API endpoint

https://api.cis.cloud.ibm.com

Introduction

IBM Cloud Internet Services (CIS), powered by Cloudflare, provides a fast, highly performant, reliable, and secure internet service for customers running their business on IBM Cloud.

IBM CIS gets you going quickly by establishing defaults for you, which you can change easily using the API or UI. Here are some commonly changed parameters:

  • DNS settings: you can use IBM CIS to host your DNS or you can create CNAME records.
  • Crypto settings (TLS): the default is flexible mode, which encrypts the connection between your host and the IBM CIS edge server, but does not encrypt the communication between the IBM CIS edge server and origin server.

For complete information about establishing and managing an IBM Cloud CIS instance, refer to our customer documentation.

API Endpoint

https://api.cis.cloud.ibm.com

Error handling

This API uses standard HTTP response codes to indicate whether a method completed successfully. A 200 response always indicates success. A 400 type response is some sort of failure, and a 500 type response usually indicates an internal system error.

HTTP error code Description Recovery
200 Success The request was successful.
400 Bad Request The input parameters in the request body are either incomplete or in the wrong format. Be sure to include all required parameters in your request.
401 Unauthorized You are not authorized to make this request. Log in to IBM Cloud and try again. If this error persists, contact the account owner to check your permissions.
403 Forbidden The supplied authentication is not authorized to access '{namespace}'.
404 Not Found The requested resource could not be found.
408 Request Timeout The connection to the server timed out. Wait a few minutes, then try again.
409 Conflict The entity is already in the requested state.
500 Internal Server Error IBM Cloud Internet Services is currently unavailable. Your request could not be processed. Please wait a few minutes and try again.

Here are some model code examples for error handling in the IBM Cloud Internet Services API:

Success 200 Example Code

200 The API was completed successfully

{
  "success": true,
  "errors": [
    {}
  ],
  "messages": [
    {}
  ],
  "result": {
    "zones": [
      {
        "zone": {
          "status": null,
          "name": null,
          "security": null,
          "paused": false
        },
        "dns_record": {
          "count": 0
        },
        "load_balancer": {
          "monitor_count": 0,
          "pool_count": 0,
          "load_balancer_active_count": 0
        },
        "caching": {
          "edge_cache_ttl": 0,
          "cache_browser_ttl": 0,
          "development_mode": "off",
          "cache_level": "basic"
        },
        "pagerule": {
          "active_count": 0,
          "inactive_count": 0
        },
        "waf": {
          "status": null
        },
        "ssl": {
          "mode": null,
          "universal_ssl_certificate": "off",
          "dedicate_certificate_count": 0,
          "custom_upload_certificate_count": 0,
          "tls_1_2_only": "on"
        },
        "plan_details": {
          "plan_name": "Standard",
          "days_remaining": null
        },
        "firewall": {
          "security_level": "low"
        }
      }
    ],
    "service_maintenance": {
      "start_time": null,
      "end_time": null,
      "message": null
    }
  }
}

Failure 401 Example Code

401 Action unauthorized

{
  "trace": "be45687c-57f2-46e8-8717-32b3153a5886",
  "errors": [
    {
      "code": 401,
      "message": "Action is not authorized."
    }
  ]
}

Failure 404 Example:

404 API not found
{
  "trace": "c3c9f6af-a20f-4b73-8e3d-800a9284a07f",
  "errors": [
    {
      "code": null,
      "message": "404 Not Found"
    }
  ]
}

Methods

List all certificates.

CIS automatically add an active DNS zone to a universal SSL certificate, shared among multiple customers. Customer may order dedicated certificates for the owning zones. This API list all certificates for a given zone, including shared and dedicated certificates.

GET /v1/{crn}/zones/{zone_identifier}/ssl/certificate_packs
Request

Custom Headers

  • IBM Cloud user IAM token

  • uuid, identify a session

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses

Order a dedicated certificate.

Order a dedicated certificate for a given zone. The zone should be active before placing an order of a dedicated certificate.

POST /v1/{crn}/zones/{zone_identifier}/ssl/certificate_packs
Request

Custom Headers

  • IBM Cloud user IAM token

  • uuid, identify a session

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

Order a dedicated certificate.

Response

Dedicated certificate pack

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses

Delete a certificate.

