header.● PATCH: requests the server to update partial content of a specified resource.
If the resource does not exist, a new resource will be created.
For example, in the case of the API used to obtain a user token, the requestmethod is POST. The request is as follows:
POST https://iam.cn-north-1.myhuaweicloud.com/v3/auth/tokens
Request HeaderYou can also add additional header fields to a request, such as the fields requiredby a specified URI or HTTP method. For example, to request for the authenticationinformation, add Content-Type, which specifies the request body type.
Common request header fields are as follows:
● Content-Type: specifies the request body type or format. This field ismandatory and its default value is application/json. Other values of this fieldwill be provided for specific APIs if any.
● X-Auth-Token: specifies a user token only for token-based API authentication.The user token is a response to the API used to obtain a user token. This APIis the only one that does not require authentication.
SSL Certificate ManagerAPI Reference 3 Calling APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 7
In addition to supporting token-based authentication, APIs also support authenticationusing access key ID/secret access key (AK/SK). During AK/SK-based authentication, anSDK is used to sign the request, and the Authorization (signature information) and X-Sdk-Date (time when the request is sent) header fields are automatically added to therequest.For more information, see AK/SK-based Authentication.
The API used to obtain a user token does not require authentication. Therefore,only the Content-Type field needs to be added to requests for calling the API. Anexample of such requests is as follows:
POST https://iam.cn-north-1.myhuaweicloud.com/v3/auth/tokensContent-Type: application/json
Request BodyThe body of a request is often sent in a structured format as specified in theContent-Type header field. The request body transfers content except the requestheader.
The request body varies between APIs. Some APIs do not require the request body,such as the APIs requested using the GET and DELETE methods.
In the case of the API used to obtain a user token, the request parameters andparameter description can be obtained from the API request. The followingprovides an example request with a body included. Set username to the name ofa user, domainname to the name of the account that the user belongs to, ********to the user's login password, and xxxxxxxxxxxxxxxxxx to the project name, suchas cn-north-1. You can learn more information about projects from Regions andEndpoints. Check the value of the Region column.
The scope parameter specifies where a token takes effect. You can set scope to an accountor a project under an account. In the following example, the token takes effect only for theresources in a specified project. For more information about this API, see Obtaining a UserToken.
POST https://iam.cn-north-1.myhuaweicloud.com/v3/auth/tokensContent-Type: application/json
{ "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "name": "username", "password": "********", "domain": { "name": "domainname" } } } }, "scope": { "project": { "name": "xxxxxxxxxxxxxxxxxx" }
SSL Certificate ManagerAPI Reference 3 Calling APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 8
} }}
If all data required for the API request is available, you can send the request to callthe API through curl, Postman, or coding. In the response to the API used toobtain a user token, x-subject-token is the desired user token. This token canthen be used to authenticate the calling of other APIs.
3.2 AuthenticationRequests for calling an API can be authenticated using either of the followingmethods:
● Token-based authentication: Requests are authenticated using a token.● AK/SK-based authentication: Requests are authenticated by encrypting the
request body using an AK/SK pair. This method is recommended because itprovides higher security than token-based authentication.
Token-based Authentication
The validity period of a token is 24 hours. When using a token for authentication, cache itto prevent frequently calling the IAM API used to obtain a user token.
A token specifies temporary permissions in a computer system. During APIauthentication using a token, the token is added to requests to get permissions forcalling the API.
In Making an API Request, the process of calling the API used to obtain a usertoken is described. After a token is obtained, the X-Auth-Token header field mustbe added to requests to specify the token when calling other APIs. For example, ifthe token is ABCDEFJ...., X-Auth-Token: ABCDEFJ.... can be added to a request asfollows:
Content-Type: application/jsonX-Auth-Token: ABCDEFJ....
AK/SK-based Authentication
AK/SK-based authentication supports API requests with a body not larger than 12 MB. ForAPI requests with a larger body, token-based authentication is recommended.
In AK/SK-based authentication, AK/SK is used to sign requests and the signature isthen added to the requests for authentication.
● AK: access key ID, which is a unique identifier used in conjunction with asecret access key to sign requests cryptographically.
● SK: secret access key used in conjunction with an AK to sign requestscryptographically. It identifies a request sender and prevents the request frombeing modified.
SSL Certificate ManagerAPI Reference 3 Calling APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 9
In AK/SK-based authentication, you can use an AK/SK to sign requests based onthe signature algorithm or use the signing SDK to sign requests. For details abouthow to sign requests and use the signing SDK, see API Signature Guide.
NO TICE
The signing SDK is only used for signing requests and is different from the SDKsprovided by services.
3.3 Returned Values
Status Codes
After sending a request, you will receive a response containing the status code,response header, and response body.
A status code is a group of digits ranging from 1xx to 5xx. It indicates the status ofa response. For more information, see Status Codes.
If status code 201 is returned for the calling of the API for obtaining a usertoken, the request is successful.
Response Header
A response header corresponds to a request header, for example, Content-Type.
Figure 3-2 shows the response header for the API of obtaining a user token, inwhich x-subject-token is the desired user token. Then, you can use the token toauthenticate the calling of other APIs.
Figure 3-2 Header of the response to the request for obtaining a user token
SSL Certificate ManagerAPI Reference 3 Calling APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 10
(Optional) Response BodyA response body is generally returned in a structured format, corresponding to theContent-Type in the response header, and is used to transfer content other thanthe response header.
The following shows part of the response body for the API to obtain a user token.For the sake of space, only part of the content is displayed here.
{ "token": { "expires_at": "2019-02-13T06:52:13.855000Z", "methods": [ "password" ], "catalog": [ { "endpoints": [ { "region_id": "xxxxxxxx",......
If an error occurs during API calling, the system returns an error code and amessage to you. The following shows the format of an error response body:
{ "error_msg": "The format of message is error", "error_code": "AS.0001"}
In the preceding information, error_code is an error code, and error_msgdescribes the error.
SSL Certificate ManagerAPI Reference 3 Calling APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 11
4 SCM APIs
4.1 Purchasing an SSL Certificate
FunctionThis API is used to purchase an SSL certificate.
The request parameter agree_privacy_protection must be set to true. Otherwise, thecertificate purchase application cannot be submitted.
URI● URI format
POST /v2/{project_id}/scm/cert/purchase● Parameters
Parameter Mandatory Type Description
project_id Yes String Project ID.
RequestRequest parameters
Parameter Mandatory Type Description
cert_brand Yes String Certificate brand.For example: GLOBALSIGN
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 12
Parameter Mandatory Type Description
cert_type Yes String Certificate type. Options:● OV_SSL_CERT:
Organization Validation(OV) SSL certificate.
● EV_SSL_CERT: ExtendedValidation (EV) SSLcertificate.
domain_type Yes String Domain name type. Options:● SINGLE_DOMAIN: single-
domain name type.● MULTI_DOMAIN: multi-
domain name type.● WILDCARD: wildcard
domain name type.
effective_time Yes Integer Certificate validity period, inyears. Options:● 1: Purchase a certificate
with a validity period ofone year.
