Skip to main content

Obtain an API token

You can use an API token to authenticate Autoenrollment Server requests to DigiCert ONE. DigiCert recommends that you create a dedicated service user for API access as this helps manage access permissions and track the API requests in your account audit logs.

Note

You need either an API token or an authentication certificate for Autoenrollment Server to be able to authenticate requests to DigiCert ONE. If you will integrate with Windows Hello for Business, choose the authentication certificate method instead.

Create the service user and API token

  1. Navigate to Account Manager.

  2. Select Access from the left navigation menu, then Service User.

  3. Select Create Service user.

  4. On the service user details page, enter the following details:

    • Friendly name: Nickname for the service user.

    • Description (optional): Description of the service user's purpose.

    • End date (optional): Expiration date for the service user.

    • Email: To send notifications regarding the service user.

    • Accounts that can use this service user: Account access for the service user.

    • DigiCert ONE Manager access: Select CA and Trust Lifecycle.

  5. Select Next.

  6. On the Roles and permissions page, assign the following user roles:

    • For CA Manager: Read only

    • For Trust Lifecycle Manager: User and certificate manager and Certificate profile manager

    Notice

    Alternatively, you can create and assign custom user roles that include the following permissions at minimum:

    For CA Manager: View CA and View CA configuration. For Trust Lifecycle Manager: Certificate management: Manage create plus Profiles & templates: Manage enrollment and Manage profile.

  7. Select Add user.

  8. The token ID is displayed in a popup box. Copy the token ID value and store in a safe location—this value will be shown only once.