Delete a given certificate.

DELETE /v1/{crn}/zones/{zone_identifier}/ssl/certificate_packs/{cert_identifier}
Request

Custom Headers

  • IBM Cloud user IAM token

  • uuid, identify a session

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

  • cedrtificate identifier

Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses

get SSL setting

For a given zone identifier, get SSL setting.

GET /v1/{crn}/zones/{zone_identifier}/settings/ssl
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses

change SSL setting

For a given zone identifier, change SSL setting.

PATCH /v1/{crn}/zones/{zone_identifier}/settings/ssl
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

Change SSL setting

Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses

list all custom certificates

For a given zone identifier, list all custom certificates.

GET /v1/{crn}/zones/{zone_identifier}/custom_certificates
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses

Upload a custom certificate

For a given zone identifier, upload a custom certificates.

POST /v1/{crn}/zones/{zone_identifier}/custom_certificates
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

Upload a custom certificate.

Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses

Get details of specified custom certificate

For a given zone identifier, get a custom certificates.

GET /v1/{crn}/zones/{zone_identifier}/custom_certificates/{custom_cert_id}
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

  • custom certificate id

Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses

Update specified custom certificate

For a given zone identifier, update a custom certificates.

PATCH /v1/{crn}/zones/{zone_identifier}/custom_certificates/{custom_cert_id}
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

  • custom certificate id

Update a custom certificate.

Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses

Delete a given custom certificate

For a given zone identifier, delete a custom certificates.

DELETE /v1/{crn}/zones/{zone_identifier}/custom_certificates/{custom_cert_id}
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

  • custom certificate id

Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses

Set priority for given certificates

For a given zone identifier, set priority of certificates.

PUT /v1/{crn}/zones/{zone_identifier}/custom_certificates/prioritize
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

Set priority of certificates.

Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses

For a given zone identifier, get details of universal certificate.

For a given zone identifier, get universal certificate.

GET /v1/{crn}/zones/{zone_identifier}/ssl/universal/settings
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses

For a given zone identifier, enable or disable universal certificate.

For a given zone identifier, set priority of certificates.

PATCH /v1/{crn}/zones/{zone_identifier}/ssl/universal/settings
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

Enable or disable universal certificate.

Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses

For a given zone identifier, get tls_1_2_only setting.

For a given zone identifier, get tls_1_2_only setting.

GET /v1/{crn}/zones/{zone_identifier}/settings/tls_1_2_only
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses

For a given zone identifier, set tls_1_2 setting.

For a given zone identifier, set tls_1_2 setting.

PATCH /v1/{crn}/zones/{zone_identifier}/settings/tls_1_2_only
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

Set security level setting.

Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses

For a given zone identifier, get tls_1_3 setting.

For a given zone identifier, get tls_1_3 setting.

GET /v1/{crn}/zones/{zone_identifier}/settings/tls_1_3
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses

For a given zone identifier, set tls_1_3 setting.

For a given zone identifier, set tls_1_3 setting.

PATCH /v1/{crn}/zones/{zone_identifier}/settings/tls_1_3
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

Set security level setting.

Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses

List all Origin Certificates.

List all existing CIS-issued Certificates for a given domain.

GET /v1/{crn}/zones/{zone_identifier}/origin_certificates
Request

Custom Headers

  • IBM Cloud user IAM token

  • uuid, identify a session

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses

Create a CIS-signed certificate.

Create a CIS-signed certificate.

POST /v1/{crn}/zones/{zone_identifier}/origin_certificates
Request

Custom Headers

  • IBM Cloud user IAM token

  • uuid, identify a session

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

Create a CIS-signed certificate.

Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses

Get an existing Origin certificate.

Get an existing Origin certificate by its serial number.

GET /v1/{crn}/zones/{zone_identifier}/origin_certificates/{cert_identifier}
Request

Custom Headers

  • IBM Cloud user IAM token

  • uuid, identify a session

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

  • cedrtificate identifier

Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses

Revoke a created Origin Certificate for a domain.

Revoke a created Origin certificate.

DELETE /v1/{crn}/zones/{zone_identifier}/origin_certificates/{cert_identifier}
Request

Custom Headers

  • IBM Cloud user IAM token

  • uuid, identify a session

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

  • cedrtificate identifier

Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses