Certificate API

https://api.gandi.net/v5/certificate/

Gandi Certificate Management API

DCV parameters ¶

https://api.gandi.net/v5/certificate/dcv_params

post Retrieve DCV parameters ¶

Get parameters for DCV (Domain Control Validation). DCV is a security check that validates/grants access to the registred domain name.

Despite being a post method, this route does not perform any change on your existing certificates.

If you want to perform a DCV through DNS, pass the parameter dcv_method with dns.

Request

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Body

application/json

⁠object

With the following properties:

Optional

altnames ⁠array[ string ]
Alt Name list, when the certificate package permits it
csr ⁠string
Certificate Signing Request
dcv_method ⁠string
One of: "email", "dns", "file", "http", "https"
The certificate validation method
package ⁠string
Certificate package name as returned in the package list route.

Example:

{
  "altnames": [
    "a.example.com",
    "www.python.domain"
  ],
  "csr": "-----BEGIN CERTIFICATE REQUEST----- MIICWzCCAUMCAQAwFjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQCwl28HV/Z+CSk6ENgOcERPRfRQRTpqsO+tIHhG Sa/FdvgMFOqrLn7T5a6Vz6bXsEl/vN9Kmo1CSwRanpJOgEKaR39uzxj9JK3XsWqb yizdTkn07xLngSyZ/jw7Zg5zsiEeGADrjFdWH+Kv7Rd1gbIoeaoFJKPYiUlVhU6f GphjMViJSIMuJxeMG4uarSsUGevOoCemIPafGUwTVEWbmp0cPXRJ1mKTw3z7NehM V25FZUAeBf0LRF/lciA+PsZiU3qDN44gj+vWXIi/+Kz9FR17ciog8oBcl1xnL6CY gymIvwO1EPYBtsiTJ+7zzVW+95bEd/Z7Zg8j8mLbZm7yf0LhAgMBAAGgADANBgkq hkiG9w0BAQsFAAOCAQEAkkh7sZd+Js+JfO2LfBon9c/ndinev6/XniDiQAJC40Gb fykuEQOB7CVcYT6b6uQfpOvUCjHY1CCFRWXYzOeJAn91fEz9CHK5iKepwyJhLHmT l6eE3lP4NpSB+FS10a3pBJIUVJ3gkIOfuABBBSY7JGRdZ60nmWPeknwoB0A5erlS LAFGulmOYQAu2LDYEXSMkbtPKs/KgUYBiWTTl+Bmsriy+s/1qyuX+KiU31XQTeEF 2/nNPFevmHjRrgZUUr3m5kVW/6hToipUzhK7PamcUvSYPMC9ORRBHea/Io9GIOkD HrHVCn3XXTyOzokbXIpd+d165/QBopaITmmodf6xhw== -----END CERTIFICATE REQUEST-----",
  "dcv_method": "dns",
  "package": "cert_std_1_10_0_digicert"
}

Responses

200

Body

application/json
⁠object
With the following properties:
- altnames ⁠array[ string ]
  Extracted SANs list from the CSR if any, else an empty data structure.
- dcv_method ⁠string
  One of: "email", "dns", "file", "http", "https"
  The certificate validation method
- fqdns ⁠array[ string ]
- md5 ⁠string
- sha256 ⁠string
Optional
- dns_records ⁠array[ string ]
  DNS records to be added for DCV validation
- messages ⁠array[ string ]
- raw_messages ⁠array[ array[ string ] ]
- unique_value ⁠string

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Certificate Create and List ¶

https://api.gandi.net/v5/certificate/issued-certs

get List certificates ¶

This route returns a list of certificates handled by your organizations.

Request

Query String

Optional
- cn ⁠string
  Filters the list by CN name, with optional patterns.
  Example: example.net
  Example: example*
  Example: *example.com
- covered_cn ⁠string
  Filters the list by certificates valid for a given CN.
- package ⁠string
  Name of the certificate package.
- page ⁠integer
  Default: 1
  Minimum: 1
  Which result page to retrieve. If the number is greater than the last page, an empty list is returned.
- per_page ⁠integer
  Minimum: 1
  How many items to display per page.
- sharing_id ⁠string
  Sharing ID. Organization ID used as a filter or as a billing identifier. See the reference.
- sort_by ⁠string
  One of: "created_at", "-created_at", "updated_at", "-updated_at", "started_at", "-started_at", "ends_at", "-ends_at", "subscription_ends_at", "-subscription_ends_at"
  Default: "ends_at"
  Used to specify how you want the results sorted.
- status ⁠string
  One of: "pending", "valid", "revoked", "replaced", "replaced_rev", "expired"

Example:

?cn=example.com&package=cert_std_1_10_0_digicert&status=valid

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Responses

200

Headers

- Total-Count ⁠integer
  Total number of items.
Optional
- Filtered-Count ⁠integer
  On a filtered list, this is the number of matching items.
- Link ⁠string
  Links to next and last page.

