API endpoint

https://api.cis.cloud.ibm.com

Introduction

IBM Cloud Internet Services (CIS), powered by Cloudflare, provides a fast, highly performant, reliable, and secure internet service for customers running their business on IBM Cloud.

IBM CIS gets you going quickly by establishing defaults for you, which you can change easily using the API or UI. Here are some commonly changed parameters:

  • DNS settings: you can use IBM CIS to host your DNS or you can create CNAME records.
  • Crypto settings (TLS): the default is flexible mode, which encrypts the connection between your host and the IBM CIS edge server, but does not encrypt the communication between the IBM CIS edge server and origin server.

For complete information about establishing and managing an IBM Cloud CIS instance, refer to our customer documentation.

API Endpoint

https://api.cis.cloud.ibm.com

Error handling

This API uses standard HTTP response codes to indicate whether a method completed successfully. A 200 response always indicates success. A 400 type response is some sort of failure, and a 500 type response usually indicates an internal system error.

HTTP error code Description Recovery
200 Success The request was successful.
400 Bad Request The input parameters in the request body are either incomplete or in the wrong format. Be sure to include all required parameters in your request.
401 Unauthorized You are not authorized to make this request. Log in to IBM Cloud and try again. If this error persists, contact the account owner to check your permissions.
403 Forbidden The supplied authentication is not authorized to access '{namespace}'.
404 Not Found The requested resource could not be found.
408 Request Timeout The connection to the server timed out. Wait a few minutes, then try again.
409 Conflict The entity is already in the requested state.
500 Internal Server Error IBM Cloud Internet Services is currently unavailable. Your request could not be processed. Please wait a few minutes and try again.

Here are some model code examples for error handling in the IBM Cloud Internet Services API:

Success 200 Example Code

200 The API was completed successfully

{
  "success": true,
  "errors": [
    {}
  ],
  "messages": [
    {}
  ],
  "result": {
    "zones": [
      {
        "zone": {
          "status": null,
          "name": null,
          "security": null,
          "paused": false
        },
        "dns_record": {
          "count": 0
        },
        "load_balancer": {
          "monitor_count": 0,
          "pool_count": 0,
          "load_balancer_active_count": 0
        },
        "caching": {
          "edge_cache_ttl": 0,
          "cache_browser_ttl": 0,
          "development_mode": "off",
          "cache_level": "basic"
        },
        "pagerule": {
          "active_count": 0,
          "inactive_count": 0
        },
        "waf": {
          "status": null
        },
        "ssl": {
          "mode": null,
          "universal_ssl_certificate": "off",
          "dedicate_certificate_count": 0,
          "custom_upload_certificate_count": 0,
          "tls_1_2_only": "on"
        },
        "plan_details": {
          "plan_name": "Standard",
          "days_remaining": null
        },
        "firewall": {
          "security_level": "low"
        }
      }
    ],
    "service_maintenance": {
      "start_time": null,
      "end_time": null,
      "message": null
    }
  }
}

Failure 401 Example Code

401 Action unauthorized

{
  "trace": "be45687c-57f2-46e8-8717-32b3153a5886",
  "errors": [
    {
      "code": 401,
      "message": "Action is not authorized."
    }
  ]
}

Failure 404 Example:

404 API not found
{
  "trace": "c3c9f6af-a20f-4b73-8e3d-800a9284a07f",
  "errors": [
    {
      "code": null,
      "message": "404 Not Found"
    }
  ]
}

Methods

List all certificates.

CIS automatically add an active DNS zone to a universal SSL certificate, shared among multiple customers. Customer may order dedicated certificates for the owning zones. This API list all certificates for a given zone, including shared and dedicated certificates.

GET /v1/{crn}/zones/{zone_identifier}/ssl/certificate_packs
Request

Custom Headers

  • IBM Cloud user IAM token

  • uuid, identify a session

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

  • curl -X GET \
    https://api.cis.cloud.ibm.com/v1/:crn/zones/:zone_id/ssl/certificate_packs \
    -H 'content-type: application/json' \
    -H 'accept: application/json' \
    -H 'x-auth-user-token: Bearer xxxxxx'
    
Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses
  • {
      "success": true,
      "errors": [],
      "messages": [],
      "result": [
        {
          "id": "0f405ba2-8c18-49eb-a30b-28b85427780f",
          "type": "dedicated",
          "hosts": [
            "example.com"
          ],
          "certificates": [
            {
              "id": "436627",
              "hosts": [
                "example.com"
              ],
              "status": "active"
            }
          ],
          "primary_certificate": 0
        }
      ],
      "result_info": {
        "page": 1,
        "per_page": 2,
        "count": 1,
        "total_count": 200
      }
    }

Order a dedicated certificate.

