MIM CM API Data Collection problems

Question

Hi All,   I am using PowerShell to connect to a legacy version of MIM CA, trying to enroll for a certificate using the API   I start by using the following to get the certificate profiles:

$Creds = Get-Credential

$URI = “Https://MIMServer/CertificateManagement/api/v1.0/profiletemplates”

$Results = Invoke-WebRequest -URI $URI -Method GET -Credential $Creds

$Results.content | ConvertFrom-JSON

This gives me my list of certificate templates where I use the following to get the enrolment policy:

$URI =“Https://MIMServer/CertificateManagement/api/v1.0/profiletemplates/<CertificateProgfileGUID>/policies/enroll”
$Results = Invoke-WebRequest -URI $URI -Method GET -Credential $Creds
$Results.content | ConvertFrom-JSON

This tells me I have a single required data collection item of “Email” so I then use the following to try and enroll for the certificate:

$Request = @’{
	“dataCollection” : [{“Email” : “******@my.domain.com”}],
	“profiletemplateuuid” : “<CertificateProgfileGUID>”,
	“Type” : “Enroll”,
	“comment” : “API wont work”
}
‘@
$reqLength = [System.Text.Encoding]::ASCII.GetBytesCount($Request)
$Headers = @{
	“Content-Type”=”application/json”
	“Content-Length”=”$reqLength” 
}
$URI = “Https://MIMServer/CertificateManagement/api/v1.0/requests
$Results = Invoke-WebRequest -URI $URI -Method POST -Body $Request -Headers $Headers -Credential $Creds

This throws a data validation error, when I look at the server the error “Data item ‘Email’ is required. An empty value is not permitted.”   No matter what I do I cannot get the API to accept a data collection… If I request a certificate that does not require a data item it works fine.   Has anybody got this to work in the past? Am I doing something wrong or is this an API issue?   Thanks.

Answer 1

For completeness, and for anyone who ever comes across this issue... Thanks to a helpful friend who decompiled the API we were able to find that the datacollection handler function was expecting the data in a format totally different to that which is documented. So we reconstructed the JSON in the following format and no more errors:

$Request = @’
{
	“profiletemplateuuid” : “<ProfileUUID>”,
    "datacollection":[
    {
      "Name": "Email",
      "Value": "******@address.com"
    }
  ],
    “Type” : “Enroll”,
	“comment” : “API Now Works!”
}
‘@

Answer 2

Can't seen to get the final code snippet to save ? Here it is in plain: $Request = @’ { “dataCollection” : [“Email” : “******@my.domain.com”}], “profiletemplateuuid” : “/<CertificateProgfileGUID>”, “Type” : “Enroll”, “comment” : “API wont work” } ‘@ $reqLength = [System.Text.Encoding]::ASCII.GetBytesCount($Request) $Headers = @{ “Content-Type”=”application/json” “Content-Length”=”$reqLength” } $URI = “Https://MIMServer/CertificateManagement/api/v1.0/requests $Results = Invoke-WebRequest -URI = $URI -Method POST -Body $Request -Headers $Headers -Credential $Creds