Body

application/json
⁠array
Of items of type:
- object
  With the following properties:
  - altnames ⁠array[ string ]
    Alt Name list, when the certificate package permits it
  - altnames_unicode ⁠array[ string ]
    Alt Name list, when the certificate package permits it
  - cn ⁠string
    Maximum length: 64
    Common Name
  - cn_unicode ⁠string
    Maximum length: 64
    Common Name
  - contact ⁠object
    With the following properties:
    Optional
    city ⁠string
    country ⁠string
    email ⁠string
    family ⁠string
    given ⁠string
    orgname ⁠string
    state ⁠string
    streetaddr ⁠string
    zip ⁠string
  - dates ⁠object
    With the following properties:
    Optional
    created_at ⁠datetime
    initial creation date of the certificate. In case of renews this is the creation date of the original certificate
    ends_at ⁠datetime
    validity end date of the certificate (notAfter)
    started_at ⁠datetime
    validity start date of the certificate (notBefore)
    subscription_ends_at ⁠datetime
    in case of certificates that are valid for more than 1 year, the date for which they where initialy bought
    updated_at ⁠datetime
  - id ⁠string
    UUID
  - package ⁠object
    With the following properties:
    href ⁠string
    max_domains ⁠integer
    maximum number of associated names
    name ⁠string
    package reference name
    name_label ⁠string
    human readable name of the package
    type ⁠string
    type_label ⁠string
    wildcard ⁠boolean
    true if it can be used as wildcard
  - provider ⁠string
    Provider of this certificate (eg
  - software ⁠integer
  - status ⁠string
    One of: "pending", "valid", "revoked", "replaced", "replaced_rev", "expired"
  Optional
  - assumed_name ⁠string
  - business_category ⁠string
  - card_pay_trustlogo ⁠boolean
  - cert ⁠string
  - csr ⁠string
  - dcv_method ⁠string
    One of: "email", "dns", "file", "http", "https"
    The certificate validation method
  - error_msg ⁠string
  - href ⁠string
  - ida ⁠object
    With the following properties:
    Optional
    email ⁠string
    fax ⁠string
    tel ⁠string
  - intermediate ⁠string
  - joi ⁠object
    With the following properties:
    Optional
    country ⁠string
    locality ⁠string
    state ⁠string
  - middleman ⁠object
    With the following properties:
    Optional
    city ⁠string
    country ⁠string
    email ⁠string
    family ⁠string
    given ⁠string
    orgname ⁠string
    state ⁠string
    streetaddr ⁠string
    zip ⁠string
  - owner ⁠string
  - reissuable ⁠boolean
  - renewable ⁠boolean
  - sha_version ⁠integer
  - sharing_id ⁠string
  - state ⁠string
  - state_detail ⁠string
  - step_nb ⁠integer
    One of: 0, 1, 2, 3, 4, 5
    Type of nameservers currently set. 0 corresponds to 'Starting operation', 1 is for 'Payment validation', 2 is for 'Contact verification, 3 is for 'Documents validation', 4 is for 'Domain control validation', and 5 is for 'Certificate delivery'.
  - stored ⁠boolean
  - tags ⁠array[ string ]
    List of tags that have been assigned to the certificate.
  - trustlogo ⁠boolean
  - trustlogo_token ⁠object

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

post Create a new certificate ¶

This route creates a new certificate.

The parameters can receive either a CSR or a CN.

Important: All certificates are valid for one year regardless of the duration value. For longer durations, you must update the certificate using PATCH /issued-certs/{id}.

Request

Query String

Optional
- sharing_id ⁠string
  Sharing ID. Organization ID used as a filter or as a billing identifier. See the reference.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key
Optional
- Dry-Run ⁠integer
  If this header's value is 1 the request's parameters will only be checked; the operation will not actually be performed.

Body

application/json

⁠object

With the following properties:

Required

package ⁠string
Certificate package name as returned in the package list route.

Optional

altnames ⁠array[ string ]
Alt Name list, when the certificate package permits it
apex_only ⁠boolean
Whether it's a certificate with apex or both apex and www (Digicert only)
cn ⁠string
Maximum length: 64
Common Name
csr ⁠string
Certificate Signing Request
dcv_method ⁠string
One of: "email", "dns", "file", "http", "https"
The certificate validation method
duration ⁠integer
Default: 1
Minimum: 1
resellee_id ⁠string
Customer id that will own the certificate. (See customer API] This useful for pro and business certificates where a validation will be made on the company name

Example - Digicert:

{
  "package": "cert_std_1_10_0_digicert",
  "apex_only": true,
  "csr": "-----BEGIN CERTIFICATE REQUEST----- MIICWzCCAUMCAQAwFjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQCwl28HV/Z+CSk6ENgOcERPRfRQRTpqsO+tIHhG Sa/FdvgMFOqrLn7T5a6Vz6bXsEl/vN9Kmo1CSwRanpJOgEKaR39uzxj9JK3XsWqb yizdTkn07xLngSyZ/jw7Zg5zsiEeGADrjFdWH+Kv7Rd1gbIoeaoFJKPYiUlVhU6f GphjMViJSIMuJxeMG4uarSsUGevOoCemIPafGUwTVEWbmp0cPXRJ1mKTw3z7NehM V25FZUAeBf0LRF/lciA+PsZiU3qDN44gj+vWXIi/+Kz9FR17ciog8oBcl1xnL6CY gymIvwO1EPYBtsiTJ+7zzVW+95bEd/Z7Zg8j8mLbZm7yf0LhAgMBAAGgADANBgkq hkiG9w0BAQsFAAOCAQEAkkh7sZd+Js+JfO2LfBon9c/ndinev6/XniDiQAJC40Gb fykuEQOB7CVcYT6b6uQfpOvUCjHY1CCFRWXYzOeJAn91fEz9CHK5iKepwyJhLHmT l6eE3lP4NpSB+FS10a3pBJIUVJ3gkIOfuABBBSY7JGRdZ60nmWPeknwoB0A5erlS LAFGulmOYQAu2LDYEXSMkbtPKs/KgUYBiWTTl+Bmsriy+s/1qyuX+KiU31XQTeEF 2/nNPFevmHjRrgZUUr3m5kVW/6hToipUzhK7PamcUvSYPMC9ORRBHea/Io9GIOkD HrHVCn3XXTyOzokbXIpd+d165/QBopaITmmodf6xhw== -----END CERTIFICATE REQUEST-----",
  "dcv_method": "dns",
  "resellee_id": "my_resellee_id"
}

Example - Sectigo:

{
  "package": "cert_std_1_0_0",
  "csr": "-----BEGIN CERTIFICATE REQUEST----- MIICWzCCAUMCAQAwFjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQCwl28HV/Z+CSk6ENgOcERPRfRQRTpqsO+tIHhG Sa/FdvgMFOqrLn7T5a6Vz6bXsEl/vN9Kmo1CSwRanpJOgEKaR39uzxj9JK3XsWqb yizdTkn07xLngSyZ/jw7Zg5zsiEeGADrjFdWH+Kv7Rd1gbIoeaoFJKPYiUlVhU6f GphjMViJSIMuJxeMG4uarSsUGevOoCemIPafGUwTVEWbmp0cPXRJ1mKTw3z7NehM V25FZUAeBf0LRF/lciA+PsZiU3qDN44gj+vWXIi/+Kz9FR17ciog8oBcl1xnL6CY gymIvwO1EPYBtsiTJ+7zzVW+95bEd/Z7Zg8j8mLbZm7yf0LhAgMBAAGgADANBgkq hkiG9w0BAQsFAAOCAQEAkkh7sZd+Js+JfO2LfBon9c/ndinev6/XniDiQAJC40Gb fykuEQOB7CVcYT6b6uQfpOvUCjHY1CCFRWXYzOeJAn91fEz9CHK5iKepwyJhLHmT l6eE3lP4NpSB+FS10a3pBJIUVJ3gkIOfuABBBSY7JGRdZ60nmWPeknwoB0A5erlS LAFGulmOYQAu2LDYEXSMkbtPKs/KgUYBiWTTl+Bmsriy+s/1qyuX+KiU31XQTeEF 2/nNPFevmHjRrgZUUr3m5kVW/6hToipUzhK7PamcUvSYPMC9ORRBHea/Io9GIOkD HrHVCn3XXTyOzokbXIpd+d165/QBopaITmmodf6xhw== -----END CERTIFICATE REQUEST-----",
  "dcv_method": "dns",
  "resellee_id": "my_resellee_id"
}

Example - More than 1 domain:

{
  "package": "cert_std_3_10_0_digicert",
  "altnames": [
    "a.example.com",
    "www.python.domain"
  ],
  "csr": "-----BEGIN CERTIFICATE REQUEST----- MIICWzCCAUMCAQAwFjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQCwl28HV/Z+CSk6ENgOcERPRfRQRTpqsO+tIHhG Sa/FdvgMFOqrLn7T5a6Vz6bXsEl/vN9Kmo1CSwRanpJOgEKaR39uzxj9JK3XsWqb yizdTkn07xLngSyZ/jw7Zg5zsiEeGADrjFdWH+Kv7Rd1gbIoeaoFJKPYiUlVhU6f GphjMViJSIMuJxeMG4uarSsUGevOoCemIPafGUwTVEWbmp0cPXRJ1mKTw3z7NehM V25FZUAeBf0LRF/lciA+PsZiU3qDN44gj+vWXIi/+Kz9FR17ciog8oBcl1xnL6CY gymIvwO1EPYBtsiTJ+7zzVW+95bEd/Z7Zg8j8mLbZm7yf0LhAgMBAAGgADANBgkq hkiG9w0BAQsFAAOCAQEAkkh7sZd+Js+JfO2LfBon9c/ndinev6/XniDiQAJC40Gb fykuEQOB7CVcYT6b6uQfpOvUCjHY1CCFRWXYzOeJAn91fEz9CHK5iKepwyJhLHmT l6eE3lP4NpSB+FS10a3pBJIUVJ3gkIOfuABBBSY7JGRdZ60nmWPeknwoB0A5erlS LAFGulmOYQAu2LDYEXSMkbtPKs/KgUYBiWTTl+Bmsriy+s/1qyuX+KiU31XQTeEF 2/nNPFevmHjRrgZUUr3m5kVW/6hToipUzhK7PamcUvSYPMC9ORRBHea/Io9GIOkD HrHVCn3XXTyOzokbXIpd+d165/QBopaITmmodf6xhw== -----END CERTIFICATE REQUEST-----",
  "dcv_method": "dns",
  "resellee_id": "my_resellee_id"
}

Responses

200

Dry-Run response. You will get this response when you send your request. with a Dry-Run: 1 header.

Headers

Optional
- Warning ⁠string
  Warning message

Body

application/json
⁠object
With the following properties:
- status ⁠string
  One of: "success", "error"
  Response status.
Optional
- errors ⁠array
  A list of all the errors encountered during validation.
  Of items of type:
  - object
    With the following properties:
    description ⁠string
    Error message.
    location ⁠string
    One of: "header", "path", "querystring", "body"
    The field's location in the HTTP response.
    name ⁠string
    The xpath of the field.

202

The request has been accepted.

Headers

Optional
- Location ⁠string

Body

application/json
⁠object
With the following properties:
- href ⁠string
- id ⁠string
  Certificate ID
- message ⁠string
  Confirmation message.

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Certificate information ¶

https://api.gandi.net/v5/certificate/issued-certs/{id}

get Certificate details ¶

This route is used to retrieve information about a certificate.

Request

URI Parameters

- id ⁠string
  Certificate ID

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Responses

200

Body

application/json
⁠object
With the following properties:
- altnames ⁠array[ string ]
  Alt Name list, when the certificate package permits it
- altnames_unicode ⁠array[ string ]
  Alt Name list, when the certificate package permits it
- cn ⁠string
  Maximum length: 64
  Common Name
- cn_unicode ⁠string
  Maximum length: 64
  Common Name
- contact ⁠object
  With the following properties:
  Optional
  - city ⁠string
  - country ⁠string
  - email ⁠string
  - family ⁠string
  - given ⁠string
  - orgname ⁠string
  - state ⁠string
  - streetaddr ⁠string
  - zip ⁠string
- dates ⁠object
  With the following properties:
  Optional
  - created_at ⁠datetime
    initial creation date of the certificate. In case of renews this is the creation date of the original certificate
  - ends_at ⁠datetime
    validity end date of the certificate (notAfter)
  - started_at ⁠datetime
    validity start date of the certificate (notBefore)
  - subscription_ends_at ⁠datetime
    in case of certificates that are valid for more than 1 year, the date for which they where initialy bought
  - updated_at ⁠datetime
- id ⁠string
  UUID
- package ⁠object
  With the following properties:
  - href ⁠string
  - max_domains ⁠integer
    maximum number of associated names
  - name ⁠string
    package reference name
  - name_label ⁠string
    human readable name of the package
  - type ⁠string
  - type_label ⁠string
  - wildcard ⁠boolean
    true if it can be used as wildcard
- provider ⁠string
  Provider of this certificate (eg
- software ⁠integer
- status ⁠string
  One of: "pending", "valid", "revoked", "replaced", "replaced_rev", "expired"
Optional
- assumed_name ⁠string
- business_category ⁠string
- card_pay_trustlogo ⁠boolean
- cert ⁠string
- csr ⁠string
- dcv_method ⁠string
  One of: "email", "dns", "file", "http", "https"
  The certificate validation method
- error_msg ⁠string
- href ⁠string
- ida ⁠object
  With the following properties:
  Optional
  - email ⁠string
  - fax ⁠string
  - tel ⁠string
- intermediate ⁠string
- joi ⁠object
  With the following properties:
  Optional
  - country ⁠string
  - locality ⁠string
  - state ⁠string
- middleman ⁠object
  With the following properties:
  Optional
  - city ⁠string
  - country ⁠string
  - email ⁠string
  - family ⁠string
  - given ⁠string
  - orgname ⁠string
  - state ⁠string
  - streetaddr ⁠string
  - zip ⁠string
- owner ⁠string
- reissuable ⁠boolean
- renewable ⁠boolean
- sha_version ⁠integer
- sharing_id ⁠string
- state ⁠string
- state_detail ⁠string
- step_nb ⁠integer
  One of: 0, 1, 2, 3, 4, 5
  Type of nameservers currently set. 0 corresponds to 'Starting operation', 1 is for 'Payment validation', 2 is for 'Contact verification, 3 is for 'Documents validation', 4 is for 'Domain control validation', and 5 is for 'Certificate delivery'.
- stored ⁠boolean
- tags ⁠array[ string ]
  List of tags that have been assigned to the certificate.
- trustlogo ⁠boolean
- trustlogo_token ⁠object

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

post Renew a certificate ¶

This route renews an existing certificate.

Request

URI Parameters

- id ⁠string
  Certificate ID

Query String

Optional
- sharing_id ⁠string
  Sharing ID. Organization ID used as a filter or as a billing identifier. See the reference.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key
Optional
- Dry-Run ⁠integer
  If this header's value is 1 the request's parameters will only be checked; the operation will not actually be performed.