Order a dedicated certificate for a given zone. The zone should be active before placing an order of a dedicated certificate.

POST /v1/{crn}/zones/{zone_identifier}/ssl/certificate_packs
Request

Custom Headers

  • IBM Cloud user IAM token

  • uuid, identify a session

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

Order a dedicated certificate.

  • curl -X POST \
      https://api.cis.cloud.ibm.com/v1/:crn/zones/:zone_id/ssl/certificate_packs \
      -H 'content-type: application/json' \
      -H 'x-auth-user-token: Bearer xxxxxx' \
      --data '{"hosts": ["example.com", "*.example.com"], "type": "dedicated"}'
    
Response

Dedicated certificate pack

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses
  • {
      "success": true,
      "errors": [],
      "messages": [],
      "result": {
        "primary_certificate": 0,
        "created_on": "0001-01-01T00:00:00.000000Z",
        "hosts": [
          "example.com",
          "*.example.com"
        ],
        "certificates": [
          {
            "status": "pending_deployment",
            "zone_id": null,
            "uploaded_on": "2018-09-29T01:42:23.288615Z",
            "id": 8365448,
            "priority": null,
            "hosts": [
              "example.com",
              "*.example.com"
            ],
            "signature": "SHA256WithRSA",
            "modified_on": "2018-09-29T01:42:23.288618Z",
            "bundle_method": "bundle_method",
            "expires_on": "2019-09-29T12:00:00.000000Z",
            "issuer": "CloudFlareInc"
          },
          {
            "status": "pending_deployment",
            "zone_id": null,
            "uploaded_on": "2018-09-29T01:42:23.288637Z",
            "id": 8365449,
            "priority": null,
            "hosts": [
              "example.com",
              "*.example.com"
            ],
            "signature": "ECDSAWithSHA256",
            "modified_on": "2018-09-29T01:42:23.288639Z",
            "bundle_method": "bundle_method",
            "expires_on": "2019-09-29T12:00:00.000000Z",
            "issuer": "CloudFlareInc"
          }
        ],
        "type": "dedicated",
        "id": "a231c173-003c-4477-958e-98c7e0ec329e"
      }
    }

Delete a certificate.

Delete a given certificate.

DELETE /v1/{crn}/zones/{zone_identifier}/ssl/certificate_packs/{cert_identifier}
Request

Custom Headers

  • IBM Cloud user IAM token

  • uuid, identify a session

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

  • cedrtificate identifier

  • curl -X DELETE \
      https://api.cis.cloud.ibm.com/v1/:crn/zones/:zone_id/ssl/certificate_packs/:cert_id \
      -H 'content-type: application/json' \
      -H 'x-auth-user-token: Bearer xxxxxx'
    
Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses
  • {
      "errors": [],
      "messages": [],
      "result": {
        "id": "a231c173-003c-4477-958e-98c7e0ec329e"
      },
      "success": true
    }

get SSL setting

For a given zone identifier, get SSL setting.

GET /v1/{crn}/zones/{zone_identifier}/settings/ssl
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

  • curl -X GET \
    https://api.cis.cloud.ibm.com/v1/:crn/zones/:zone_id/settings/ssl \
    -H 'content-type: application/json' \
    -H 'accept: application/json' \
    -H 'x-auth-user-token: Bearer xxxxxx'
    
Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses
  • {
      "result": {
        "id": "ssl",
        "value": "off",
        "editable": true,
        "modified_on": "2017-01-01T05:20:00.12345Z",
        "certificate_status": "active"
      },
      "success": true,
      "errors": [
        {}
      ],
      "messages": [
        {}
      ]
    }

change SSL setting

For a given zone identifier, change SSL setting.

