Handling application certificates with Secure Private Access API
This topic provides instructions on how to create, list, update, and delete certificates using the Secure Private Access API. Before starting with this API, understand the mandatory headers for all requests listed in Getting Started.
1. Get a List of application certificates
The following is an example of a GET request and response for getting a list of application certificates:
GET https://api.cloud.com/accessSecurity/certificate
Request header sample
...
Accept: application/json
Citrix-CustomerId: \{\{customerId\}\}
Authorization: CWSAuth Bearer=\{\{bearerToken\}\}
Citrix-TransactionId: \{\{Citrix-TransactionId\}\}
...
<!--NeedCopy-->
Successful response sample
An empty 201 Created response with a JSON body:
{
"items": [
{
"certificateName": "TestName",
"certificateId": "b232288e2-cdf0-430e-adac-5b100271ad3d"
},
{
"certificateName": "TestName1",
"certificateId": "a568352e2-cdf0-430e-daca-5b100271ad3d"
}
]
}
<!--NeedCopy-->
The JSON object has an items array that contains the list of certificate objects.
Certificates object schema in response body
-
certificateName. Name of this certificate. -
certificateId. The unique certificate id.
Successful response headers sample
Among other headers, you might find the location header of the certificate. This header indicates the path that the created certificate is saved.
...
Location: /currentpath/<uuid:certificateId>
...
<!--NeedCopy-->
Potential unsuccessful responses
| Status Code - Description | Potential Reason |
|---|---|
| 400 BAD REQUEST | A parameter was given by an incorrect type. The JSON object in the response body usually provides enough information about the mistake. |
| 401 UNAUTHORIZED | An invalid CitrixId or Authorization token in headers. |
| 406 NOT ACCEPTABLE |
Accept header not set as application/json. |
2. Get a certificate for specific application
The following is an example of a GET request and response for getting the certificate of a specific application and a specific URL. The applications’s UUID and the encoded URL are appended to the request URL:
GET https://api.cloud.com/accessSecurity/application/<uuid:applicationId>/domain/<path:encodedURL>
Request header sample
...
Accept: application/json
Citrix-CustomerId: \{\{customerId\}\}
Authorization: CWSAuth Bearer=\{\{bearerToken\}\}
Citrix-TransactionId: \{\{Citrix-TransactionId\}\}
...
<!--NeedCopy-->
Successful response sample
A 200 OK response with a JSON body that contains a certificate object:
{
"certificateName": "TestName",
"certificateId": "b232288e2-cdf0-430e-adac-5b100271ad3d",
"domain": "test.com",
"message": "Test Message"
}
<!--NeedCopy-->
Application certificate object schema in response body
The certificate object in the response body contains the following schema. Each property value is given as a string unless differently specified.
-
certificateName. Name of this certificate. -
certificateId. The unique certificate id. -
domain. The domain that the certificate is valid for. -
message. A message relevant to the certificate.
Potential unsuccessful responses
| Status Code - Description | Potential Reason |
|---|---|
| 401 UNAUTHORIZED | An invalid CitrixId or Authorization token in the headers. |
| 406 NOT ACCEPTABLE |
Accept header not set as application/json. |
| 404 NOT FOUND | No certificate was found with the specified UUID. |
3. Create application certificate
The following is an example of a POST request and response for creating a new certificate:
POST https://api.cloud.com/accessSecurity/certificate
Request header sample
...
Accept: application/json
Content-Type: application/json; charset=utf-8
Citrix-CustomerId: \{\{customerId\}\}
Authorization: CWSAuth Bearer=\{\{bearerToken\}\}
Citrix-TransactionId: \{\{Citrix-TransactionId\}\}
...
<!--NeedCopy-->
Request body sample
{
"certificateName": "TestName",
"certificate": "Certificate Base64 Encoded",
"certificatePassword": "Certificate Password"
}
<!--NeedCopy-->
JSON object schema in request body
Each property value is given as a string unless differently specified.
-
certificateName. Name of this certificate. -
certificate. Base64 encoded certificate data. -
certificatePassword. Password of this certificate.
Successful response sample
An empty 201 Created response with a JSON body:
{
"certificateName": "TestName",
"certificateId": "b232288e2-cdf0-430e-adac-5b100271ad3d"
}
<!--NeedCopy-->
Successful Response Headers Sample
Among other headers, you might find the location header of the certificate. This header indicates the path that the created certificate is saved.
...
Location: /currentpath/<uuid:certificateId>
...
<!--NeedCopy-->
Potential unsuccessful responses
| Status Code - Description | Potential Reason |
|---|---|
| 400 BAD REQUEST | JSON object sent in the request body might not follow the correct schema. The JSON object in the response body usually provides enough information about such a mistake. |
| 401 UNAUTHORIZED | An invalid CitrixId or Authorization token in headers. |
| 406 NOT ACCEPTABLE |
Accept header not set as application/json. |
| 415 UNSUPPORTED MEDIA TYPE |
Content-Type header not set as application/json; charset=utf-8. |
4. Associate a certificate with the application
The following is an example of a PUT request and response for correlating a certificate with a specific application and URL. The applications’s UUID and the encoded URL are appended to the request URL:
PUT https://api.cloud.com/accessSecurity/application/<uuid:applicationId>/domain/<path:encodedURL>
Request header sample
...
Accept: application/json
Content-Type: application/json; charset=utf-8
Citrix-CustomerId: \{\{customerId\}\}
Authorization: CWSAuth Bearer=\{\{bearerToken\}\}
Citrix-TransactionId: \{\{Citrix-TransactionId\}\}
...
<!--NeedCopy-->
Request body sample
{
"certificateId": "b232288e2-cdf0-430e-adac-5b100271ad3d"
}
<!--NeedCopy-->
JSON object schema in the request body
Each property value is given as a string unless differently specified.
-
certificateId. The unique certificate id.
Successful response sample
A 204 NO CONTENT response with an empty body.
Potential unsuccessful responses
| Status Code - Description | Potential Reason |
|---|---|
| 400 BAD REQUEST | JSON object sent in the request body might not follow the correct schema. The JSON object in the response body usually provides enough information about such a mistake. |
| 401 UNAUTHORIZED | An invalid CitrixId or Authorization token in the headers. |
| 406 NOT ACCEPTABLE |
Accept header not set as application/json. |
| 415 UNSUPPORTED MEDIA TYPE |
Content-Type header not set as application/json; charset=utf-8. |
5. Disassociate a certificate from an application
The following is an example of a DELETE request and response for disassociating a certificate with an application and URL. The applications’s UUID and the encoded URL are appended to the request URL:
DELETE https://api.cloud.com/accessSecurity/application/<uuid:applicationId>/domain/<path:encodedURL>
Request header sample
...
Accept: application/json
Citrix-CustomerId: \{\{customerId\}\}
Authorization: CWSAuth Bearer=\{\{bearerToken\}\}
Citrix-TransactionId: \{\{Citrix-TransactionId\}\}
...
<!--NeedCopy-->
Successful response sample
A 204 NO CONTENT response with an empty body.
Potential unsuccessful responses
| Status Code - Description | Potential Reason |
|---|---|
| 400 NOT FOUND | Application ID and domain are mandatory arguments. |
| 401 UNAUTHORIZED | An invalid CitrixId or Authorization token in the headers. |
| 404 NOT FOUND | Certificate association not found. |
| 406 NOT ACCEPTABLE |
Accept header not set as application/json. |
6. Delete an application certificate
The following is an example of a DELETE request and response for deleting a certificate. The certificate’s UUID is appended to the request URL:
DELETE https://api.cloud.com/accessSecurity/certificate/{{certificateUUID}}`
Request header sample
...
Accept: application/json
Citrix-CustomerId: \{\{customerId\}\}
Authorization: CWSAuth Bearer=\{\{bearerToken\}\}
Citrix-TransactionId: \{\{Citrix-TransactionId\}\}
...
<!--NeedCopy-->
Successful response sample
A 204 NO CONTENT response with an empty body.
Potential unsuccessful responses
| Status Code - Description | Potential Reason |
|---|---|
| 401 UNAUTHORIZED | An invalid CitrixId or Authorization token in the headers. |
| 403 FORBIDDEN | Certificate cannot be deleted. |
| 404 NOT FOUND | Certificate not found. |
| 406 NOT ACCEPTABLE |
Accept header not set as application/json. |