● 2: Purchase a certificatewith a validity period oftwo years.
domain_numbers
Yes Integer Number of domain names.● If domain_type is set to
SINGLE_DOMAIN orWILDCARD, the value ofdomain_numbers is 1.
● If domain_type is set toMULTI_DOMAIN, thevalue range ofdomain_numbers is 2 to100.
order_number Yes Integer Number of purchasedcertificates. Value range:1-1000.
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 13
Parameter Mandatory Type Description
agree_privacy_protection
Yes Boolean Whether to agree with theprivacy statement.● true: Agree with the
privacy statement.● false: Disagree with the
privacy statement.You can purchase acertificate only when thisparameter is set to true.
ResponseResponse parameters
Parameter Mandatory Type Description
order_id Yes String Order ID.
cert Yes Array ofcertobjects
Certificate list. For details,see Table 4-1.
Table 4-1 cert
Parameter Mandatory Type Description
cert_id Yes String Certificate ID.
ExampleThe following describes how to purchase an OV certificate whose brand isGlobalSign, domain name type is multi-domain name, number of domain namesis 5, and validity period is one year.
● Example request{ "cert_brand":"GLOBALSIGN", "cert_type":"OV_SSL_CERT ", "domain_type":"MULTI_DOMAIN", "effective_time": 1, "domain_numbers": 5, "order_number": 1, "agree_privacy_protection":true }
● Example response{ "order_id": "CS1803192259ROA8U" "cert": [{ "cert_id": "scs1481110651012",
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 14
}] }
or{ "error_code": "SCM.XXXX", "error_msg": "XXXX" }
Status CodesTable 4-2 lists the normal status code returned by the API.
Table 4-2 Status code
Status Code Status Description
200 OK Request processed successfully.
Exception status code. For details, see Status Codes.
4.2 Querying the Certificate List
FunctionThis API is used to query the certificate list based on a certificate name or bounddomain name.
URI● URI format
GET /v2/{project_id}/scm/certlist?order_status=&content=&sort_key=&sort_dir=&limit=&offset=
● Parameters
Parameter Mandatory Type Description
project_id Yes String Project ID.
RequestRequest parameters
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 15
Parameter Mandatory Type Description
order_status No String Certificate status. Options:● PAID: The certificate has
been paid.● ISSUED: The certificate
has been issued.● CHECKING: The
certificate application isbeing reviewed.
● CANCELCHECKING: Thecertificate applicationcancellation is beingreviewed.
● UNPASSED: Thecertificate applicationfails.
● EXPIRED: The certificatehas expired.
● REVOKING: Thecertificate revocationapplication is beingreviewed.
● REVOKED: Thecertificate has beenrevoked.
● UPLOAD: The certificateis being hosted.
● SUPPLEMENTCHECK-ING: Additional domainnames to be added for amulti-domain certificateis being reviewed.
● CANCELSUPPLEMENT-ING: The cancellation onadditional domainnames to be added isbeing reviewed.
content No String Keyword for search.
sort_key No String Sorting criterion. Options:● certExpiredTime:
certificate expirationtime.
● certStatus: certificatestatus.
● certUpdateTime:certificate update time.
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 16
Parameter Mandatory Type Description
sort_dir No String Sorting method. Sorting isperformed based on thesorting parametersort_key. Options:● ASC: ascending order.● DESC: descending order.
limit No Integer Maximum number ofpieces of certificateinformation to be displayedon each page. Options:● 10: Each page displays
up to 10 pieces ofcertificate information.
● 20: Each page displaysup to 20 pieces ofcertificate information.
● 50: Each page displaysup to 50 pieces ofcertificate information.
offset No Integer Offset. Value range: 1-30.
ResponseResponse parameters
Parameter Mandatory Type Description
total Yes Integer Number of certificates in alist.
free_remain Yes Integer Remaining quota of thefree test certificate.
order_list Yes Array oforder_listobjects
Certificate list. For details,see Table 4-3.
Table 4-3 order_list
Parameter Mandatory Type Description
cert_id Yes String Certificate ID.
cert_name Yes String Certificate name.
domain Yes String Bound domain name.
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 17
Parameter Mandatory Type Description
cert_type Yes String Certificate type.
cert_brand Yes String Certificate brand.
domain_type Yes String Domain name type.
purchase_period Yes Integer Validity period.
expired_time Yes String Certificate expiration time.
order_status Yes String Certificate status.
domain_num Yes Integer Number of domain names.
wildcard_number
Yes Integer Number of wildcarddomain names.
cert_des Yes String Certificate description.
Example● Example request
None● Example response
{ "total": 1, "free_remain":"19", "order_list": [{ "cert_id": "scs1481110651012", "cert_name": "scs-0001", "domain": "*.example.com", "cert_type": "GE00V01", "cert_brand":"GLOBALSIGN", "domain_type":" SINGLE_DOMAIN ", "purchase_period":1, "expired_time":"15051501510501", "order_state":"completed ", "domain_num":10, "wildcard_number":2,"cert_des":"***********" }] }
or{ "error_code": "SCM.XXXX", "error_msg": "XXXX" }
Status CodesTable 4-4 lists the normal status code returned by the API.
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 18
Table 4-4 Status code
Status Code Status Description
200 OK Request processed successfully.
Exception status code. For details, see Status Codes.
4.3 Querying Details of a Certificate
Function
This API is used to query details of a certificate.
URI● URI format
GET /v2/{project_id}/scm/cert/{cert_id}● Parameters
Parameter Mandatory Type Description
project_id Yes String Project ID.
cert_id Yes String Certificate ID.
Request
Request parameters
None
Response
Response parameters
Parameter Mandatory Type Description
cert_id Yes String Certificate ID.
order_id Yes String Order ID.
cert_name Yes String Certificate name.
cert_type Yes String Certificate type.Example: OV
cert_brand Yes String Certificate brand.Example: GLOBALSIGN
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 19
Parameter Mandatory Type Description
domain_type Yes String Domain name type.Example:MUILT_DOMAIN
domain_name Yes String Domain name bound to acertificate.Example:funnyzx.com;abc.com
domain_number Yes Integer Number of domains.Example: 3
cert_describe Yes String Certificate description.
push_support Yes String Whether a certificate canbe pushed.
revoke_reason Yes String Reason for certificaterevocation.
domain_name Yes String Domain name bound to acertificate. Multipledomain names areseparated by semicolons(;).Example:www.example.com;www.example1.com;www.example2.com
company_name Yes String Company name.
company_province Yes String State or region where acompany is located.
company_city Yes String City where a company islocated.
applicant_name Yes String Name of a companycontact.
applicant_phone Yes String Phone number of acompany contact.
applicant_email Yes String Email of a companycontact.
contact_name Yes String Name of a technicalcontact.
contact_phone Yes String Phone number of atechnical contact.
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 20
Parameter Mandatory Type Description
contact_email Yes String Email of a technicalcontact.
status Yes String Certificate status.
encrypt_type Yes String Signature encryptionalgorithm.
country Yes String Country code.
organization_unit Yes String Company department.
DNS_push_status Yes String DNS push status● ON: indicates that the
push is successful.● OFF: indicates that the
push fails.● NONE: indicates that
the push function isnot enabled.
auth Yes Array of authobjects
Certificate authenticationstatus. For details, seeTable 4-5.
Table 4-5 auth
Parameter Mandatory Type Description
method Yes String Authentication method.
status Yes String Certificate authenticationstatus.
domain_name Yes String Domain name for DNSauthentication.
host_record Yes String Host record of DNSauthentication.
record_type Yes String Record type of DNSauthentication.
record Yes String Record value of DNSauthentication.
Example● Example request
None
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 21
● Example response{"cert_id": "scs1481110651012","order_id ": "CS1803192259ROA8U","cert_name": "test","cert_type": "OV","cert_brand": "GEOTRUST","domain_type": "MUILT_DOMAIN","domain_name": "funnyzx.com;abc.com","domain_number": 3,"cert_describe": "XXXXXXXXX","push_support": "on","revoke_reason":"xxxxxxxxxxx","domain_name": " www.test.com;*.example1.com;*.example2.com","company_name": "Huawei Technologies Co., Ltd.","company_province": "Guangdong","company_city": "Shenzhen","applicant_name": "Tom","applicant_phone": "13087654321","applicant_email": "[email protected]","contact_name": "Jacky","contact_phone": "13087654321","contact_email": "[email protected]","status": "PAID","encrypt_type": "SHA256withRSA2048","country": "CN","organization_unit": "unit","DNS_push_status": "ON","auth": [{"method": "DNS","status": " checking ","domain_name": "www.test.com","host_record": "dnsauth","record_type": "TXT","record": "201803272148qwedginciog08" }]}
or{ "error_code": "SCM.XXXX", "error_msg": "XXXX" }
Status CodesTable 4-6 lists the normal status code returned by the API.
Table 4-6 Status code
Status Code Status Description
200 OK Request processed successfully.
Exception status code. For details, see Status Codes.
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 22
4.4 Modifying a Certificate
Function
This API is used to change the name or description of a certificate.
URI● URI format
PUT /v2/{project_id}/scm/cert/{cert_id}
● Parameters
Parameter Mandatory Type Description
project_id Yes String Project ID.
cert_id Yes String Certificate ID.
Request
Request parameters
Parameter Mandatory Type Description
modify_key Yes String Change key. The value can beCERT_NAME orDESCRIPTION.● CERT_NAME: indicates the
name of a certificate to bemodified.
● DESCRIPTION: indicatesthe description of acertificate to be modified.
modify_value Yes String Modification details.● If the change key is
CERT_NAME, the value cancontain only digits, letters,and hyphens (-). The valueis a string of 0 to 63characters and cannot benull.
● When the change key isDESCRIPTION, the value isa string of 0 to 255characters and can be null.
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 23
Response
Response parameters
Parameter Mandatory Type Description
response_info Yes String Request result.
Examples
The following describes how to change the certificate name to sssaaaa.
● Example request{"modify_key":"CERT_NAME","modify_value": "sssaaaa"}
● Example response{ "response_info":"success" }
or{ "error_code": "SCM.XXXX", "error_msg": "XXXX" }
Status Codes
Table 4-7 lists the normal status code returned by the API.
Table 4-7 Status code
Status Code Status Description
200 OK Request processed successfully.
Exception status code. For details, see Status Codes.
4.5 Querying the Product Type of a Certificate
Function
This API is used to query information about all products that are being sold onSCM.
URI● URI format
GET /v2/{project_id}/scm/cert/product
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 24
● Parameters
Parameter Mandatory Type Description
project_id Yes String Project ID.
RequestRequest parameters
None
ResponseResponse parameters
Parameter Mandatory Type Description
type_list Yes Array oftype_listobjects
Product type list. Fordetails, see Table 4-8.
Table 4-8 type_list
Parameter Mandatory Type Description
cert_type Yes String Certificate type.● OV_SSL_CERT:
OrganizationValidation (OV) SSLcertificate.
● EV_SSL_CERT:Extended Validation(EV) SSL certificate.
cert_brand Yes String Certificate brand.GLOBALSIGN: GlobalSignbrand.
domain_type Yes String Domain name type.● SINGLE_DOMAIN:
single-domain nametype.
● MULTI_DOMAIN:multi-domain nametype.
● WILDCARD: wildcarddomain name type.
product_id Yes String Product ID.
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 25
Parameter Mandatory Type Description
effective_time Yes Integer Certificate validity period(year).● 1: The validity period
of the certificate isone year.
● 2: The validity periodof the certificate istwo years.
product_name Yes String Product name.
Example● Example request
None● Example response
{ "type_list": [{"cert_type": "OV_SSL_CERT","cert_brand":"GLOBALSIGN","domain_type":"SINGLE_DOMAIN","product_id":"00301-106005-0--0","effective_time":1," product_name ":"globalsign.single.ov.2"}]}
or{ "error_code": "SCM.XXXX", "error_msg": "XXXX" }
Status CodesTable 4-9 lists the normal status code returned by the API.
Table 4-9 Status code
Status Code Status Description
200 OK Request processed successfully.
Exception status code. For details, see Status Codes.
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 26
4.6 Querying the Product Details of a Certificate
FunctionThis API is used to query details about a specified certificate.
URI● URI format
GET /v2/{project_id}/scm/product/{product_id}● Parameters
Parameter Mandatory Type Description
project_id Yes String Project ID.
product_id Yes String Product ID.
RequestRequest parameters
None
ResponseResponse parameters
Parameter Mandatory Type Description
cert_type Yes String Certificate type.● OV_SSL_CERT:
OrganizationValidation (OV) SSLcertificate.
● EV_SSL_CERT:Extended Validation(EV) SSL certificate.
cert_brand Yes String Certificate brand.GLOBALSIGN: GlobalSignbrand.
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 27
Parameter Mandatory Type Description
domain_type Yes String Domain name type.● SINGLE_DOMAIN:
single-domain nametype.
● MULTI_DOMAIN:multi-domain nametype.
● WILDCARD: wildcarddomain name type.
effective_time Yes Integer Certificate validity period,in years.● 1: The validity period
of the certificate is oneyear.
● 2: The validity periodof the certificate is twoyears.
Example● Example request
None● Example response
{"cert_type": "OV_SSL_CERT","cert_brand":"GLOBALSIGN","domain_type":"SINGLE_DOMAIN","effective_time":1}
or{ "error_code": "SCM.XXXX", "error_msg": "XXXX" }
Status Codes
Table 4-10 lists the normal status code returned by the API.
Table 4-10 Status code
Status Code Status Description
200 OK Request processed successfully.
Exception status code. For details, see Status Codes.