PATCH /v1/{crn}/zones/{zone_identifier}/settings/ssl
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

Change SSL setting

  • curl -X PATCH \
      https://api.cis.cloud.ibm.com/v1/:crn/zones/:zone_id/settings/ssl \
      -H 'content-type: application/json' \
      -H 'x-auth-user-token: Bearer xxxxxx' \
      -d '{"value": "off"}'
    
Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses
  • {
      "success": true,
      "errors": [],
      "messages": [],
      "result": {
        "id": "ssl",
        "value": "off",
        "editable": true,
        "modified_on": "2017-01-01T05:20:00.12345Z",
        "certificate_status": "active"
      }
    }

list all custom certificates

For a given zone identifier, list all custom certificates.

GET /v1/{crn}/zones/{zone_identifier}/custom_certificates
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

  • curl -X GET \
    https://api.cis.cloud.ibm.com/v1/:crn/zones/:zone_id/custom_certificates \
    -H 'content-type: application/json' \
    -H 'accept: application/json' \
    -H 'x-auth-user-token: Bearer xxxxxx'
    
Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses
  • {
      "success": true,
      "errors": [],
      "messages": [],
      "result": [
        {
          "id": "0f405ba2-8c18-49eb-a30b-28b85427780f",
          "hosts": [
            "example.com"
          ],
          "issuer": "/Country=US/Organization=Lets Encrypt/CommonName=Lets Encrypt Authority X3",
          "signature": "SHA256WithRSA",
          "status": "active",
          "bundle_method": "string",
          "zone_id": "string",
          "uploaded_on": "2018-10-09T08:25:48.306Z",
          "modified_on": "2018-10-09T08:25:48.306Z",
          "expires_on": "2018-10-09T08:25:48.306Z",
          "priority": 0
        }
      ],
      "result_info": {
        "page": 1,
        "per_page": 2,
        "count": 1,
        "total_count": 200
      }
    }

Upload a custom certificate

For a given zone identifier, upload a custom certificates.

POST /v1/{crn}/zones/{zone_identifier}/custom_certificates
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

Upload a custom certificate.

  • curl -X POST \
      https://api.cis.cloud.ibm.com/v1/:crn/zones/:zone_id/custom_certificates \
      -H 'content-type: application/json' \
      -H 'x-auth-user-token: Bearer xxxxxx' \
      --data '{"private_key": "-----BEGIN RSA PRIVATE KEY-----\n......\n-----END RSA PRIVATE KEY-----\n", "certificate": "-----BEGIN CERTIFICATE-----\n......\n-----END CERTIFICATE-----\n", "bundle_method": "ubiquitous", "geo_restrictions": {"label":"us"}}'
    
Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses
  • {
      "success": true,
      "errors": [],
      "messages": [],
      "result": {
        "status": "active",
        "zone_id": "98e22a4127043cc364ba64af6df7bfc4",
        "uploaded_on": "2018-10-09 07:59:24.820876+00",
        "id": "1dd0479cf56214cbac5d738009d8b36e",
        "priority": 0,
        "hosts": [
          "example.com"
        ],
        "signature": "SHA256WithRSA",
        "modified_on": "2018-10-09 07:59:24.820876+00",
        "bundle_method": "ubiquitous",
        "expires_on": "2018-12-18 07:03:15+00",
        "issuer": "/Country=US/Organization=Let's Encrypt/CommonName=Let's Encrypt Authority X3"
      }
    }

Get details of specified custom certificate

For a given zone identifier, get a custom certificates.

GET /v1/{crn}/zones/{zone_identifier}/custom_certificates/{custom_cert_id}
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

  • custom certificate id

  • curl -X GET \
    https://api.cis.cloud.ibm.com/v1/:crn/zones/:zone_id/custom_certificates/:custom_cert_id \
    -H 'content-type: application/json' \
    -H 'accept: application/json' \
    -H 'x-auth-user-token: Bearer xxxxxx'
    
Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses
  • {
      "success": true,
      "errors": [],
      "messages": [],
      "result": {
        "status": "active",
        "zone_id": "98e22a4127043cc364ba64af6df7bfc4",
        "uploaded_on": "2018-10-09 07:59:24.820876+00",
        "id": "1dd0479cf56214cbac5d738009d8b36e",
        "priority": 0,
        "hosts": [
          "example.com"
        ],
        "signature": "SHA256WithRSA",
        "modified_on": "2018-10-09 07:59:24.820876+00",
        "bundle_method": "ubiquitous",
        "expires_on": "2018-12-18 07:03:15+00",
        "issuer": "/Country=US/Organization=Let's Encrypt/CommonName=Let's Encrypt Authority X3"
      }
    }

Update specified custom certificate

For a given zone identifier, update a custom certificates.

