Assign Certificates to a Group

This API is used to assign one or multiple certificates to an existing certificate group.

Certificate groups simplify certificate lifecycle management, access control, and policy enforcement for certificates.

Before you Begin

  • Ensure that the user has the required permissions for the group to which the certificate currently belongs.
  • Ensure that the target certificate group exists.
  • Ensure that the user has the required permissions to assign certificates to the target certificate group (to which the certificates will be assigned).

Request Structure

Endpoint: /certificate/group/assign
Type: PUT
Action: certificate-group-assign
Sample URL: 
https://<IP/HostName/TenantName>:<GWPORT>/avxapi/certificate/group/assign?gwsource=external

To understand the elements of the sample URL, click here.
Headers
Content-Type: application/json
Table 1. Input Parameters
Name Description
sessionId

Header

 (Mandatory if username and password are not provided) Session ID received after login

Type: String
username

Header

 (Mandatory if sessionId is not provided) AppViewX login username

Type: String
password

Header

 (Mandatory if sessionId is not provided) AppViewX login password.

Type: String
Content-Type

Header

 (Mandatory) Specifies the nature of the data in the payload

Type: String

Constraint: Value of the parameter should be ‘application/json’
gwsource

Query

 (Mandatory) Source from which the request is triggered. (for example, external)

Type: String
Payload

Body

 Contains all the parameters to be included in the request body for the PUT request.

Type: Payload

Payload

Table 2. Payload
Name Description
groupName (Mandatory) Name of the certificate group to which the certificates have to be assigned

Type: String
resourceIds (Mandatory) Comma-separated list of the resource IDs of all certificates that have to be assigned to the above-mentioned certificate group

The resources IDs can be retrieved using the /certificate/search API.

Type: List

Constraints: Ensure that all certificates belong to the same certificate category.
comment (Optional) Additional details related to the certificate assignment

Type: String

Constraints:
  • Maximum character limit is 255.
  • Special characters and HTML tags are invalid values.

Response Structure

Success Response

200 OK Response with the message: Group assign action successfully performed.

Response content-type: application/json

Table 3. Response Parameters
Name Description
message Success or failure description

Type: String
appStatusCode Application specific status code for the response

It is a non-null value for a failure response.

Type: String
tags Additional information for the failure response

Status Codes

HTTP Code appStatusCode Response Message
401 Unauthorized AVX_GW_003 Authentication failed, reason: Invalid credentials

Remediation: Ensure that valid username and password or a valid sessionId is provided as header parameters.
400 Bad Request VALIDATION_ERROR_0004 Mandatory field missing or invalid value

Remediation: Ensure that the missing mandatory field, as specified in the error response, is included in the payload and is assigned a valid value.
400 Bad Request VALIDATION_ERROR_0004 comment exceeds the 255-character limit.

Remediation: Ensure that the text entered as comments in the payload is less than or equal to 255 characters.
400 Bad Request CERT-GEN-0033 Invalid characters in the comments.

Remediation: Ensure that the text entered as comments in the payload does not have any special characters or HTML tags.
403 Forbidden AVX_GW_005 User does not have access to the targeted API.

Remediation: Ensure that the user has all the requisite ACF permissions to assign certificates to the group.

To enable this, go to (Menu) > CERT+ > Groups & Policies > Group > Assign Group.
403 Forbidden CERT-ACL-0006 Access denied since user does not have all the requisite permissions to update certificates.

Remediation: Ensure that the user has all the required ACL resource permissions for assigning the certificates.
403 Forbidden CERT-ACF-0058 User does not have the relevant permissions to perform this action.

Remediation: Ensure that the user has the required permissions for updating the required certificate category.
403 Forbidden CERTIFICATE_BELONG_GROUP_PERMISSION_DENIED User does not have RW permission for the certificate group to which the certificate already belongs.

Remediation: Ensure that the user has RW permission for the certificate groups to which all certificates, the resource IDs of which have been listed in the payload, currently belong.
403 Forbidden ACF_NOT_AVAILABLE_FOR_SERVER_CERT User does not have view permission for the server certificate inventory.

Remediation: Ensure that the user has all the required ACF permissions for viewing the server certificate inventory.
403 Forbidden ACF_NOT_AVAILABLE_FOR_CLIENT_CERT User does not have view permission for the client certificate inventory.

Remediation: Ensure that the user has all the required ACF permissions for viewing the client certificate inventory.
403 Forbidden ACF_NOT_AVAILABLE_FOR_CODE_SIGNING_CERT User does not have view permission for the code signing certificate inventory.

Remediation: Ensure that the user has all the required ACF permissions for viewing the code signing certificate inventory.
404 Not Found GROUP_NOT_FOUND_OR_PERMISSION_DENIED The certificate group name mentioned in the payload does not exist or the user does not have RW permission to the group.

Remediation: Ensure that the certificate group mentioned in the payload exists and the user has the required permissions for assigning certificates to the group.

Sample Request/Response

Sample Request
{
	"groupName": "Certificate-Gateway",
	"resourceIds": [
		"67bc2ca76a105e1a05691c1c",
		"67bc2ca76a105e1a05691c2c",
		"67bc2ca76a105e1a05691c3c"
	],
	"comment": "Sample Comment"
}
Sample Response
{
	"Response":
	{
		"Successful Ids": [
			"67bc2ca76a105e1a05691c1c",
			"67bc2ca76a105e1a05691c2c",
			"67bc2ca76a105e1a05691c3c"
		],
	},
	"message": "Group assign action successfully performed",
	"appStatusCode": null,
	"Tags": { },
	"Headers": null
}

References

Understanding the sample URL
  • IP/HostName/TenantName: Replace with the actual IP address, hostname, or tenant name based on the specific configuration in AppViewX.
    • IP: A unique identifier assigned to each device connected to a computer network that uses the Internet Protocol for communication

      The IP address will be included in the endpoint URL for an on-prem deployment.

    • HostName: A human-readable label assigned to a device (host) on a network

      The hostname will be included in the endpoint URL for an on-prem deployment.

    • TenantName: An identifier label for a tenant given to indicate which tenant's data the API request will access/modify

      The tenant name will be included in the endpoint URL for a SaaS deployment.

  • GWPORT: AppViewX gateway port

    A gateway port refers to a network port through which data is sent and received to communicate with a gateway in an on-prem deployment.

    Example: 31443

  • avxapi: Path parameter value (static) that is part of the endpoint's URL
  • Endpoint: Endpoint of the API, for example: execute-hook
  • gwsource: Source or origin of a gateway, for example: external.