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 28
4.7 Applying for a Certificate
Function
This API is used to complete certificate application information, such as thedomain name bound to a certificate and the applicant's detailed information.
The request parameter agree_privacy_protection must be set to true. Otherwise, thecertificate application information cannot be submitted.
URI● URI format
POST /v2/{project_id}/scm/cert/{cert_id}/complete
● Parameters
Parameter Mandatory Type Description
project_id Yes String Project ID.
cert_id Yes String Certificate ID.
Request
Request parameters
Parameter Mandatory Type Description
domain Yes String Domain name bound to acertificate.● If the certificate to be
purchased is a single-domain or wildcarddomain namecertificate, enter thesingle-domain orwildcard domain name.
● If the certificate to bepurchased is a multi-domain certificate,select one domainname as the primarydomain name.
Example:www.example.com
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 29
Parameter Mandatory Type Description
sans No String Additional domain nameof the certificate that isbound to a multi-domaincertificate.Set this parameter onlywhen the certificate to bepurchased is a multi-domain certificate and thenumber of additionaldomain names can beincreased.Multiple domain namesmust be separated bysemicolons (;).Example:www.example.com;www.example1.com;www.example2.com
CSR No String Certificate CSR, whichmust match the domainname.
company_name Yes String Company name. Thisparameter is mandatoryfor certificates of the OVand EV types.The value is a string of 0to 63 characters.
company_unit No String Department name. Thisparameter is optional forcertificates of the OV andEV types.The value is a string of 0to 63 characters.
company_province
Yes String State or region where acompany is located. Thisparameter is mandatoryfor certificates of the OVand EV types.The value is a string of 0to 63 characters.
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 30
Parameter Mandatory Type Description
company_city Yes String City where a company islocated. This parameter ismandatory for certificatesof the OV and EV types.The value is a string of 0to 63 characters.
country Yes String Country code.● CN: China● HK: Hong Kong SAR,
China● US: United States
applicant_name Yes String Applicant name.The value is a string of 0to 63 characters.
applicant_phone Yes String Phone number of anapplicant.Example: 13212345678
applicant_email Yes String Email of an applicant.Example:example.huawei.com
contact_name No String Name of a technicalcontact.The value is a string of 0to 63 characters.
contact_phone No String Phone number of atechnical contact.Example: 13212345678
contact_email No String Email of a technicalcontact.Example:example.huawei.com
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 31
Parameter Mandatory Type Description
auto_dns_auth No Boolean Whether to push DNSauthentication informationto HUAWEI CLOUD DNS.● true: DNS
authenticationinformation is pushedto HUAWEI CLOUDDNS.
● false: DNSauthenticationinformation is notpushed to HUAWEICLOUD DNS.
agree_privacy_protection
Yes Boolean Whether to agree with theprivacy statement.● true: Agree with the
privacy statement.● false: Disagree with the
privacy statement.You can submit yourcertificate application onlywhen this parameter is setto true.
ResponseResponse parameters
Parameter Mandatory Type Description
request_info Yes String Request result.
ExampleThe following describes how to supplement information about a certificate.
● Example request{ "domain":"www.xzz.com", "company_name": "Huawei Chengdu branch", "company_province": "Sichuan", "company_city": "Chengdu", "applicant_name": "Tom", "applicant_phone":"13212345678", "applicant_email":"[email protected]", "CSR":"", "sans":"", "country":"CN", "company_unit": "Human Resource Dept",
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 32
"contact_name": "Jacky", "contact_phone":"13512345678", "contact_email":"[email protected]", "auto_dns_auth":false, "agree_privacy_protection":true}
● Example response{ "request info":"success"}
or{ "error_code": "SCM.XXXX", "error_msg": "XXXX" }
Status Codes
Table 4-11 lists the normal status code returned by the API.
Table 4-11 Status code
Status Code Status Description
200 OK Request processed successfully.
Exception status code. For details, see Status Codes.
4.8 Verifying a CSR
Function
This API is used to verify a certificate signing request (CSR) and resolve thedomain name.
URI● URI format
POST /v2/{project_id}/scm/check-csr
● Parameters
Parameter Mandatory Type Description
project_id Yes String Project ID.
Request
Request parameters
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 33
Parameter Mandatory Type Description
CSR Yes String Certificate signingrequest.
ResponseResponse parameters
Parameter Mandatory Type Description
domain_name Yes String Domain name in theCSR.
ExampleThe following describes how to verify a CSR.
● Example request{ "CSR":"-----BEGIN NEW CERTIFICATE REQUEST-----******-----END NEW CERTIFICATE REQUEST-----"}
● Example response{ "domain": "a.example1.com"}
or{ "error_code": "SCM.XXXX", "error_msg": "XXXX" }
Status CodesTable 4-12 lists the normal status code returned by the API.
Table 4-12 Status code
Status Code Status Description
200 OK Request processed successfully.
Exception status code. For details, see Status Codes.
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 34
4.9 Saving Certificate Information
Function
This API is used to save certificate information entered during certificateapplication.
The request parameter agree_privacy_protection must be set to true. Otherwise,certificate information cannot be saved.
URI● URI format
POST /v2/{project_id}/scm/cert/{cert_id}/save● Parameters
Parameter Mandatory Type Description
project_id Yes String Project ID.
cert_id Yes String Certificate ID.
Request
Request parameters
Parameter Mandatory Type Description
domain Yes String Domain name bound toa certificate.
sans No String Additional domainnames of a multi-domain certificate.Multiple domain namesare separated bysemicolons (;).
CSR No String Certificate CSR, whichmust match the domainname.
company_name Yes String Company name. Thisparameter is mandatoryfor certificates of the OVand EV types.The value is a string of 0to 63 characters.
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 35
Parameter Mandatory Type Description
company_unit No String Department name. Thisparameter is optionalfor certificates of the OVand EV types.The value is a string of 0to 63 characters.
company_province Yes String State or region where acompany is located. Thisparameter is mandatoryfor certificates of the OVand EV types.The value is a string of 0to 63 characters.
company_city Yes String City where a company islocated. This parameteris mandatory forcertificates of the OVand EV types.The value is a string of 0to 63 characters.
country Yes String Country code.
applicant_name Yes String Applicant name.The value is a string of 0to 63 characters.
applicant_phone Yes String Phone number of anapplicant.Example: 13212345678
applicant_email Yes String Email of an applicant.Example:example.huawei.com
contact_name No String Name of a technicalcontact.The value is a string of 0to 63 characters.
contact_phone No String Phone number of atechnical contact.Example: 13212345678
contact_email No String Email of a technicalcontact.Example:example.huawei.com
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 36
Parameter Mandatory Type Description
agree_privacy_protection
Yes Boolean Whether to agree withthe privacy statement.● true: Agree with the
privacy statement.● false: Disagree with
the privacystatement.
You can save certificateinformation only whenthis parameter is set totrue.
Response
Response parameters
Parameter Mandatory Type Description
request_info Yes String Request result.
Example
The following describes how to save supplemented information about a certificate.
● Example request{ "domain":"www.xzz.com", "company_name": "Huawei Chengdu branch", "company_province": "Sichuan", "company_city": "Chengdu", "applicant_name": "Tom", "applicant_phone":"13212345678", "applicant_email":"[email protected]", "CSR":"", "sans":"", "country":"CN", "company_unit": "Human Resource Dept", "contact_name": "Jacky", "contact_phone":"13512345678", "contact_email":"[email protected]", "agree_privacy_protection":true}
● Example response{ "request info":"success"}
or{ "error_code": "SCM.XXXX", "error_msg": "XXXX" }
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 37
Status Codes
Table 4-13 lists the normal status code returned by the API.
Table 4-13 Status code
Status Code Status Description
200 OK Request processed successfully.
Exception status code. For details, see Status Codes.
4.10 Reading the Information Entered When Applyingfor a Certificate
Function
This API is used to read the saved information about a certificate.
URI● URI format
POST /v2/{project_id}/scm/cert/{cert_id}/read● Parameters
Parameter Mandatory Type Description
project_id Yes String Project ID.
cert_id Yes String Certificate ID.
Request
Request parameters
None
Response
Response parameters
Parameter Mandatory Type Description
domain_name Yes String Domain name bound to acertificate.Example:www.domain.com
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 38
Parameter Mandatory Type Description
sans Yes String Additional domain namesof a multi-domaincertificate. Multipledomain names areseparated by semicolons(;).If a single-domain orwildcard domaincertificate is applied for,the value of thisparameter is empty.
CSR Yes String Certificate signingrequest.
country Yes String Country code. Example:● CN: China● HK: Hong Kong SAR,
China● US: United States
company_name Yes String Company name.
company_unit Yes String Department name
company_province
Yes String State or region where acompany is located.Example: Sichuan
company_city Yes String City where a company islocated.Example: Chengdu
applicant_name Yes String Applicant name.Example: Tom
applicant_phone Yes String Phone number of anapplicant.Example: 13412345678
applicant_email Yes String Email of an applicant.Example:example.huawei.com
contact_name Yes String Name of a technicalcontact.
contact_phone Yes String Phone number of atechnical contact.
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 39
Parameter Mandatory Type Description
contact_email Yes String Email of a technicalcontact.
bl Yes String Whether the picture ofbank account openingpermit has beenuploaded.● 0: The picture of bank
account openingpermit has not beenuploaded.
● 1: The picture of bankaccount openingpermit has beenuploaded.
tl Yes String Whether the businesslicense of the companyhas been uploaded.0: The business license ofthe company has notbeen uploaded.1: The business license ofthe company has beenuploaded.
Example● Example request
None● Example response
{ "domain_name": "www.xzz.com", "sans": "", "CSR": null, "country": "CN", "company_unit": "Human Resource Dept", "company_name": "Huawei Chengdu branch", "company_province": "Sichuan", "company_city": "Chengdu", "applicant_name": "Tom", "applicant_phone": "13245678932", "applicant_email": "[email protected]", "contact_name": "Jacky", "contact_phone": "13526456325", "contact_email": "[email protected]", "bl": "0", "tl": "1"}
or{ "error_code": "SCM.XXXX",
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 40
"error_msg": "XXXX" }
Status Codes
Table 4-14 lists the normal status code returned by the API.
Table 4-14 Status code
Status Code Status Description
200 OK Request processed successfully.
Exception status code. For details, see Status Codes.
4.11 Canceling an Application
Function
This API is used to cancel an application of certificate reviewing.
URI● URI format
POST /v2/{project_id}/scm/cert/{cert_id}/cancel-cert● Parameters
Parameter Mandatory Type Description
project_id Yes String Project ID.
cert_id Yes String Certificate ID.
Request
Request parameters
None
Response
Response parameters
Parameter Mandatory Type Description
cert_id Yes String Certificate ID.
message Yes String Request result.
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 41
Example● Example request
None● Example response
{ "cert_id": " scs1481110651012", "message": "success"}
or{ "error_code": "SCM.XXXX", "error_msg": "XXXX" }
Status CodesTable 4-15 lists the normal status code returned by the API.
Table 4-15 Status code
Status Code Status Description
200 OK Request processed successfully.
Exception status code. For details, see Status Codes.
4.12 Deleting a Certificate
FunctionThis API is used to delete a certificate, that is, delete a certificate from HUAWEICLOUD.
URI● URI format
DELETE /v2/{project_id}/scm/cert/{cert_id}● Parameter description
Parameter Mandatory Type Description
project_id Yes String Project ID.
cert_id Yes String Certificate ID.
RequestRequest parameters
None
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 42
Response
Response parameters
Parameter Mandatory Type Description
message Yes String Request result.
Example● Example request
None
● Example response{ "message": "success"}
or{ "error_code": "SCM.XXXX", "error_msg": "XXXX" }
Status Codes
Table 4-16 lists the normal status code returned by the API.
Table 4-16 Status code
Status Code Status Description
200 OK Request processed successfully.
Exception status code. For details, see Status Codes.
4.13 Uploading Authentication Information
Function
This API is used to upload the authentication information picture required forcertificate review.
URI● URI format
POST /v2/{project_id}/scm/cert/{cert_id}/info/{type}/upload_authentication
● Parameters
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 43
Parameter Mandatory Type Description
project_id Yes String Project ID.
type Yes String Type of the content to beuploaded.● BL: bank account
opening permit.● TL: business license of
a company.
cert_id Yes String Certificate ID.
RequestRequest parameters
None
ResponseResponse parameters
Parameter Mandatory Type Description
request_info Yes String Request result.
Example● Example request
{ <Upload content>}
● Example response{ "request_info":"success"}
or{ "error_code": "SCM.XXXX", "error_msg": "XXXX" }
Status CodesTable 4-17 lists the normal status code returned by the API.
Table 4-17 Status code
Status Code Status Description
200 OK Request processed successfully.
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 44
Exception status code. For details, see Status Codes.
4.14 Downloading a Certificate
Function
This API is used to download a certificate.
URI● URI format
GET /v2/{project_id}/scm/cert/{cert_id}/cert_file● Parameter description
Parameter Mandatory Type Description
project_id Yes String Project ID.
cert_id Yes String Certificate ID.
Requests
Request parameters
None
Responses
Certificate file, which is a compressed package with the .rar extension.
Examples● Example request
None● Example response
{ <Object Content>}
or{ "error_code": "SCM.XXXX", "error_msg": "XXXX" }
Status Codes
Table 4-18 lists the normal status code returned by the API.
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 45
Table 4-18 Status code
Status Code Status Description
200 OK Request processed successfully.
Exception status code. For details, see Status Codes.
4.15 Uploading a Certificate
Function
This API is used to upload a certificate to SCM.
URI● URI format
POST /v2/{project_id}/scm/cert/upload● Parameters
Parameter Mandatory Type Description
project_id Yes String Project ID.
Request
Request parameters
Parameter Mandatory Type Description
cert_name Yes String Certificate name.The value is a string of 0to 63 characters.
cert Yes String Certificate chain content.
private_key Yes String Private key of a certificate.
Response
Response parameters
Parameter Mandatory Type Description
cert_id Yes String Certificate ID.
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 46
Example
The following describes how to upload a certificate named test.
● Example request{ "cert_name":"test", "cert":"-----BEGIN CERTIFICATE----- *** -----END CERTIFICATE-----", "private_key": "-----BEGIN RSA PRIVATE KEY----- *** -----END RSA PRIVATEKEY-----"}
● Example response{ "cert_id": " scs1481110651012"}
or{ "error_code": "SCM.XXXX", "error_msg": "XXXX" }
Status Codes
Table 4-19 lists the normal status code returned by the API.
Table 4-19 Status code
Status Code Status Description
200 OK Request processed successfully.
Exception status code. For details, see Status Codes.
4.16 Revoking a Certificate
Function
This API is used to revoke a certificate.
URI● URI format
POST /v2/{project_id}/scm/cert/{cert_id}/revoke
● Parameters
Parameter Mandatory Type Description
project_id Yes String Project ID.
cert_id Yes String Certificate ID.
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 47
Request
Request parameters
Parameter Mandatory Type Description
reason Yes String Reason for revoking acertificate.The value is a string of 0 to63 characters.
Response
Response parameters
Parameter Mandatory Type Description
message Yes String Revocation request result.
Examples
The following uses the certificate revocation reason "certificate information filledincorrectly" as an example.
● Example request{ "reason": "certificate information filled incorrectly",}
● Example response{ "message":"success"}
or{ "error_code": "SCM.XXXX", "error_msg": "XXXX" }
Status Codes
Table 4-20 lists the normal status code returned by the API.
Table 4-20 Status code
Status Code Status Description
200 OK Request processed successfully.
Exception status code. For details, see Status Codes.
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 48
4.17 Pushing a Certificate
FunctionThis API is used to push an SSL certificate to another HUAWEI CLOUD service,such as Web Application Firewall (WAF), Elastic Load Balance (ELB), and ContentDelivery Network (CDN).
URI● URI format
POST /v2/{project_id}/scm/cert/{cert_id}/push● Parameters
Parameter Mandatory Type Description
project_id Yes String Project ID.
cert_id Yes String Certificate ID.
RequestRequest parameters
Parameter Mandatory Type Description
service_type Yes String Type of the service to whicha certificate is pushed.Options:CDN, ELB, Enhance_ELB,and WAF
remote_project Yes String Region where the targetservice to which a certificateis pushed.
ResponseResponse parameters
Parameter Mandatory Type Description
message Yes String Request result.
ExampleThe following describes how to push a certificate to WAF in region cn-north-7.
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 49
● Example request{ "service_type":"WAF", "remote_project":"cn-north-7"}
● Example response{ "message":"success"}
or{ "error_code": "SCM.XXXX", "error_msg": "XXXX" }
Status CodesTable 4-21 lists the normal status code returned by the API.
Table 4-21 Status code
Status Code Status Description
200 OK Request processed successfully.
Exception status code. For details, see Status Codes.
4.18 Querying Push Records
FunctionThis API is used to query the last 10 certificate push records, which are to bepushed to another HUAWEI CLOUD service.
URI● URI format
GET /v2/{project_id}/scm/cert/{cert_id}/push-history● Parameters
Parameter Mandatory Type Description
project_id Yes String Project ID.
cert_id Yes String Certificate ID.
RequestRequest parameters
None
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 50
ResponseResponse parameters
Parameter Mandatory Type Description
push_history_list Yes Array ofpush_history_list objects
Push record list. Fordetails, see Table 4-22.
Table 4-22 push_history_list
Parameter Mandatory Type Description
push_time Yes String Push time, inmilliseconds.
push_remote_project
Yes String Push project.
push_service Yes String Push service type.● WAF: A certificate is
pushed to WAF.● CDN: A certificate is
pushed to CDN.● ELB: A certificate is
pushed to classic ELB.● Enhance_ELB: A
certificate is pushed toenhanced ELB.
Example● Example request
None● Example response
{ "push_history_list": [ { "push_time": "1556257820000", "push_remote_project": null, "push_service": "CDN" }, { "push_time": "1556257447000", "push_remote_project": "cn-north-7_test", "push_service": "WAF" } ]}
or{ "error_code": "SCM.XXXX",
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 51
"error_msg": "XXXX" }
Status Codes
Table 4-23 lists the normal status code returned by the API.
Table 4-23 Status code
Status Code Status Description
200 OK Request processed successfully.
Exception status code. For details, see Status Codes.
4.19 Canceling Authorization for Privacy Information
Function
This API is used to cancel authorization for privacy information and delete theprivacy data saved in SCM.
URI● URI format
DELETE /v2/{project_id}/scm/privacy-protection/{cert_id}● Parameters
Parameter Mandatory Type Description
project_id Yes String Project ID.
cert_id Yes String Certificate ID.
Request
Request parameters
None
Response
Response parameters
Parameter Mandatory Type Description
message Yes String Request result.
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 52
Example● Example request
None● Example response
{ "message":"success"}
or{ "error_code": "SCM.XXXX", "error_msg": "XXXX" }
Status Codes
Table 4-24 lists the normal status code returned by the API.
Table 4-24 Status code
Status Code Status Description
200 OK Request processed successfully.
Exception status code. For details, see Status Codes.
4.20 Adding an Additional Domain Name
Function
This API is used to add an additional domain name. If you have a multi-domainSSL certificate and available quota for additional domain names, you can addadditional domain names for the certificate after it is issued.
URI● URI format
POST /v2/{project_id}/scm/cert/{cert_id}/supplement● Parameters
Parameter Mandatory Type Description
project_id Yes String Project ID.
cert_id Yes String Certificate ID.
Request
Request parameters
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 53
Parameter Mandatory Type Description
ori_sans Yes String Additional domain name boundto a multi-domain certificate.If multiple domain names aredisplayed, the domain namesare separated by semicolons (;).Example:example.domain.com;example.domain1.com
add_sans No String Additional domain name to beadded for a multi-domaincertificate.If multiple domain names needto be entered, separate thedomain names by semicolons(;).Example:example.domain2.com;example.domain3.com
email No String Email of a contact.
ResponseResponse parameters
Parameter Mandatory Type Description
request_info Yes String Request result.
ExampleThe following describes how to add an additional domain nameexample.domain.com.
● Example request{ "ori_sans ": "abc.com;xyz.com", "add_sans ": "example.domain.com", "email": "[email protected]"}
● Example response{ "request info":"success"}
or{ "error_code": "SCM.XXXX", "error_msg": "XXXX" }
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 54
Status CodesTable 4-25 lists the normal status code returned by the API.
Table 4-25 Status code
Status Code Status Description
200 OK Request processed successfully.
Exception status code. For details, see Status Codes.
SSL Certificate ManagerAPI Reference 4 SCM APIs
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 55
5 Permissions Policies and SupportedActions
5.1 Introduction to Permissions Policies and SupportedActions
This chapter describes fine-grained permissions management for your SCM. If yourHUAWEI CLOUD account does not need individual IAM users, then you may skipover this chapter.
By default, new IAM users do not have permissions assigned. You need to add auser to one or more groups, and attach permissions policies or roles to thesegroups. Users inherit permissions from the groups to which they are added andcan perform specified operations on cloud services based on the permissions.
Permissions are classified into roles and policies based on the authorizationgranularity. Roles are a type of coarse-grained authorization mechanism thatdefines permissions related to user responsibilities. Policies define API-basedpermissions for operations on specific resources under certain conditions, allowingfor more fine-grained, secure access control of cloud resources.
Policy-based authorization is useful if you want to allow or deny the access to an API.
A HUAWEI CLOUD account has all of the permissions required to call all APIs, butIAM users must have the required permissions specifically assigned. Thepermissions required for calling an API are determined by the actions supported bythe API. Only users who have been granted permissions allowing the actions cancall the API successfully. For example, if an IAM user queries ECSs using an API,the user must have been granted permissions that allow the ecs:servers:listaction.
Supported Actions
SCM provides system-defined policies that can be directly used in IAM. You canalso create custom policies and use them to supplement system-defined policies,
SSL Certificate ManagerAPI Reference 5 Permissions Policies and Supported Actions
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 56
implementing more refined access control. Operations supported by policies arespecific to APIs. The following are common concepts related to policies:
● Permission: A statement in a policy that allows or denies certain operations.● Actions: Added to a custom policy to control permissions for specific
operations.● Authorization Scope: A custom policy can be applied to IAM projects or
enterprise projects or both. Policies that contain actions supporting both IAMand enterprise projects can be assigned to user groups and take effect in bothIAM and Enterprise Management. Policies that only contain actionssupporting IAM projects can be assigned to user groups and only take effectfor IAM. Such policies will not take effect if they are assigned to user groupsin Enterprise Management. For details about the differences between IAMand enterprise projects, see What Are the Differences Between IAM andEnterprise Management?
● APIs: REST APIs that can be called in a custom policy.
SCM supports the actions (shown in API Actions) that can be defined in custompolicies. The actions include uploading, applying for, and downloading acertificate.
5.2 API ActionsPermissions Actions Authorization
ScopeAPIs
Querying thecertificate list
scm:cert:list ● Supported:Projects
● Notsupported:Enterpriseprojects
GET /v2/{project_id}/scm/certlist
Queryingdetails of acertificate
scm:cert:get ● Supported:Projects
● Notsupported:Enterpriseprojects
GET /v2/{project_id}/scm/cert/{cert_id}
Querying theproduct typeof a certificate
scm:certType:get
● Supported:Projects
● Notsupported:Enterpriseprojects
GET /v2/{project_id}/scm/cert/product
SSL Certificate ManagerAPI Reference 5 Permissions Policies and Supported Actions
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 57
Permissions Actions AuthorizationScope
APIs
Querying theproductdetails of acertificate
scm:certProduct:get
● Supported:Projects
● Notsupported:Enterpriseprojects
GET /v2/{project_id}/scm/product/{product_id}
Canceling anapplication
scm:cert:cancel ● Supported:Projects
● Notsupported:Enterpriseprojects
POST /v2/{project_id}/scm/cert/{cert_id}/cancel-cert
Purchasing acertificate
scm:cert:purchase
● Supported:Projects
● Notsupported:Enterpriseprojects
POST /v2/{project_id}/scm/cert/purchase
Applying for acertificate
scm:cert:complete
● Supported:Projects
● Notsupported:Enterpriseprojects
POST /v2/{project_id}/scm/cert/{cert_id}/complete
Saving theinformationentered whenapplying for acertificate
scm:cert:complete
● Supported:Projects
● Notsupported:Enterpriseprojects
POST /v2/{project_id}/scm/cert/{cert_id}/save
Reading theinformationentered whenapplying for acertificate
scm:cert:complete
● Supported:Projects
● Notsupported:Enterpriseprojects
POST /v2/{project_id}/scm/cert/{cert_id}/read
Modifying acertificate
scm:cert:edit ● Supported:Projects
● Notsupported:Enterpriseprojects
PUT /v2/{project_id}/scm/cert/{cert_id}
SSL Certificate ManagerAPI Reference 5 Permissions Policies and Supported Actions
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 58
Permissions Actions AuthorizationScope
APIs
Deleting acertificate
scm:cert:delete ● Supported:Projects
● Notsupported:Enterpriseprojects
DELETE /v2/{project_id}/scm/cert/{cert_id}
Downloadinga certificate
scm:cert:download
● Supported:Projects
● Notsupported:Enterpriseprojects
GET /v2/{project_id}/scm/cert/{cert_id}/cert_file
Uploadingauthenticationinformation
scm:cert:complete
● Supported:Projects
● Notsupported:Enterpriseprojects
POST /v2/{project_id}/scm/cert/{cert_id}/info/{type}/upload_authentication
Revoking acertificate
scm:cert:revoke ● Supported:Projects
● Notsupported:Enterpriseprojects
POST /v2/{project_id}/scm/cert/{cert_id}/revoke
Pushing acertificate
scm:cert:pushThe followingaction needsto be addedwhen acertificate is tobe pushed toCDN:cdn:configuration:queryHttpsConf
● Supported:Projects
● Notsupported:Enterpriseprojects
POST /v2/{project_id}/scm/cert/{cert_id}/push
Queryingpush records
scm:pushHistory:list
● Supported:Projects
● Notsupported:Enterpriseprojects
GET /v2/{project_id}/scm/cert/{cert_id}/push-history
SSL Certificate ManagerAPI Reference 5 Permissions Policies and Supported Actions
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 59
Permissions Actions AuthorizationScope
APIs
Uploading acertificate
scm:cert:upload
● Supported:Projects
● Notsupported:Enterpriseprojects
POST /v2/{project_id}/scm/cert/upload
Verifying aCSR
scm:cert:complete
● Supported:Projects
● Notsupported:Enterpriseprojects
POST /v2/{project_id}/scm/check-csr
Adding anadditionaldomain name
scm:cert:supplement
● Supported:Projects
● Notsupported:Enterpriseprojects
POST /v2/{project_id}/scm/cert/{cert_id}/supplement
Cancelingprivacyauthorization
scm:privacyProtection:delete
● Supported:Projects
● Notsupported:Enterpriseprojects
DELETE /v2/{project_id}/scm/privacy-protection/{cert_id}
SSL Certificate ManagerAPI Reference 5 Permissions Policies and Supported Actions
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 60
A Appendix
A.1 Status CodesStatusCode
Status Description
200 OK Request processed successfully.
202 Accept The job was successfully delivered.However, it will be postponed because thesystem is busy currently.
204 No Content The request is processed successfully andno content is returned.
300 multiple choices The requested resource has multipleavailable responses.