Body

application/json

⁠object

With the following properties:

Optional

csr ⁠string
dcv_method ⁠string
duration ⁠integer

Example:

{
  "csr": "-----BEGIN CERTIFICATE REQUEST----- MIICWzCCAUMCAQAwFjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQCwl28HV/Z+CSk6ENgOcERPRfRQRTpqsO+tIHhG Sa/FdvgMFOqrLn7T5a6Vz6bXsEl/vN9Kmo1CSwRanpJOgEKaR39uzxj9JK3XsWqb yizdTkn07xLngSyZ/jw7Zg5zsiEeGADrjFdWH+Kv7Rd1gbIoeaoFJKPYiUlVhU6f GphjMViJSIMuJxeMG4uarSsUGevOoCemIPafGUwTVEWbmp0cPXRJ1mKTw3z7NehM V25FZUAeBf0LRF/lciA+PsZiU3qDN44gj+vWXIi/+Kz9FR17ciog8oBcl1xnL6CY gymIvwO1EPYBtsiTJ+7zzVW+95bEd/Z7Zg8j8mLbZm7yf0LhAgMBAAGgADANBgkq hkiG9w0BAQsFAAOCAQEAkkh7sZd+Js+JfO2LfBon9c/ndinev6/XniDiQAJC40Gb fykuEQOB7CVcYT6b6uQfpOvUCjHY1CCFRWXYzOeJAn91fEz9CHK5iKepwyJhLHmT l6eE3lP4NpSB+FS10a3pBJIUVJ3gkIOfuABBBSY7JGRdZ60nmWPeknwoB0A5erlS LAFGulmOYQAu2LDYEXSMkbtPKs/KgUYBiWTTl+Bmsriy+s/1qyuX+KiU31XQTeEF 2/nNPFevmHjRrgZUUr3m5kVW/6hToipUzhK7PamcUvSYPMC9ORRBHea/Io9GIOkD HrHVCn3XXTyOzokbXIpd+d165/QBopaITmmodf6xhw== -----END CERTIFICATE REQUEST-----",
  "dcv_method": "dns",
  "duration": 1
}

Responses

200

Dry-Run response. You will get this response when you send your request. with a Dry-Run: 1 header.

Headers

Optional
- Warning ⁠string
  Warning message

Body

application/json
⁠object
With the following properties:
- status ⁠string
  One of: "success", "error"
  Response status.
Optional
- errors ⁠array
  A list of all the errors encountered during validation.
  Of items of type:
  - object
    With the following properties:
    description ⁠string
    Error message.
    location ⁠string
    One of: "header", "path", "querystring", "body"
    The field's location in the HTTP response.
    name ⁠string
    The xpath of the field.

202

The request has been accepted.

Headers

Optional
- Location ⁠string

Body

application/json
⁠object
With the following properties:
- message ⁠string
  Confirmation message.

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

patch Update a certificate ¶

This route updates an existing certificate.

Request

URI Parameters

- id ⁠string
  Certificate ID

Query String

Optional
- sharing_id ⁠string
  Sharing ID. Organization ID used as a filter or as a billing identifier. See the reference.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key
Optional
- Dry-Run ⁠integer
  If this header's value is 1 the request's parameters will only be checked; the operation will not actually be performed.

Body

application/json

⁠object

With the following properties:

Optional

altnames ⁠array[ string ]
csr ⁠string
dcv_method ⁠string

Example:

{
  "altnames": [
    "a.example.com",
    "www.python.domain"
  ],
  "csr": "-----BEGIN CERTIFICATE REQUEST----- MIICWzCCAUMCAQAwFjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQCwl28HV/Z+CSk6ENgOcERPRfRQRTpqsO+tIHhG Sa/FdvgMFOqrLn7T5a6Vz6bXsEl/vN9Kmo1CSwRanpJOgEKaR39uzxj9JK3XsWqb yizdTkn07xLngSyZ/jw7Zg5zsiEeGADrjFdWH+Kv7Rd1gbIoeaoFJKPYiUlVhU6f GphjMViJSIMuJxeMG4uarSsUGevOoCemIPafGUwTVEWbmp0cPXRJ1mKTw3z7NehM V25FZUAeBf0LRF/lciA+PsZiU3qDN44gj+vWXIi/+Kz9FR17ciog8oBcl1xnL6CY gymIvwO1EPYBtsiTJ+7zzVW+95bEd/Z7Zg8j8mLbZm7yf0LhAgMBAAGgADANBgkq hkiG9w0BAQsFAAOCAQEAkkh7sZd+Js+JfO2LfBon9c/ndinev6/XniDiQAJC40Gb fykuEQOB7CVcYT6b6uQfpOvUCjHY1CCFRWXYzOeJAn91fEz9CHK5iKepwyJhLHmT l6eE3lP4NpSB+FS10a3pBJIUVJ3gkIOfuABBBSY7JGRdZ60nmWPeknwoB0A5erlS LAFGulmOYQAu2LDYEXSMkbtPKs/KgUYBiWTTl+Bmsriy+s/1qyuX+KiU31XQTeEF 2/nNPFevmHjRrgZUUr3m5kVW/6hToipUzhK7PamcUvSYPMC9ORRBHea/Io9GIOkD HrHVCn3XXTyOzokbXIpd+d165/QBopaITmmodf6xhw== -----END CERTIFICATE REQUEST-----",
  "dcv_method": "dns"
}

Responses

200

Dry-Run response. You will get this response when you send your request. with a Dry-Run: 1 header.

Headers

Optional
- Warning ⁠string
  Warning message

Body

application/json
⁠object
With the following properties:
- status ⁠string
  One of: "success", "error"
  Response status.
Optional
- errors ⁠array
  A list of all the errors encountered during validation.
  Of items of type:
  - object
    With the following properties:
    description ⁠string
    Error message.
    location ⁠string
    One of: "header", "path", "querystring", "body"
    The field's location in the HTTP response.
    name ⁠string
    The xpath of the field.

202

The request has been accepted.

Headers

Optional
- Location ⁠string

Body

application/json
⁠object
With the following properties:
- message ⁠string
  Confirmation message.

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

delete Revoke a certificate ¶

This route revokes an existing certificate.

Request

URI Parameters

- id ⁠string
  Certificate ID

Query String

Optional
- sharing_id ⁠string
  Sharing ID. Organization ID used as a filter or as a billing identifier. See the reference.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Responses

204

Certificate will be revoked.

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Retrieve certificate ¶

https://api.gandi.net/v5/certificate/issued-certs/{id}/crt

get Retrieve certificate ¶

This route retrieves the certificate in text format.

Request

URI Parameters

- id ⁠string
  Certificate ID

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Responses

200

Body

text/plain
⁠string
the certificate

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Certificate validation ¶

https://api.gandi.net/v5/certificate/issued-certs/{id}/dcv

put Resend the DCV ¶

This route asks the provider to resend the DCV for that operation. This only works when the DCV method is email

Request

URI Parameters

- id ⁠string
  Certificate ID

Query String

Optional
- sharing_id ⁠string
  Sharing ID. Organization ID used as a filter or as a billing identifier. See the reference.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Responses

202

The request has been accepted.

Headers

Optional
- Location ⁠string

Body

application/json
⁠object
With the following properties:
- message ⁠string
  Confirmation message.

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

patch Update the DCV method ¶

This route asks the provider to change the DCV method for that operation.

Request

URI Parameters

- id ⁠string
  Certificate ID

Query String

Optional
- sharing_id ⁠string
  Sharing ID. Organization ID used as a filter or as a billing identifier. See the reference.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Body

application/json
⁠object
With the following properties:
Required
- method ⁠string
  One of: "email", "dns", "file", "http", "https"

Responses

201

The resource has been created.

Headers

Optional
- Location ⁠string

Body

application/json
⁠object
With the following properties:
- message ⁠string
  Confirmation message.

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

DCV parameters ¶

https://api.gandi.net/v5/certificate/issued-certs/{id}/dcv_params

post Retrieve DCV parameters ¶

Get parameters for DCV (Domain Control Validation). DCV is a security check that validates/grants access to the registred domain name.

Despite being a post method, this route does not perform any change on your existing certificates.

If you want to perform a DCV through DNS, pass the parameter dcv_method with dns.

Request

URI Parameters

- id ⁠string
  Certificate ID

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Body

application/json

⁠object

With the following properties:

Optional

csr ⁠string
Certificate Signing Request
dcv_method ⁠string
One of: "email", "dns", "file", "http", "https"
The certificate validation method
package ⁠string
Certificate package name as returned in the package list route.

Example:

{
  "csr": "-----BEGIN CERTIFICATE REQUEST----- MIICWzCCAUMCAQAwFjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQCwl28HV/Z+CSk6ENgOcERPRfRQRTpqsO+tIHhG Sa/FdvgMFOqrLn7T5a6Vz6bXsEl/vN9Kmo1CSwRanpJOgEKaR39uzxj9JK3XsWqb yizdTkn07xLngSyZ/jw7Zg5zsiEeGADrjFdWH+Kv7Rd1gbIoeaoFJKPYiUlVhU6f GphjMViJSIMuJxeMG4uarSsUGevOoCemIPafGUwTVEWbmp0cPXRJ1mKTw3z7NehM V25FZUAeBf0LRF/lciA+PsZiU3qDN44gj+vWXIi/+Kz9FR17ciog8oBcl1xnL6CY gymIvwO1EPYBtsiTJ+7zzVW+95bEd/Z7Zg8j8mLbZm7yf0LhAgMBAAGgADANBgkq hkiG9w0BAQsFAAOCAQEAkkh7sZd+Js+JfO2LfBon9c/ndinev6/XniDiQAJC40Gb fykuEQOB7CVcYT6b6uQfpOvUCjHY1CCFRWXYzOeJAn91fEz9CHK5iKepwyJhLHmT l6eE3lP4NpSB+FS10a3pBJIUVJ3gkIOfuABBBSY7JGRdZ60nmWPeknwoB0A5erlS LAFGulmOYQAu2LDYEXSMkbtPKs/KgUYBiWTTl+Bmsriy+s/1qyuX+KiU31XQTeEF 2/nNPFevmHjRrgZUUr3m5kVW/6hToipUzhK7PamcUvSYPMC9ORRBHea/Io9GIOkD HrHVCn3XXTyOzokbXIpd+d165/QBopaITmmodf6xhw== -----END CERTIFICATE REQUEST-----",
  "dcv_method": "dns",
  "package": "cert_std_1_10_0_digicert"
}

Responses

200

Body

application/json
⁠object
With the following properties:
- altnames ⁠array[ string ]
  Extracted SANs list from the CSR if any, else an empty data structure.
- dcv_method ⁠string
  One of: "email", "dns", "file", "http", "https"
  The certificate validation method
- fqdns ⁠array[ string ]
- md5 ⁠string
- sha256 ⁠string
Optional
- dns_records ⁠array[ string ]
  DNS records to be added for DCV validation
- messages ⁠array[ string ]
- raw_messages ⁠array[ array[ string ] ]
- unique_value ⁠string

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Manage certificate tags ¶

https://api.gandi.net/v5/certificate/issued-certs/{id}/tags

get Get the list of tags linked to a certificate ¶

Request

URI Parameters

- id ⁠string
  Certificate ID

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Responses

200

Body

application/json
⁠array[ string ]
Example:
```
[
  "server1",
  "server2"
]
```

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

post Attach a new tag to the certificate ¶

Request

URI Parameters

- id ⁠string
  Certificate ID

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Body

application/json
⁠object
With the following properties:
Required
- tag ⁠string
Example:
```
{
  "tag": "server42"
}
```

Responses

201

The resource has been created.

Headers

Optional
- Location ⁠string

Body

application/json
⁠object
With the following properties:
- message ⁠string
  Confirmation message.

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

put Replace all the tags of the certificate ¶

Request

URI Parameters

- id ⁠string
  Certificate ID

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Body

application/json
⁠object
With the following properties:
Required
- tags ⁠array[ string ]
Example:
```
{
  "tags": [
    "server42",
    "server55"
  ]
}
```

Responses

201

The resource has been created.

Headers

Optional
- Location ⁠string

Body

application/json
⁠object
With the following properties:
- message ⁠string
  Confirmation message.

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

patch Update some of the tags of the certificate ¶

Request

URI Parameters

- id ⁠string
  Certificate ID

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Body

application/json
⁠object
With the following properties:
Required
- add ⁠array[ string ]
- remove ⁠array[ string ]
Example:
```
{
  "add": [
    "server79"
  ],
  "remove": [
    "server55"
  ]
}
```

Responses

201

The resource has been created.

Headers

Optional
- Location ⁠string

Body

application/json
⁠object
With the following properties:
- message ⁠string
  Confirmation message.

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

delete Remove all tags from this certificate ¶

Request

URI Parameters

- id ⁠string
  Certificate ID

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Responses

200

Body

application/json
⁠object
With the following properties:
- message ⁠string

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Certificate Packages ¶

https://api.gandi.net/v5/certificate/packages

get Package list ¶

This route returns a list of all available certificate packages.

Request

Query String

Optional
- category ⁠string
- max_domains ⁠integer
- min_domains ⁠integer
- page ⁠integer
  Default: 1
  Minimum: 1
  Which result page to retrieve. If the number is greater than the last page, an empty list is returned.
- per_page ⁠integer
  Minimum: 1
  How many items to display per page.
- trustlogo ⁠boolean
- warranty ⁠integer
- wildcard ⁠boolean

Example:

?category=standard&min_domains=1&max_domains=5

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Responses

200

Headers

- Total-Count ⁠integer
  Total number of items.
Optional
- Link ⁠string
  Links to next and last page.

Body

application/json
⁠array
Of items of type:
- object
  With the following properties:
  - category ⁠object
    With the following properties:
    name ⁠string
    category of the package (standard, pro, business, …)
  - href ⁠string
  - max_domains ⁠integer
    maximum number of associated names
  - min_domains ⁠integer
    minimum number of associated names (always 1)
  - name ⁠string
    reference that should be used when requesting a new certificate. See this list for possible values.
  - provider ⁠string
    Provider of this package
  - sgc ⁠boolean
    deprecated "Server Gated Cryptography", packages with this flag are actually discarded
  - trustlogo ⁠boolean
  - warranty ⁠integer
  - wildcard ⁠boolean
    should be used for wildcard certificates

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Package information ¶

https://api.gandi.net/v5/certificate/packages/{name}

get Package information ¶

This route returns the information about a certificate package

Request

URI Parameters

- name ⁠string
  Package name, see this list for possible values

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Responses

200

Body

application/json
⁠object
With the following properties:
- category ⁠object
  With the following properties:
  - name ⁠string
    category of the package (standard, pro, business, …)
- href ⁠string
- max_domains ⁠integer
  maximum number of associated names
- min_domains ⁠integer
  minimum number of associated names (always 1)
- name ⁠string
  reference that should be used when requesting a new certificate. See this list for possible values.
- provider ⁠string
  Provider of this package
- sgc ⁠boolean
  deprecated "Server Gated Cryptography", packages with this flag are actually discarded
- trustlogo ⁠boolean
- warranty ⁠integer
- wildcard ⁠boolean
  should be used for wildcard certificates

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Intermediate certificate, by filename ¶

https://api.gandi.net/v5/certificate/pem/-/{filename}

This route is used in combinaison with the certificate detail "intermediate" property.

get Intermediate certificate ¶

This route returns an intermediate certificate in a text/plain response. It must be used to generate the full chain certificate.

Request

URI Parameters

- filename ⁠string
  Filename

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key
Optional
- Accept ⁠string
  When passed application/x-pem-file value, this route will download the intermediate certificate.

Responses

200

Body

text/plain
⁠string
Plain text intermediate certificate.

application/x-pem-file
⁠file
Download the intermediate certificate.

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Intermediate certificate ¶

https://api.gandi.net/v5/certificate/pem/{type}

get Intermediate certificate ¶

This route returns an intermediate certificate in a text/plain response. It must be used to generate the full chain certificate.

Request

URI Parameters

- type ⁠string
  One of: "cert_std", "cert_pro"
  Certificate type

Query String

Optional
- provider ⁠string
  One of: "Sectigo", "Digicert"
  Provider of this certificate

Example:

?provider=Digicert

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key
Optional
- Accept ⁠string
  When passed application/x-pem-file value, this route will download the intermediate certificate.

Responses

200

Body

text/plain
⁠string
Plain text intermediate certificate.

application/x-pem-file
⁠file
Download the intermediate certificate.

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Appendix

Certificate Packages ¶

Name	Description	Provider
cert_std_1_0_0	Standard certificate with 1 fqdn	Sectigo
cert_std_3_0_0	Standard certificate with 3 fqdn	Sectigo
cert_std_5_0_0	Standard certificate with 5 fqdn	Sectigo
cert_std_10_0_0	Standard certificate with 10 fqdn	Sectigo
cert_std_20_0_0	Standard certificate with 20 fqdn	Sectigo
cert_std_w_0_0	Standard certificate with fqdn with wildcard	Sectigo
cert_pro_1_10_0	Pro certificate with 1 fqdn	Sectigo
cert_pro_1_100_0	Pro certificate with 1 fqdn	Sectigo
cert_pro_1_100_SGC	Pro certificate with 1 fqdn	Sectigo
cert_pro_1_250_0	Pro certificate with 1 fqdn	Sectigo
cert_pro_w_250_0	Pro certificate with fqdn with wildcard	Sectigo
cert_pro_w_250_SGC	Pro certificate with fqdn with wildcard	Sectigo
cert_bus_1_250_0	Business certificate with 1 fqdn	Sectigo
cert_bus_1_250_SGC	Business certificate with 1 fqdn	Sectigo
cert_bus_3_250_0	Business certificate with 3 fqdn	Sectigo
cert_bus_5_250_0	Business certificate with 5 fqdn	Sectigo
cert_bus_10_250_0	Business certificate with 10 fqdn	Sectigo
cert_bus_20_250_0	Business certificate with 20 fqdn	Sectigo
cert_std_1_10_0_digicert	Standard certificate with 1 fqdn	Digicert
cert_std_3_10_0_digicert	Standard certificate with 3 fqdn	Digicert
cert_std_5_10_0_digicert	Standard certificate with 5 fqdn	Digicert
cert_std_10_10_0_digicert	Standard certificate with 10 fqdn	Digicert
cert_std_20_10_0_digicert	Standard certificate with 20 fqdn	Digicert
cert_std_w_10_0_digicert	Standard certificate with fqdn with wildcard	Digicert
cert_pro_1_250_0_digicert	Pro certificate with 1 fqdn	Digicert
cert_pro_w_125_0_digicert	Pro certificate with fqdn with wildcard	Digicert
cert_bus_1_1500_0_digicert	Business certificate with 1 fqdn	Digicert
cert_bus_3_1500_0_digicert	Business certificate with 3 fqdn	Digicert
cert_bus_5_1500_0_digicert	Business certificate with 5 fqdn	Digicert
cert_bus_10_1500_0_digicert	Business certificate with 10 fqdn	Digicert
cert_bus_20_1500_0_digicert	Business certificate with 20 fqdn	Digicert

Certificate API

DCV parameters ¶

post Retrieve DCV parameters ¶

Request

Headers

Required

Body

application/json

Optional

Responses

200

Body

application/json

Optional

403

Body

application/json

401

Body

application/json

403

Body

application/json

Secured by

Http Authorization Scheme

Headers

Required

Examples

Certificate Create and List ¶

get List certificates ¶

Request

Query String

Optional

Headers

Required

Responses

200

Headers

Optional

Body

application/json

Optional

Optional

Optional

Optional

Optional

Optional

403

Body

application/json

401

Body

application/json

403

Body

application/json

Secured by

Http Authorization Scheme

Headers

Required

Examples

post Create a new certificate ¶

Request

Query String

Optional

Headers

Required

Optional

Body

application/json

Required

Optional

Responses

200

Headers

Optional

Body

application/json

Optional

202