PATCH /v1/{crn}/zones/{zone_identifier}/custom_certificates/{custom_cert_id}
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

  • custom certificate id

Update a custom certificate.

  • curl -X PATCH \
      https://api.cis.cloud.ibm.com/v1/:crn/zones/:zone_id/custom_certificates/:custom_cert_id \
      -H 'content-type: application/json' \
      -H 'x-auth-user-token: Bearer xxxxxx' \
      --data '{"private_key": "-----BEGIN RSA PRIVATE KEY-----\n......\n-----END RSA PRIVATE KEY-----\n", "certificate": "-----BEGIN CERTIFICATE-----\n......\n-----END CERTIFICATE-----\n", "bundle_method": "ubiquitous", "geo_restrictions": {"label":"us"}}'
    
Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses
  • {
      "success": true,
      "errors": [],
      "messages": [],
      "result": {
        "status": "active",
        "zone_id": "98e22a4127043cc364ba64af6df7bfc4",
        "uploaded_on": "2018-10-09 07:59:24.820876+00",
        "id": "1dd0479cf56214cbac5d738009d8b36e",
        "priority": 0,
        "hosts": [
          "example.com"
        ],
        "signature": "SHA256WithRSA",
        "modified_on": "2018-10-09 07:59:24.820876+00",
        "bundle_method": "ubiquitous",
        "expires_on": "2018-12-18 07:03:15+00",
        "issuer": "/Country=US/Organization=Let's Encrypt/CommonName=Let's Encrypt Authority X3"
      }
    }

Delete a given custom certificate

For a given zone identifier, delete a custom certificates.

DELETE /v1/{crn}/zones/{zone_identifier}/custom_certificates/{custom_cert_id}
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

  • custom certificate id

  • curl -X DELETE \
      https://api.cis.cloud.ibm.com/v1/:crn/zones/:zone_id/custom_certificates/:custom_cert_id \
      -H 'content-type: application/json' \
      -H 'x-auth-user-token: Bearer xxxxxx'
    
Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses
  • {
      "success": true,
      "errors": [],
      "messages": [],
      "result": {
        "id": "1dd0479cf56214cbac5d738009d8b36e"
      }
    }

Set priority for given certificates

For a given zone identifier, set priority of certificates.

PUT /v1/{crn}/zones/{zone_identifier}/custom_certificates/prioritize
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

Set priority of certificates.

  • curl -X PUT \
      https://api.cis.cloud.ibm.com/v1/:crn/zones/:zone_id/custom_certificates/prioritize \
      -H 'content-type: application/json' \
      -H 'x-auth-user-token: Bearer xxxxxx' \
      --data '{"certificates": [{"id": "5a7805061c76ada191ed06f989cc3dac", "priority": 2}, {"id": "9a7806061c88ada191ed06f989cc3dac", "priority": 1}]}'
    
Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses
  • {
      "success": true,
      "errors": [],
      "messages": [],
      "result": [
        {
          "id": "c3141e2043499d4c4c1bdc363dcbefdf",
          "hosts": [
            "example.com"
          ],
          "issuer": "/Country=US/Organization=Let's Encrypt/CommonName=Let's Encrypt Authority X3",
          "signature": "SHA256WithRSA",
          "status": "active",
          "bundle_method": "ubiquitous",
          "zone_id": "5273b19b8e811b532cf8600461f71257",
          "uploaded_on": "2018-10-09 14:39:36.633912+00",
          "modified_on": "2018-10-09 14:42:35.624168+00",
          "expires_on": "2018-12-26 08:25:26+00",
          "priority": 1
        }
      ]
    }

For a given zone identifier, get details of universal certificate.

For a given zone identifier, get universal certificate.

