Skip to main content

Obtain an API token

You can use an API token to authenticate Autoenrollment Server requests to DigiCert ONE. DigiCert recommends that you create a dedicated service user for API access as this helps manage access permissions and track the API requests in your account audit logs.

Note

You need either an API token or an authentication certificate for Autoenrollment Server to be able to authenticate requests to DigiCert ONE. If you will integrate with Windows Hello for Business, choose the authentication certificate method instead.

Create the service user and API token

  1. Navigate to Account Manager.

  2. Select Access from the left navigation menu, then Service User.

  3. Select Create Service user.

  4. On the service user details page, enter the following details:

    • Friendly name: Nickname for the service user.

    • Description (optional): Description of the service user's purpose.

    • End date (optional): Expiration date for the service user.

    • Email: To send notifications regarding the service user.

    • Accounts that can use this service user: Account access for the service user.

    • DigiCert ONE Manager access: Select CA and Trust Lifecycle.

  5. Select Next.

  6. On the Roles and permissions page, assign the following user roles:

    • For Private CA: Read only

    • For Trust Lifecycle Manager: User and certificate manager and Certificate profile manager

    Note

    Alternatively, you can create and assign custom user roles that include the following permissions at minimum:

    Manager

    Role

    Permission

    CA

    CA & certificates: CA

    Read-only

    General: Common CA database

    Read-only

    Trust Lifecycle

    Certificate management: Create

    Manage

    Profiles & templates: Enrollment

    Manage

    Profiles & templates: Profile

    Manage

  7. Select Add user.

  8. The token ID is displayed in a popup box. Copy the token ID value and store in a safe location—this value will be shown only once.