The Trustico® tracking system is where customers and partners manage an individual SSL Certificate : checking validation progress, changing the Domain Control Validation (DCV) method, requesting a reissue, and downloading the issued SSL Certificate files. The tracking system Application Programming Interface (API) makes those same SSL Certificate management operations available programmatically, so you can build them into your own systems and workflows instead of performing each step by hand. Learn About The Trustico® Tracking System 🔗
Every request is made over Hypertext Transfer Protocol Secure (HTTPS) and every response is returned as JavaScript Object Notation (JSON), which makes the Application Programming Interface (API) straightforward to integrate with hosting control panels, deployment pipelines, internal dashboards, and support tooling.
Access requires approval prior to use. Complete the request form on this page and Trustico® reviews each request individually, issuing an Application Programming Interface (API) key directly to approved requesters.
Programmatic Access to the Tracking System
The Application Programming Interface (API) is the programmatic equivalent of the tracking dashboard. The operations it exposes are the same operations a customer performs in the dashboard today, which means anything you automate through the Application Programming Interface (API) behaves exactly as it would if a member of your team carried out the same action manually.
The design is deliberately order-specific. Every call operates on one SSL Certificate at a time, identified by the caller in each request. There is no call that lists or enumerates an entire portfolio, and the Application Programming Interface (API) is not an account management interface. Integrators who manage many SSL Certificates simply make one request per SSL Certificate within their own systems.
Important : The Application Programming Interface (API) acts on a single SSL Certificate per request. It does not provide portfolio listing, account management, or bulk enumeration of SSL Certificates.
Authentication with an Application Programming Interface (API) Key
Once a request is approved, Trustico® issues an Application Programming Interface (API) key to the requester. One key identifies the approved caller and works across every SSL Certificate belonging to that caller, so there is no need to request a separate key for each order.
Alongside the key, every request must identify the specific SSL Certificate it acts on. Three values do this : the Certificate Authority (CA) Reference, a domain name that appears on the SSL Certificate, and the product brand. These are the same three values you already use to access an individual SSL Certificate in the tracking dashboard, so no new credentials or identifiers are introduced.
The Application Programming Interface (API) key proves the caller is approved, while the three SSL Certificate identifiers authorize the specific action on that specific SSL Certificate. A request that is missing the key, or that carries an unrecognized key, is refused.
SSL Certificate Operations Available Through the Application Programming Interface (API)
The Application Programming Interface (API) covers the full lifecycle of an individual SSL Certificate, from monitoring validation progress through to collecting the issued files. The operations fall into four groups.
Status and Summary Information
You can retrieve a summary of an SSL Certificate at any time, including its current status, validity dates, and the domains it covers. This makes it simple to feed accurate SSL Certificate information into your own monitoring dashboards and internal systems without signing in to the tracking dashboard.
Domain Control Validation (DCV) Management
Domain Control Validation (DCV) is usually the step that determines how quickly an SSL Certificate is issued, and the Application Programming Interface (API) gives you full control over it. You can check the Domain Control Validation (DCV) status for each domain on the SSL Certificate, retrieve the list of approver e-mail addresses available for e-mail based validation, and resend a Domain Control Validation (DCV) e-mail when an approval message has gone astray. Learn About The Validation Procedure 🔗
You can also change the Domain Control Validation (DCV) method for a domain, switching between e-mail, Domain Name System (DNS), and Hypertext Transfer Protocol (HTTP) validation, either for one domain or for several domains in a single request. When a Certification Authority Authorization (CAA) check has blocked issuance, a dedicated operation retries the Certification Authority Authorization (CAA) Domain Name System (DNS) check on demand. Learn About Certification Authority Authorization (CAA) Records 🔗
Reissues and Certificate Signing Requests (CSR)
The Application Programming Interface (API) can reissue an SSL Certificate using a new Certificate Signing Request (CSR), which becomes increasingly valuable as industry mandated validity periods shorten and reissues become a routine part of SSL Certificate management. Learn About Reissuing an SSL Certificate 🔗
Before submitting a Certificate Signing Request (CSR), a decode operation confirms its contents, allowing your integration to catch a mistyped domain name or an incorrect organization detail before the reissue begins. A further operation generates a secure portal session for SSL Certificate management at the Certificate Authority (CA), giving your users direct access when a task calls for it. Learn About Certificate Signing Requests (CSR) 🔗
SSL Certificate Collection and Download
Once an SSL Certificate has been issued, the Application Programming Interface (API) collects and downloads the issued SSL Certificate files. A single call download is available that returns the SSL Certificate as a ZIP archive, which keeps automated deployment pipelines simple : one request retrieves everything needed for installation.
Operations Reserved for the Tracking Dashboard
A small number of operations remain available only through the signed in tracking dashboard. Adding new domains to a Multi-Domain SSL Certificate, sending SSL Certificate or validation records by e-mail, and live re-checking of published validation records are performed in the dashboard rather than through an Application Programming Interface (API) key.
Revocation is not available through the Application Programming Interface (API). Keeping these operations in the dashboard ensures that the most sensitive and least frequent actions always involve a signed in session.
Requesting an Application Programming Interface (API) Key
Application Programming Interface (API) functionality requires approval prior to use, and access is limited to established customers and partners. Trustico® issues an Application Programming Interface (API) key only when the requester already holds an SSL Certificate order that is fully validated, complete, and paid in full.
Requests from customers who have not yet been verified through a completed SSL Certificate order are not approved. Partners must additionally hold an approved partner account, as approval for Application Programming Interface (API) access follows from an existing approved partner relationship. Learn About The Trustico® Partner Service 🔗
Important : An Application Programming Interface (API) key is issued only against an existing SSL Certificate order that is fully validated, complete, and paid in full. Trustico® does not issue keys to unverified customers.
To request access, complete the form below with your organization details, your contact information, and a short description of the integration you plan to build.
Including a Certificate Authority (CA) Reference from one of your existing SSL Certificates allows Trustico® to confirm that the request comes from a verified customer or an approved partner, which keeps the review process efficient. Trustico® reviews each request and issues an Application Programming Interface (API) key directly to approved requesters.