GET /v1/{crn}/zones/{zone_identifier}/ssl/universal/settings
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

  • curl -X GET \
    https://api.cis.cloud.ibm.com/v1/:crn/zones/:zone_id/ssl/universal/settings \
    -H 'content-type: application/json' \
    -H 'accept: application/json' \
    -H 'x-auth-user-token: Bearer xxxxxx'
    
Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses
  • {
      "success": true,
      "errors": [],
      "messages": [],
      "result": {
        "enabled": true
      }
    }

For a given zone identifier, enable or disable universal certificate.

For a given zone identifier, set priority of certificates.

PATCH /v1/{crn}/zones/{zone_identifier}/ssl/universal/settings
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

Enable or disable universal certificate.

  • curl -X PATCH \
      https://api.cis.cloud.ibm.com/v1/:crn/zones/:zone_id/ssl/universal/settings \
      -H 'content-type: application/json' \
      -H 'x-auth-user-token: Bearer xxxxxx' \
      -d '{"enabled": true}'
    
Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses
  • {
      "success": true,
      "errors": [],
      "messages": [],
      "result": {
        "enabled": true
      }
    }

For a given zone identifier, get tls_1_2_only setting.

For a given zone identifier, get tls_1_2_only setting.

GET /v1/{crn}/zones/{zone_identifier}/settings/tls_1_2_only
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

  • curl -X GET \
    https://api.cis.cloud.ibm.com/v1/:crn/zones/:zone_id/settings/tls_1_2_only \
    -H 'content-type: application/json' \
    -H 'accept: application/json' \
    -H 'x-auth-user-token: Bearer xxxxxx'
    
Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses
  • {
      "success": true,
      "errors": [],
      "messages": [],
      "result": {
        "id": "tls_1_2_only",
        "value": "on",
        "editable": true,
        "modified_on": "2014-01-01T05:20:00.12345Z"
      }
    }

For a given zone identifier, set tls_1_2 setting.

For a given zone identifier, set tls_1_2 setting.

PATCH /v1/{crn}/zones/{zone_identifier}/settings/tls_1_2_only
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

Set security level setting.

  • curl -X PATCH \
      https://api.cis.cloud.ibm.com/v1/:crn/zones/:zone_id/settings/tls_1_2_only \
      -H 'content-type: application/json' \
      -H 'x-auth-user-token: Bearer xxxxxx' \
      -d '{"value": "on"}'
    
Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses
  • {
      "success": true,
      "errors": [],
      "messages": [],
      "result": {
        "id": "tls_1_2_only",
        "value": "on",
        "editable": true,
        "modified_on": "2014-01-01T05:20:00.12345Z"
      }
    }

For a given zone identifier, get tls_1_3 setting.

For a given zone identifier, get tls_1_3 setting.

GET /v1/{crn}/zones/{zone_identifier}/settings/tls_1_3
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

  • curl -X GET \
    https://api.cis.cloud.ibm.com/v1/:crn/zones/:zone_id/settings/tls_1_3 \
    -H 'content-type: application/json' \
    -H 'accept: application/json' \
    -H 'x-auth-user-token: Bearer xxxxxx'
    
Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses
  • {
      "success": true,
      "errors": [],
      "messages": [],
      "result": {
        "id": "tls_1_3",
        "value": "on",
        "editable": true,
        "modified_on": "2014-01-01T05:20:00.12345Z"
      }
    }

For a given zone identifier, set tls_1_3 setting.

For a given zone identifier, set tls_1_3 setting.

PATCH /v1/{crn}/zones/{zone_identifier}/settings/tls_1_3
Request

Custom Headers

  • IBM Cloud user IAM token

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

Set security level setting.

  • curl -X PATCH \
      https://api.cis.cloud.ibm.com/v1/:crn/zones/:zone_id/settings/tls_1_3 \
      -H 'content-type: application/json' \
      -H 'x-auth-user-token: Bearer xxxxxx' \
      -d '{"value": "on"}'
    
Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses
  • {
      "success": true,
      "errors": [],
      "messages": [],
      "result": {
        "id": "tls_1_3",
        "value": "on",
        "editable": true,
        "modified_on": "2018-01-01T05:20:00.12345Z"
      }
    }

List all Origin Certificates.

List all existing CIS-issued Certificates for a given domain.

