Certificate API

https://api.gandi.net/v5/certificate/

Gandi Certificate Management API

DCV parameters

https://api.gandi.net/v5/certificate/dcv_params

post Retrieve DCV parameters

Get parameters for DCV (Domain Control Validation). DCV is a security check that validates/grants access to the registred domain name.

Despite being a post method, this route does not perform any change on your existing certificates.

If you want to perform a DCV through DNS, pass the parameter dcv_method with dns.

Request

Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key
Body
  • application/json
    object

    With the following properties:

    Optional
    • altnamesarray[ string ]
      Alt Name list, when the certificate package permits it
    • csrstring
      Certificate Signing Request
    • dcv_methodstring

      One of: "email", "dns", "file", "http", "https"

      The certificate validation method
    • packagestring
      Certificate package name as returned in the package list route.

Responses

200

Body
  • application/json
    object

    With the following properties:

    • altnamesarray[ string ]
      Extracted SANs list from the CSR if any, else an empty data structure.
    • dcv_methodstring

      One of: "email", "dns", "file", "http", "https"

      The certificate validation method
    • fqdnsarray[ string ]
    • md5string
    • sha256string
    Optional
    • messagesarray[ string ]
    • raw_messagesarray[ array[ string ] ]
    • unique_valuestring

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

401

Bad authentication attempt because of a wrong API Key.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

403

In case the bearer token has expired, does not have enought permission or does not exists.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key

Certificate Create and List

https://api.gandi.net/v5/certificate/issued-certs

get List certificates

This route returns a list of certificates handled by your organizations.

Request

Query String
  • Optional
    • cnstring
      Filters the list by CN name, with optional patterns.
      Example: example.net
      Example: example*
      Example: *example.com
    • covered_cnstring
      Filters the list by certificates valid for a given CN.
    • packagestring
      Name of the certificate package.
    • pageinteger

      Default: 1

      Minimum: 1

      Which result page to retrieve. If the number is greater than the last page, an empty list is returned.
    • per_pageinteger

      Minimum: 1

      How many items to display per page.
    • sharing_idstring
      Sharing ID. Organization ID used as a filter or as a billing identifier. See the reference.
    • sort_bystring

      One of: "created_at", "-created_at", "updated_at", "-updated_at", "started_at", "-started_at", "ends_at", "-ends_at", "subscription_ends_at", "-subscription_ends_at"

      Default: "ends_at"

      Used to specify how you want the results sorted.
    • statusstring

      One of: "pending", "valid", "revoked", "replaced", "replaced_rev", "expired"

Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key

Responses

200

Headers
    • Total-Countinteger
      Total number of items.
    Optional
    • Filtered-Countinteger
      On a filtered list, this is the number of matching items.
    • Linkstring
      Links to next and last page.
Body
  • application/json
    array

    Of items of type:

    • object

      With the following properties:

      • altnamesarray[ string ]
        Alt Name list, when the certificate package permits it
      • altnames_unicodearray[ string ]
        Alt Name list, when the certificate package permits it
      • cnstring

        Maximum length: 64

        Common Name
      • cn_unicodestring

        Maximum length: 64

        Common Name
      • contactobject

        With the following properties:

        Optional
        • citystring
        • countrystring
        • emailstring
        • familystring
        • givenstring
        • orgnamestring
        • statestring
        • streetaddrstring
        • zipstring
      • datesobject

        With the following properties:

        Optional
        • created_atdatetime
          initial creation date of the certificate. In case of renews this is the creation date of the original certificate
        • ends_atdatetime
          validity end date of the certificate (notAfter)
        • started_atdatetime
          validity start date of the certificate (notBefore)
        • subscription_ends_atdatetime
          in case of certificates that are valid for more than 1 year, the date for which they where initialy bought
        • updated_atdatetime
      • idstring
        UUID
      • packageobject

        With the following properties:

        • hrefstring
        • max_domainsinteger
          maximum number of associated names
        • namestring
          package reference name
        • name_labelstring
          human readable name of the package
        • typestring
        • type_labelstring
        • wildcardboolean
          true if it can be used as wildcard
      • providerstring
        Provider of this certificate (eg
      • softwareinteger
      • statusstring

        One of: "pending", "valid", "revoked", "replaced", "replaced_rev", "expired"

      Optional
      • assumed_namestring
      • business_categorystring
      • card_pay_trustlogoboolean
      • certstring
      • csrstring
      • dcv_methodstring

