Unassign Certificates from a Group

This API is used to unassign one or multiple certificates from an existing certificate group. The unassigned certificates are then assigned to the default certificate group.

Before you Begin

  • Ensure the user has the required permissions for accessing the default certificate group.
  • Ensure that the user has the required permissions for the group to which the certificate currently belongs.
  • Ensure that the certificate/certificates is/are already assigned to the certificate group.
  • Ensure that the user has the required ACF permissions to unassign certificates from the certificate group.

Request Structure

Endpoint: /certificate/group/unassign
Type: PUT
Action: certificate-group-unassign
Sample URL: 
https://<IP/HostName/TenantName>:<GWPORT>/avxapi/certificate/group/unassign?gwsource=external

To understand the elements of the sample URL, click here.
Headers
Content-Type: application/json
Table 1. Input Parameters
Name Description
sessionId

Header

 (Mandatory if username and password are not provided) Session ID received after login

Type: String
username

Header

 (Mandatory if sessionId is not provided) AppViewX login username

Type: String
password

Header

 (Mandatory if sessionId is not provided) AppViewX login password.

Type: String
Content-Type

Header

 (Mandatory) Specifies the nature of the data in the payload

Type: String

Constraint: Value of the parameter should be ‘application/json’
gwsource

Query

 (Mandatory) Source from which the request is triggered. (for example, external)

Type: String
Payload

Body

 Contains all the parameters to be included in the request body for the PUT request.

Type: Payload

Payload

Table 2. Payload
Name Description
resourceIds (Mandatory) Comma-separated list of the resource IDs of all certificates that have to be unassigned

The resources IDs can be retrieved using the /certificate/search API.

Type: List
comment (Optional) Additional details related to the certificate assignment

Type: String

Constraints:
  • Maximum character limit is 255.
  • Special characters and HTML tags are invalid values.

Response Structure

Success Response

200 OK Response with the message: Group unassign action successfully performed.

Response content-type: application/json

Table 3. Response Parameters
Name Description
message Success or failure description

Type: String
appStatusCode Application specific status code for the response

It is a non-null value for a failure response.

Type: String
tags Additional information for the failure response

Status Codes

HTTP Code appStatusCode Response Message
401 Unauthorized AVX_GW_003 Authentication failed, reason: Invalid credentials

Remediation: Ensure that valid username and password or a valid sessionId is provided as header parameters.
400 Bad Request VALIDATION_ERROR_0004 Mandatory field missing or invalid value

Remediation: Ensure that the missing mandatory field, as specified in the error response, is included in the payload and is assigned a valid value.
400 Bad Request VALIDATION_ERROR_0004 comment exceeds the 255-character limit.

Remediation: Ensure that the text entered as comments in the payload is less than or equal to 255 characters.
400 Bad Request CERT-GEN-0033 Invalid characters in the comments.

Remediation: Ensure that the text entered as comments in the payload does not have any special characters or HTML tags.
403 Forbidden AVX_GW_005 User does not have access to the targeted API.

Remediation: Ensure that the user has all the requisite ACF permissions to unassign certificates from the group.

To enable this, go to (Menu) > CERT+ > Groups & Policies > Group > Assign Group.
403 Forbidden CERT-ACL-0006 Access denied since user does not have all the requisite permissions to update certificates.

Remediation: Ensure that the user has all the required ACL resource permissions for adding comments to the certificates.
403 Forbidden CERT-ACF-0058 User does not have the relevant permissions to perform this action.

Remediation: Ensure that the user has the required permissions for the required certificate category.
403 Forbidden CERTIFICATE_BELONG_GROUP_PERMISSION_DENIED User does not have RW permission for the certificate group to which the certificate belongs.

Remediation: Ensure that the user has RW permission for the certificate groups to which all certificates, the resource IDs of which have been listed in the payload, currently belong.
403 Forbidden ACF_NOT_AVAILABLE_FOR_SERVER_CERT User does not have view permission for the server certificate inventory.

Remediation: Ensure that the user has all the required ACF permissions for viewing the server certificate inventory.
403 Forbidden ACF_NOT_AVAILABLE_FOR_CLIENT_CERT User does not have view permission for the client certificate inventory.

Remediation: Ensure that the user has all the required ACF permissions for viewing the client certificate inventory.
403 Forbidden ACF_NOT_AVAILABLE_FOR_CODE_SIGNING_CERT User does not have view permission for the code signing certificate inventory.

Remediation: Ensure that the user has all the required ACF permissions for viewing the code signing certificate inventory.
404 Not Found DEFAULT_CERT_GROUP_PERMISSION_DENIED User should have RW permissions for the default certificate group before unassigning certificate.

Remediation: Ensure that the user has access to the default certificate group.

Sample Request/Response

Sample Request
{
	"resourceIds": [
		"67bc2ca76a105e1a05691c1c",
		"67bc2ca76a105e1a05691c2c",
		"67bc2ca76a105e1a05691c3c"
	],
	"comment": "Sample Comment"
}
Sample Response
{
	"Response":
	{
		"Successful Ids": [
			"67bc2ca76a105e1a05691c1c",
			"67bc2ca76a105e1a05691c2c",
			"67bc2ca76a105e1a05691c3c"
		],
	},
	"message": "Group unassign action successfully performed",
	"appStatusCode": null,
	"Tags": { },
	"Headers": null
}

References

Understanding the sample URL
  • IP/HostName/TenantName: Replace with the actual IP address, hostname, or tenant name based on the specific configuration in AppViewX.
    • IP: A unique identifier assigned to each device connected to a computer network that uses the Internet Protocol for communication

      The IP address will be included in the endpoint URL for an on-prem deployment.

    • HostName: A human-readable label assigned to a device (host) on a network

      The hostname will be included in the endpoint URL for an on-prem deployment.

    • TenantName: An identifier label for a tenant given to indicate which tenant's data the API request will access/modify

      The tenant name will be included in the endpoint URL for a SaaS deployment.

  • GWPORT: AppViewX gateway port

    A gateway port refers to a network port through which data is sent and received to communicate with a gateway in an on-prem deployment.

    Example: 31443

  • avxapi: Path parameter value (static) that is part of the endpoint's URL
  • Endpoint: Endpoint of the API, for example: execute-hook
  • gwsource: Source or origin of a gateway, for example: external.