GET /v1/{crn}/zones/{zone_identifier}/origin_certificates
Request

Custom Headers

  • IBM Cloud user IAM token

  • uuid, identify a session

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

  • curl -X GET \
    https://api.cis.cloud.ibm.com/v1/:crn/zones/:zone_id/origin_certificates \
    -H 'content-type: application/json' \
    -H 'accept: application/json' \
    -H 'x-auth-user-token: Bearer xxxxxx'
    
Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses
  • {
      "success": true,
      "messages": [],
      "errors": [],
      "result": [
        {
          "id": "377744384748700486338008579781235397512213189914",
          "certificate": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----\n",
          "expires_on": "2033-11-04 08:30:00 +0000 UTC",
          "hostnames": [
            "example.com"
          ]
        },
        {
          "id": "171810855375205715862821524339886949377909710550",
          "certificate": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----\n",
          "expires_on": "2033-11-04 08:22:00 +0000 UTC",
          "hostnames": [
            "test1.example.com"
          ]
        }
      ],
      "result_info": {
        "page": 1,
        "per_page": 20,
        "total_pages": 1,
        "count": 2,
        "total_count": 2
      }
    }

Create a CIS-signed certificate.

Create a CIS-signed certificate.

POST /v1/{crn}/zones/{zone_identifier}/origin_certificates
Request

Custom Headers

  • IBM Cloud user IAM token

  • uuid, identify a session

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

Create a CIS-signed certificate.

  • curl -X POST \
    https://api.cis.cloud.ibm.com/v1/:crn/zones/:zone_id/origin_certificates \
    -H 'content-type: application/json' \
    -H 'accept: application/json' \
    -H 'x-auth-user-token: Bearer xxxxxx'
    -d '{
        "hostnames": [
            "example.com",
            "*.example.com"
        ],
        "request_type": "origin-rsa"
    }'
    
Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses
  • {
      "success": true,
      "result": {
        "id": "377744384748700486338008579781235397512213189914",
        "certificate": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----\n",
        "expires_on": "2033-11-04 08:30:00 +0000 UTC",
        "request_type": "origin-ecc",
        "hostnames": [
          "example.com"
        ],
        "private_key": "-----BEGIN EC PRIVATE KEY-----\n...\n-----END EC PRIVATE KEY----- \n"
      },
      "errors": [],
      "messages": []
    }

Get an existing Origin certificate.

Get an existing Origin certificate by its serial number.

GET /v1/{crn}/zones/{zone_identifier}/origin_certificates/{cert_identifier}
Request

Custom Headers

  • IBM Cloud user IAM token

  • uuid, identify a session

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

  • cedrtificate identifier

  • curl -X GET \
    https://api.cis.cloud.ibm.com/v1/:crn/zones/:zone_id/origin_certificates/:cert_id \
    -H 'content-type: application/json' \
    -H 'accept: application/json' \
    -H 'x-auth-user-token: Bearer xxxxxx'
    
Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses
  • {
      "success": true,
      "result": {
        "id": "377744384748700486338008579781235397512213189914",
        "certificate": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----\n",
        "expires_on": "2033-11-04 08:30:00 +0000 UTC",
        "request_type": "origin-ecc",
        "hostnames": [
          "example.com"
        ]
      },
      "errors": [],
      "messages": []
    }

Revoke a created Origin Certificate for a domain.

Revoke a created Origin certificate.

DELETE /v1/{crn}/zones/{zone_identifier}/origin_certificates/{cert_identifier}
Request

Custom Headers

  • IBM Cloud user IAM token

  • uuid, identify a session

Path Parameters

  • Full url-encoded cloud resource name (CRN) of resource instance

  • zone identifier

  • cedrtificate identifier

  • curl -X DELETE \
    https://api.cis.cloud.ibm.com/v1/:crn/zones/:zone_id/origin_certificates/:cert_id \
    -H 'content-type: application/json' \
    -H 'accept: application/json' \
    -H 'x-auth-user-token: Bearer xxxxxx'
    
Response

Status Code

  • Success

  • Bad Request

  • Forbidden! User has no privilege

  • Resource not found

  • Internal server error

Example responses
  • {
      "success": true,
      "result": {
        "id": "377744384748700486338008579781235397512213189914",
        "revoked_at": "2018-11-19T05:16:28.743962Z"
      },
      "errors": [],
      "messages": []
    }