        One of: "email", "dns", "file", "http", "https"

        The certificate validation method
      • error_msgstring
      • hrefstring
      • idaobject

        With the following properties:

        Optional
        • emailstring
        • faxstring
        • telstring
      • intermediatestring
      • joiobject

        With the following properties:

        Optional
        • countrystring
        • localitystring
        • statestring
      • middlemanobject

        With the following properties:

        Optional
        • citystring
        • countrystring
        • emailstring
        • familystring
        • givenstring
        • orgnamestring
        • statestring
        • streetaddrstring
        • zipstring
      • ownerstring
      • reissuableboolean
      • renewableboolean
      • sha_versioninteger
      • sharing_idstring
      • statestring
      • state_detailstring
      • step_nbinteger

        One of: 0, 1, 2, 3, 4, 5

        Type of nameservers currently set. 0 corresponds to 'Starting operation', 1 is for 'Payment validation', 2 is for 'Contact verification, 3 is for 'Documents validation', 4 is for 'Domain control validation', and 5 is for 'Certificate delivery'.
      • storedboolean
      • tagsarray[ string ]
        List of tags that have been assigned to the certificate.
      • trustlogoboolean
      • trustlogo_tokenobject

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

401

Bad authentication attempt because of a wrong API Key.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

403

In case the bearer token has expired, does not have enought permission or does not exists.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key

post Create a new certificate

This route creates a new certificate.

The parameters can receive either a CSR or a CN.

Important: All certificates are valid for one year regardless of the duration value. For longer durations, you must update the certificate using PATCH /issued-certs/{id}.

Request

Query String
  • Optional
    • sharing_idstring
      Sharing ID. Organization ID used as a filter or as a billing identifier. See the reference.
Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key
    Optional
    • Dry-Runinteger
      If this header's value is 1 the request's parameters will only be checked; the operation will not actually be performed.
Body
  • application/json
    object

    With the following properties:

    Required
    • packagestring
      Certificate package name as returned in the package list route.
    Optional
    • altnamesarray[ string ]
      Alt Name list, when the certificate package permits it
    • cnstring

      Maximum length: 64

      Common Name
    • csrstring
      Certificate Signing Request
    • dcv_methodstring

      One of: "email", "dns", "file", "http", "https"

      The certificate validation method
    • durationinteger

      Default: 1

      Minimum: 1

    • resellee_idstring
      Customer id that will own the certificate. (See customer API] This useful for pro and business certificates where a validation will be made on the company name

Responses

200

Dry-Run response. You will get this response when you send your request. with a Dry-Run: 1 header.
Headers
  • Optional
    • Warningstring
      Warning message
Body
  • application/json
    object

    With the following properties:

    • statusstring

      One of: "success", "error"

      Response status.
    Optional
    • errorsarray
      A list of all the errors encountered during validation.

      Of items of type:

      • object

        With the following properties:

        • descriptionstring
          Error message.
        • locationstring

          One of: "header", "path", "querystring", "body"

          The field's location in the HTTP response.
        • namestring
          The xpath of the field.

202

The request has been accepted.
Headers
  • Optional
    • Locationstring
Body
  • application/json
    object

    With the following properties:

    • hrefstring
    • idstring
      Certificate ID
    • messagestring
      Confirmation message.

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

401

Bad authentication attempt because of a wrong API Key.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

403

In case the bearer token has expired, does not have enought permission or does not exists.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key

Certificate information

https://api.gandi.net/v5/certificate/issued-certs/{id}

get Certificate details

This route is used to retrieve information about a certificate.

Request

URI Parameters
    • idstring
      Certificate ID
Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key

Responses

200

Body
  • application/json
    object

    With the following properties:

    • altnamesarray[ string ]
      Alt Name list, when the certificate package permits it
    • altnames_unicodearray[ string ]
      Alt Name list, when the certificate package permits it
    • cnstring

      Maximum length: 64

      Common Name
    • cn_unicodestring

      Maximum length: 64

      Common Name
    • contactobject

      With the following properties:

      Optional
      • citystring
      • countrystring
      • emailstring
      • familystring
      • givenstring
      • orgnamestring
      • statestring
      • streetaddrstring
      • zipstring
    • datesobject

      With the following properties:

      Optional
      • created_atdatetime
        initial creation date of the certificate. In case of renews this is the creation date of the original certificate
      • ends_atdatetime
        validity end date of the certificate (notAfter)
      • started_atdatetime
        validity start date of the certificate (notBefore)
      • subscription_ends_atdatetime
        in case of certificates that are valid for more than 1 year, the date for which they where initialy bought
      • updated_atdatetime
    • idstring
      UUID
    • packageobject

      With the following properties:

      • hrefstring
      • max_domainsinteger
        maximum number of associated names
      • namestring
        package reference name
      • name_labelstring
        human readable name of the package
      • typestring
      • type_labelstring
      • wildcardboolean
        true if it can be used as wildcard
    • providerstring
      Provider of this certificate (eg
    • softwareinteger
    • statusstring

      One of: "pending", "valid", "revoked", "replaced", "replaced_rev", "expired"

    Optional
    • assumed_namestring
    • business_categorystring
    • card_pay_trustlogoboolean
    • certstring
    • csrstring
    • dcv_methodstring

      One of: "email", "dns", "file", "http", "https"

      The certificate validation method
    • error_msgstring
    • hrefstring
    • idaobject

      With the following properties:

      Optional
      • emailstring
      • faxstring
      • telstring
    • intermediatestring
    • joiobject

      With the following properties:

      Optional
      • countrystring
      • localitystring
      • statestring
    • middlemanobject

      With the following properties:

      Optional
      • citystring
      • countrystring
      • emailstring
      • familystring
      • givenstring
      • orgnamestring
      • statestring
      • streetaddrstring
      • zipstring
    • ownerstring
    • reissuableboolean
    • renewableboolean
    • sha_versioninteger
    • sharing_idstring
    • statestring
    • state_detailstring
    • step_nbinteger

      One of: 0, 1, 2, 3, 4, 5

      Type of nameservers currently set. 0 corresponds to 'Starting operation', 1 is for 'Payment validation', 2 is for 'Contact verification, 3 is for 'Documents validation', 4 is for 'Domain control validation', and 5 is for 'Certificate delivery'.
    • storedboolean
    • tagsarray[ string ]
      List of tags that have been assigned to the certificate.
    • trustlogoboolean
    • trustlogo_tokenobject

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

401

Bad authentication attempt because of a wrong API Key.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

403

In case the bearer token has expired, does not have enought permission or does not exists.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key

post Renew a certificate

This route renews an existing certificate.

Request

URI Parameters
    • idstring
      Certificate ID
Query String
  • Optional
    • sharing_idstring
      Sharing ID. Organization ID used as a filter or as a billing identifier. See the reference.
Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key
    Optional
    • Dry-Runinteger
      If this header's value is 1 the request's parameters will only be checked; the operation will not actually be performed.
Body
  • application/json
    object

    With the following properties:

    Optional
    • csrstring
    • dcv_methodstring
    • durationinteger

Responses

200

Dry-Run response. You will get this response when you send your request. with a Dry-Run: 1 header.
Headers
  • Optional
    • Warningstring
      Warning message
Body
  • application/json
    object

    With the following properties:

    • statusstring

      One of: "success", "error"

      Response status.
    Optional
    • errorsarray
      A list of all the errors encountered during validation.

      Of items of type:

      • object

        With the following properties:

        • descriptionstring
          Error message.
        • locationstring

          One of: "header", "path", "querystring", "body"

          The field's location in the HTTP response.
        • namestring
          The xpath of the field.

202

The request has been accepted.
Headers
  • Optional
    • Locationstring
Body
  • application/json
    object

    With the following properties:

    • messagestring
      Confirmation message.

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

401

Bad authentication attempt because of a wrong API Key.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

403

In case the bearer token has expired, does not have enought permission or does not exists.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key

patch Update a certificate

This route updates an existing certificate.

Request

URI Parameters
    • idstring
      Certificate ID
Query String
  • Optional
    • sharing_idstring
      Sharing ID. Organization ID used as a filter or as a billing identifier. See the reference.
Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key
    Optional
    • Dry-Runinteger
      If this header's value is 1 the request's parameters will only be checked; the operation will not actually be performed.
Body
  • application/json
    object

    With the following properties:

    Optional
    • altnamesarray[ string ]
    • csrstring
    • dcv_methodstring

Responses

200

Dry-Run response. You will get this response when you send your request. with a Dry-Run: 1 header.
Headers
  • Optional
    • Warningstring
      Warning message
Body
  • application/json
    object

    With the following properties:

    • statusstring

      One of: "success", "error"

      Response status.
    Optional
    • errorsarray
      A list of all the errors encountered during validation.

      Of items of type:

      • object

        With the following properties:

        • descriptionstring
          Error message.
        • locationstring

          One of: "header", "path", "querystring", "body"

          The field's location in the HTTP response.
        • namestring
          The xpath of the field.

202

The request has been accepted.
Headers
  • Optional
    • Locationstring
Body
  • application/json
    object

    With the following properties:

    • messagestring
      Confirmation message.

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

401

Bad authentication attempt because of a wrong API Key.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

403

In case the bearer token has expired, does not have enought permission or does not exists.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key

delete Revoke a certificate

This route revokes an existing certificate.

Request

URI Parameters
    • idstring
      Certificate ID
Query String
  • Optional
    • sharing_idstring
      Sharing ID. Organization ID used as a filter or as a billing identifier. See the reference.
Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key

Responses

204

Certificate will be revoked.

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

401

Bad authentication attempt because of a wrong API Key.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

403

In case the bearer token has expired, does not have enought permission or does not exists.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key

Retrieve certificate

https://api.gandi.net/v5/certificate/issued-certs/{id}/crt

get Retrieve certificate

This route retrieves the certificate in text format.

Request

URI Parameters
    • idstring
      Certificate ID
Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key

Responses

200

Body
  • text/plain
    string
    the certificate

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

401

Bad authentication attempt because of a wrong API Key.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

403

In case the bearer token has expired, does not have enought permission or does not exists.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key

Certificate validation

https://api.gandi.net/v5/certificate/issued-certs/{id}/dcv

put Resend the DCV

This route asks the provider to resend the DCV for that operation. This only works when the DCV method is email

Request

URI Parameters
    • idstring
      Certificate ID
Query String
  • Optional
    • sharing_idstring
      Sharing ID. Organization ID used as a filter or as a billing identifier. See the reference.
Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key

Responses

202

The request has been accepted.
Headers
  • Optional
    • Locationstring
Body
  • application/json
    object

    With the following properties:

    • messagestring
      Confirmation message.

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

401

Bad authentication attempt because of a wrong API Key.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

403

In case the bearer token has expired, does not have enought permission or does not exists.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key

patch Update the DCV method

This route asks the provider to change the DCV method for that operation.

Request

URI Parameters
    • idstring
      Certificate ID
Query String
  • Optional
    • sharing_idstring
      Sharing ID. Organization ID used as a filter or as a billing identifier. See the reference.
Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key
Body
  • application/json
    object

    With the following properties:

    Required
    • methodstring

      One of: "email", "dns", "file", "http", "https"

Responses

201

The resource has been created.
Headers
  • Optional
    • Locationstring
Body
  • application/json
    object

    With the following properties:

    • messagestring
      Confirmation message.

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

401

Bad authentication attempt because of a wrong API Key.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

403

In case the bearer token has expired, does not have enought permission or does not exists.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key

DCV parameters

https://api.gandi.net/v5/certificate/issued-certs/{id}/dcv_params

post Retrieve DCV parameters

Get parameters for DCV (Domain Control Validation). DCV is a security check that validates/grants access to the registred domain name.

Despite being a post method, this route does not perform any change on your existing certificates.

If you want to perform a DCV through DNS, pass the parameter dcv_method with dns.

Request

URI Parameters
    • idstring
      Certificate ID
Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key
Body
  • application/json
    object

    With the following properties:

    Optional
    • csrstring
      Certificate Signing Request
    • dcv_methodstring

      One of: "email", "dns", "file", "http", "https"

      The certificate validation method
    • packagestring
      Certificate package name as returned in the package list route.

Responses

200

Body
  • application/json
    object

    With the following properties:

    • altnamesarray[ string ]
      Extracted SANs list from the CSR if any, else an empty data structure.
    • dcv_methodstring

      One of: "email", "dns", "file", "http", "https"

      The certificate validation method
    • fqdnsarray[ string ]
    • md5string
    • sha256string
    Optional
    • messagesarray[ string ]
    • raw_messagesarray[ array[ string ] ]
    • unique_valuestring

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

401

Bad authentication attempt because of a wrong API Key.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

403

In case the bearer token has expired, does not have enought permission or does not exists.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key

Manage certificate tags

https://api.gandi.net/v5/certificate/issued-certs/{id}/tags

get Get the list of tags linked to a certificate

Request

URI Parameters
    • idstring
      Certificate ID
Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key

Responses

200

Body
  • application/json
    array[ string ]
    Example:
    [
      "server1",
      "server2"
    ]

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

401

Bad authentication attempt because of a wrong API Key.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

403

In case the bearer token has expired, does not have enought permission or does not exists.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key

post Attach a new tag to the certificate

Request

URI Parameters
    • idstring
      Certificate ID
Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key
Body
  • application/json
    object

    With the following properties:

    Required
    • tagstring
    Example:
    {
      "tag": "server42"
    }

Responses

201

The resource has been created.
Headers
  • Optional
    • Locationstring
Body
  • application/json
    object

    With the following properties:

    • messagestring
      Confirmation message.

