Create a Certificate Group

This API is used to create a certificate group. Certificate groups are logical containers used for organizing, managing, and applying bulk actions to certificates efficiently.

Before you Begin

  • The user should have the required ACF permissions to create the certificate group.

Request Structure

Endpoint: /certificate/group
Type: POST
Action: certificate-group-create
Sample URL: 
https://<IP/HostName/TenantName>:<GWPORT>/avxapi/certificate/group?gwsource=external

To understand the elements of the sample URL, click here.
Headers
Content-Type: application/json
Table 1. Input Parameters
Name Description
sessionId

Header

 (Mandatory if username and password are not provided) Session ID received after login

Type: String

Constraint: Required if username and password are not provided.
username

Header

 (Mandatory if sessionId is not provided) AppViewX login username

Type: String
password

Header

 (Mandatory if sessionId is not provided) AppViewX login password.

Type: String

Constraint: Required if sessionId is not provided.
Content-Type

Header

 (Mandatory) Specifies the nature of the data in the payload

Type: String

Constraint: Value of the parameter should be ‘application/json’
gwsource

Query

 (Mandatory) Source from which the request is triggered. (E.g. external)

Type: String
Payload

Body

 Contains all the parameters to be included in the request body for the POST request.

Type: Payload

Payload

Table 2. Payload
Name Description
name (Mandatory) Name for the new certificate group

Type: String
displayName (Optional) Display name for the new certificate group

Type: String
description (Optional) Additional details related to the new certificate group

Type: String
applicationID (Optional) Organization ID that must be associated with the new group

Type: String
parentGroup (Optional) Name of the parent certificate group under which the new certificate group will be created

Type: String
policyName (Mandatory) Certificate policy that must be associated with the new group

Type: String
groupBusinessInfo (Optional) Details of the business unit that must be associated with the new group

Type: groupBusinessInfo
groupLevelCertConfig (Optional) Configuration details for the certificates that will be associated with this group

Type: groupLevelCertConfig
Table 3. groupBusinessInfo
Name Description
contactName (Optional) Contact of the associated business unit's contact person

Type: String
firstName (Optional) First name of the associated business unit's contact person

Type: String
lastName (Optional) Last name of the associated business unit's contact person

Type: String
phoneNumber (Optional) Phone number of the associated business unit's contact person

Type: String
lobName (Optional) Name of the business unit associated with the certificate group

Type: String
costCenter (Optional) Code/label of the cost center associated with the certificate group

Type: String
environmentName (Optional) Business unit environment associated with the certificate group

Type: String
inventoryNumber (Optional) Inventory tracking number for the certificate group

Type: String
email (Optional) Email address of the associated business unit's contact person

Type: String
Table 4. groupLevelCertConfig
Name Description
autoPushFlag (Optional) Specify if certificates assigned to this group will be automatically pushed to the target endpoint upon renewal/regeneration

Type: Boolean
groupOverrideFlag (Optional) Specify if the group level settings for auto renewal/regeneration will override the certificate level settings

Type: Boolean
autoRenewConfig (Optional) Specify the auto renewal-related configuration details for this certificate group

Type: autoRenewConfig
autoRegenerateConfig (Optional) Specify the auto regeneration-related configuration details for this certificate group

Type: autoRegenerateConfig
Table 5. autoRenewConfig
Name Description
renewBefore (Mandatory if autoRenewalFlag is enabled) For the certificates associated with this group, indicates how many days prior to a certificate's expiry the renewal process will start

Type: Integer
autoRenewalFlag (optional) Specify if auto renewal must be enabled for the certificates associated with this group

Type: Boolean
approvalRequiredFlag (Optional) Indicates if approval is required before certificate renewal is triggered

Type: Boolean
Table 6. autoRegenerateConfig
Name Description
regenerateBefore (Mandatory if autoRegenerateFlag is enabled) For the certificates associated with this group, indicates how many days prior to a certificate's expiry the regeneration process will start

Type: Integer
autoRegenerateFlag (optional) Specify if auto regeneration must be enabled for the certificates associated with this group

Type: Boolean
approvalRequiredFlag (Optional) Indicates if approval is required before certificate regeneration is triggered

Type: Boolean

Response Structure

Response returns string of type application/json with the following body parameters:

Table 7. Parameters
Name Description
response Contains the response for the group creation operation

Type: Boolean
message Success message or failure description in case of error.

Type: String
appStatusCode Application specific status code for the response. It is a non-null value for a failure response.

Type: String
tags Additional information in case of failure response.

Status Codes

HTTP Code appStatusCode Response Message
202 Accepted null Reissue action has been triggered successfully
401 Unauthorized AVX_GW_003 Authentication failed, reason: Invalid credentials

Remediation: Ensure that valid username and password or a valid sessionId is provided as header parameters.
404 Not Found NO_RECORDS_FOUND No matching records found.

Remediation: Check and ensure that the values provided for commonName / serialNumber / resourceId are correct.
400 Bad Request INVALID_REQUEST Please give valid common name and serial number or resourceId.

Remediation: Provide a valid commonName and serialNumber or resourceId.
400 Bad Request INVALID_REQUEST Please provide a valid action.

Remediation: Provide a valid action.
400 Bad Request MANDATORY_FIELD_MISSING Mandatory field is missing or invalid - action.

Remediation: Ensure that the action field is available in the request payload.
417 Expectation failed CERT-GRP-0001 Group already exists with the given name

Remediation: Ensure that the group name is unique and not a duplicate of an existing group.
400 Bad Request CERT-PLCY-0009 Policy name is invalid.

Remediation: Ensure that the policy name is valid.

Sample Request/Response

Sample Request
{
   "name": "MasterNewGroup",
   "displayName": "",
   "description": "",
   "applicationId": "1",
   "parentGroup": "Default",
   "policyName": "Default",
   "groupBusinessInfo": {
       "contactName": "",
       "phoneNumber": "",
       "firstName": "",
       "lastName": "",
       "lobName": "",
       "costCenter": "",
       "environmentName": "",
       "inventoryNumber": "",
       "email": ""
   },
   "groupLevelCertConfig": {
       "autoPushFlag": false,       
       "groupOverrideFlag": false,
       "autoRenewConfig": {
           "renewBefore": 0,
           "autoRenewalFlag": false,
           "approvalRequiredFlag": false
       },
       "autoRegenerateConfig": {
           "regenerateBefore": 0,
           "autoRegenerateFlag": false,
           "approvalRequiredFlag": false
       }
   }
}
Sample Response
{
   "response": true,
   "message": null,
   "appStatusCode": null,
   "tags": {},
   "headers": null
}

References

Understanding the sample URL
  • IP/HostName/TenantName: Replace with the actual IP address, hostname, or tenant name based on the specific configuration in AppViewX.
    • IP: A unique identifier assigned to each device connected to a computer network that uses the Internet Protocol for communication

      The IP address will be included in the endpoint URL for an on-prem deployment.

    • HostName: A human-readable label assigned to a device (host) on a network

      The hostname will be included in the endpoint URL for an on-prem deployment.

    • TenantName: An identifier label for a tenant given to indicate which tenant's data the API request will access/modify

      The tenant name will be included in the endpoint URL for a SaaS deployment.

  • GWPORT: AppViewX gateway port

    A gateway port refers to a network port through which data is sent and received to communicate with a gateway in an on-prem deployment.

    Example: 31443

  • avxapi: Path parameter value (static) that is part of the endpoint's URL
  • Endpoint: Endpoint of the API, for example: execute-hook
  • gwsource: Source or origin of a gateway, for example: external.