400 Bad Request The request parameter is incorrect.
401 Unauthorized You need to enter the username andpassword to access the requested page.
403 Forbidden The server understood the request, but isrefusing to fulfill it.
404 Not Found The requested resource does not exist ornot found.
405 Method Not Allowed The method specified in the request is notallowed.
406 Not Acceptable The response generated by the servercannot be accepted by the client.
407 Proxy AuthenticationRequired
You must use the proxy server forauthentication. Then, the request can beprocessed.
SSL Certificate ManagerAPI Reference A Appendix
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 61
StatusCode
Status Description
408 Request Timeout The request timed out.
409 Conflict The request cannot be processed due to aconflict.
500 Internal Server Error Internal service error.
501 Not Implemented Failed to complete the request. The serverdoes not support the requested function.
502 Bad Gateway Failed to complete the request, because theserver receives an invalid request.
503 Service Unavailable Failed to complete the request due tosystem exception.
504 Gateway Timeout A gateway timeout error occurs.
A.2 Error Codes
IntroductionA customized message is returned when errors, such as 400 or 500 errors, occur inan extended public cloud API. This section describes error codes and theirmeanings.
Response Format● HTTP status code
500
● Response example{ "error_code": "SCM.0000", "error_msg": "System internal error. Please contact the technical support."}
Error Code Description
Error Code Description
SCM.3000 System internal error.
SCM.0001 SCM is unavailable.
SCM.0002 The tenant ID or domain ID is incorrect.
SCM.0003 The current user does not have the requiredpermission.
SCM.0004 Response to a request for submitting acertificate failed.
SSL Certificate ManagerAPI Reference A Appendix
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 62
Error Code Description
SCM.0005 The request parameter is incorrect.
SCM.0007 Failed to download the certificate.
SCM.0008 The certificate ID is incorrect.
SCM.0009 Failed to upload the certificate because thecertificate is not bound to a domain name.
SCM.0010 The certificate type or status does notsupport this operation.
SCM.0011 The number of user certificates has reachedthe upper limit.
SCM.0012 The uploaded private key failed to beresolved. Ensure that the certificate hasbeen issued.
SCM.0013 The uploaded certificate chain failed to beresolved. Ensure that the certificate hasbeen issued.
SCM.0014 The uploaded certificate does not match theprivate key.
SCM.0015 The number or format of domain namesfilled does not meet the requirements of thepurchased certificate.
SCM.0016 The certificate order is abnormal.
SCM.0017 The certificate product is abnormal.
SCM.0018 Failed to cancel the order.
SCM.0019 Response to a request for submitting acertificate CSB failed.
SCM.0020 The certificate ID is incorrect.
SCM.0021 The country code format is incorrect.
SCM.0022 The phone number format is incorrect.
SCM.0023 An error occurred when modifying thecertificate (modifying a key value).
SCM.0024 An error occurred when modifying thecertificate (modifying the content).
SCM.0025 The free quota is exceeded.
SCM.0026 Certificate revocation exception.
SCM.0027 The revocation reason is not entered.
SSL Certificate ManagerAPI Reference A Appendix
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 63
Error Code Description
SCM.0028 Certificate push exception.
SCM.0030 The push service type is not supported.
SCM.0031 Certificate parsing exception.
SCM.0032 Incorrect certificate name.
SCM.0033 The CSR is not bound to a domain name.
SCM.0034 CSR parsing exception.
SCM.0035 The CSR domain name does not match theentered domain name.
SCM.0036 The number of domain names does notmatch the product.
SCM.0037 Failed to encrypt the certificate.
SCM.0038 Failed to decrypt the certificate.
SCM.0039 ELB service support exception.
SCM.0040 Certificate not supported by CDN.
SCM.0042 The certificate has expired.
SCM.0043 The certificate has not taken effect.
SCM.0044 CDN does not support the certificate name.
SCM.0045 CDN does not support duplicate certificates.
SCM.0046 CDN permission denied.
SCM.0047 The certificate name length is not supportedby CDN.
SCM.0048 The certificate is being used by CDN.
SCM.0049 Certificate brand exception.
SCM.0050 Certificate type exception.
SCM.0051 Domain name type exception.
SCM.0052 Certificate validity period exception.
SCM.0053 WAF does not support certificates with thesame name.
SCM.0054 WAF does not support the certificate name.
SCM.0055 WAF service exception.
SCM.0056 The service does not support the region.
SCM.0057 The length exceeds the limit (255 bytes).
SSL Certificate ManagerAPI Reference A Appendix
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 64
Error Code Description
SCM.0058 Enhance_ELB service exception.
SCM.0059 The certificate private key is empty.
SCM.0060 The order quantity is incorrect.
SCM.0061 region parameter error.
SCM.0062 DNS query failed.
SCM.0063 Duplicate domain name.
SCM.0064 The order is being processed.
SCM.0065 The file size exceeds the upper limit.
SCM.0066 The certificate domain name type does notsupport the current operation.
SCM.0067 The existing additional domain name ismodified.
A.3 Obtaining a Project ID
Obtaining a Project ID by Calling an APIYou can obtain the project ID by calling the API used to query projectinformation based on the specified criteria.
The API used to obtain a project ID is GET https://{Endpoint}/v3/projects.{Endpoint} is the IAM endpoint and can be obtained from Regions andEndpoints. For details about API authentication, see Authentication.
In the following example, id indicates the project ID.{ "projects": [ { "domain_id": "65382450e8f64ac0870cd180d14e684b", "is_domain": false, "parent_id": "65382450e8f64ac0870cd180d14e684b", "name": "xxxxxxxx", "description": "", "links": { "next": null, "previous": null, "self": "https://www.example.com/v3/projects/a4a5d4098fb4474fa22cd05f897d6b99" }, "id": "a4a5d4098fb4474fa22cd05f897d6b99", "enabled": true } ], "links": { "next": null, "previous": null, "self": "https://www.example.com/v3/projects" }}
SSL Certificate ManagerAPI Reference A Appendix
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 65
Obtaining a Project ID from the ConsoleA project ID is required for some URLs when an API is called. To obtain a projectID, perform the following operations:
1. Log in to the management console.2. Click the username and choose Basic Information from the drop-down list.3. On the Account Info page, click Manage next to Security Credentials.
On the API Credentials page, view project IDs in the project list.
Figure A-1 Viewing project IDs
SSL Certificate ManagerAPI Reference A Appendix
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 66
B Change History
Released On Description
2020-01-20 This issue is the fourth official release.Updated descriptions in section"Permissions and Supported Actions"based on the changes on the IAMconsole.
2019-09-11 This is the second official release.Optimized section "Obtaining a ProjectID."
2019-08-13 This is the first official release.
SSL Certificate ManagerAPI Reference B Change History
Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 67