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

401

Bad authentication attempt because of a wrong API Key.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

403

In case the bearer token has expired, does not have enought permission or does not exists.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key

put Replace all the tags of the certificate

Request

URI Parameters
    • idstring
      Certificate ID
Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key
Body
  • application/json
    object

    With the following properties:

    Required
    • tagsarray[ string ]
    Example:
    {
      "tags": [
        "server42",
        "server55"
      ]
    }

Responses

201

The resource has been created.
Headers
  • Optional
    • Locationstring
Body
  • application/json
    object

    With the following properties:

    • messagestring
      Confirmation message.

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

401

Bad authentication attempt because of a wrong API Key.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

403

In case the bearer token has expired, does not have enought permission or does not exists.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key

patch Update some of the tags of the certificate

Request

URI Parameters
    • idstring
      Certificate ID
Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key
Body
  • application/json
    object

    With the following properties:

    Required
    • addarray[ string ]
    • removearray[ string ]
    Example:
    {
      "add": [
        "server79"
      ],
      "remove": [
        "server55"
      ]
    }

Responses

201

The resource has been created.
Headers
  • Optional
    • Locationstring
Body
  • application/json
    object

    With the following properties:

    • messagestring
      Confirmation message.

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

401

Bad authentication attempt because of a wrong API Key.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

403

In case the bearer token has expired, does not have enought permission or does not exists.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key

delete Remove all tags from this certificate

Request

URI Parameters
    • idstring
      Certificate ID
Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key

Responses

200

Body
  • application/json
    object

    With the following properties:

    • messagestring

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

401

Bad authentication attempt because of a wrong API Key.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

403

In case the bearer token has expired, does not have enought permission or does not exists.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key

Certificate Packages

https://api.gandi.net/v5/certificate/packages

get Package list

This route returns a list of all available certificate packages.

Request

Query String
  • Optional
    • categorystring
    • max_domainsinteger
    • min_domainsinteger
    • pageinteger

      Default: 1

      Minimum: 1

      Which result page to retrieve. If the number is greater than the last page, an empty list is returned.
    • per_pageinteger

      Minimum: 1

      How many items to display per page.
    • trustlogoboolean
    • warrantyinteger
    • wildcardboolean
Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key

Responses

200

Headers
    • Total-Countinteger
      Total number of items.
    Optional
    • Linkstring
      Links to next and last page.
Body
  • application/json
    array

    Of items of type:

    • object

      With the following properties:

      • categoryobject

        With the following properties:

        • namestring
          category of the package (standard, pro, business, …)
      • hrefstring
      • max_domainsinteger
        maximum number of associated names
      • min_domainsinteger
        minimum number of associated names (always 1)
      • namestring
        reference that should be used when requesting a new certificate. See this list for possible values.
      • providerstring
        Provider of this package
      • sgcboolean
        deprecated "Server Gated Cryptography", packages with this flag are actually discarded
      • trustlogoboolean
      • warrantyinteger
      • wildcardboolean
        should be used for wildcard certificates

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

401

Bad authentication attempt because of a wrong API Key.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

403

In case the bearer token has expired, does not have enought permission or does not exists.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key

Package information

https://api.gandi.net/v5/certificate/packages/{name}

get Package information

This route returns the information about a certificate package

Request

URI Parameters
    • namestring
      Package name, see this list for possible values

Responses

200

Body
  • application/json
    object

    With the following properties:

    • categoryobject

      With the following properties:

      • namestring
        category of the package (standard, pro, business, …)
    • hrefstring
    • max_domainsinteger
      maximum number of associated names
    • min_domainsinteger
      minimum number of associated names (always 1)
    • namestring
      reference that should be used when requesting a new certificate. See this list for possible values.
    • providerstring
      Provider of this package
    • sgcboolean
      deprecated "Server Gated Cryptography", packages with this flag are actually discarded
    • trustlogoboolean
    • warrantyinteger
    • wildcardboolean
      should be used for wildcard certificates

Intermediate certificate, by filename

https://api.gandi.net/v5/certificate/pem/-/{filename}

This route is used in combinaison with the certificate detail "intermediate" property.

get Intermediate certificate

This route returns an intermediate certificate in a text/plain response. It must be used to generate the full chain certificate.

Request

URI Parameters
    • filenamestring
      Filename
Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key
    Optional
    • Acceptstring
      When passed application/x-pem-file value, this route will download the intermediate certificate.

Responses

200

Body
  • text/plain
    string
    Plain text intermediate certificate.
  • application/x-pem-file
    file
    Download the intermediate certificate.

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

401

Bad authentication attempt because of a wrong API Key.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

403

In case the bearer token has expired, does not have enought permission or does not exists.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key

Intermediate certificate

https://api.gandi.net/v5/certificate/pem/{type}

get Intermediate certificate

This route returns an intermediate certificate in a text/plain response. It must be used to generate the full chain certificate.

Request

URI Parameters
    • typestring

      One of: "cert_std", "cert_pro"

      Certificate type
Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key
    Optional
    • Acceptstring
      When passed application/x-pem-file value, this route will download the intermediate certificate.

Responses

200

Body
  • text/plain
    string
    Plain text intermediate certificate.
  • application/x-pem-file
    file
    Download the intermediate certificate.

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

401

Bad authentication attempt because of a wrong API Key.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

403

In case the bearer token has expired, does not have enought permission or does not exists.
Body
  • application/json
    object

    With the following properties:

    • causestring
    • codeinteger
    • messagestring
    • objectstring

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers
  • Required
    • Authorizationstring
      The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
      Example: Bearer pat_abc-123
      Example: Apikey your-api-key

Appendix

Certificate Packages

NameDescriptionProvider
cert_std_1_0_0Standard certificate with 1 fqdnSectigo
cert_std_3_0_0Standard certificate with 3 fqdnSectigo
cert_std_5_0_0Standard certificate with 5 fqdnSectigo
cert_std_10_0_0Standard certificate with 10 fqdnSectigo
cert_std_20_0_0Standard certificate with 20 fqdnSectigo
cert_std_w_0_0Standard certificate with fqdn with wildcardSectigo
cert_pro_1_10_0Pro certificate with 1 fqdnSectigo
cert_pro_1_100_0Pro certificate with 1 fqdnSectigo
cert_pro_1_100_SGCPro certificate with 1 fqdnSectigo
cert_pro_1_250_0Pro certificate with 1 fqdnSectigo
cert_pro_w_250_0Pro certificate with fqdn with wildcardSectigo
cert_pro_w_250_SGCPro certificate with fqdn with wildcardSectigo
cert_bus_1_250_0Business certificate with 1 fqdnSectigo
cert_bus_1_250_SGCBusiness certificate with 1 fqdnSectigo
cert_bus_3_250_0Business certificate with 3 fqdnSectigo
cert_bus_5_250_0Business certificate with 5 fqdnSectigo
cert_bus_10_250_0Business certificate with 10 fqdnSectigo
cert_bus_20_250_0Business certificate with 20 fqdnSectigo
cert_std_1_10_0_digicertStandard certificate with 1 fqdnDigicert
cert_std_3_10_0_digicertStandard certificate with 3 fqdnDigicert
cert_std_5_10_0_digicertStandard certificate with 5 fqdnDigicert
cert_std_10_10_0_digicertStandard certificate with 10 fqdnDigicert
cert_std_20_10_0_digicertStandard certificate with 20 fqdnDigicert
cert_std_w_10_0_digicertStandard certificate with fqdn with wildcardDigicert
cert_pro_1_250_0_digicertPro certificate with 1 fqdnDigicert
cert_pro_250_250_0_digicertPro certificate with 250 fqdnDigicert
cert_pro_w_125_0_digicertPro certificate with fqdn with wildcardDigicert
cert_bus_1_1500_0_digicertBusiness certificate with 1 fqdnDigicert
cert_bus_3_1500_0_digicertBusiness certificate with 3 fqdnDigicert
cert_bus_5_1500_0_digicertBusiness certificate with 5 fqdnDigicert
cert_bus_10_1500_0_digicertBusiness certificate with 10 fqdnDigicert
cert_bus_20_1500_0_digicertBusiness certificate with 20 fqdnDigicert