Cloud PKI Management (Preview)

Take back control of your Microsoft Public Key Infrastructure (ADCS) with the Microsoft Power Platform and Cloud PKI Management from 509 Solutions.

This connector is available in the following products and regions:

Service Class Regions
Logic Apps Standard All Logic Apps regions except the following:
     -   Azure Government regions
     -   Azure China regions
     -   US Department of Defense (DoD)
Power Automate Standard All Power Automate regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
     -   US Department of Defense (DoD)
Power Apps Standard All Power Apps regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
     -   US Department of Defense (DoD)
Connector Metadata
Publisher 509 Solutions Pty Ltd
Website https://support.509.solutions
Privacy policy http://www.509.solutions/about/privacy

An easy to navigate yet powerful interface to the Cloud PKI Management API https://api.cloudpki.management

To leverage the Cloud PKI Management connector, you must have an active Cloud PKI Management Deployment and be a master user or have been granted a Cloud PKI Management Role by your Identity Management administrators.

Note. Although the connector will show all actions and triggers, you may only perform actions that your Cloud PKI Management role permits. Visit the API Documentation for full details of the actions that each role can perform.

To confirm your assigned roles, you can use the "Get-Authentication" action to fetch your login details. The roles claim if present will detail the Cloud PKI Management roles that have been assigned to you. It is valid to be assigned multiple roles.

If you require support or wish to provide feedback or new ideas for the connector, please visit our support site to get in touch or if required raise a support ticket.

All Triggers and Actions require a valid Region ID and Deployment ID to execute correctly. For your convenience, these items will be populated for you to make a selection from. If you have multiple deployments, you may need to contact support to have the additional deployments added to your list. These options can always be manually overriden in all Triggers and Actions.

Throttling Limits

Name Calls Renewal Period
API calls per connection 100 60 seconds

Actions

Delete Hook

Delete a hook subscribed to this deployment by its ID

Get Actions

Retrieve upcoming required actions for this PKI

Get Authentication Details

Gets the Azure Authentication Details for the Current Session

Get Certificate

Get a Certificate by its SHA1 Thumbprint

Get Certificate Revocation List (CRL)

Get a Certificate Revocation List from this deployment by its CRL ID

Get Connector Action

Get a Connector Action by its Action ID

Get Hook

Get a hook subscribed to this deployment by its HookID

Get Published Certificate

Download Issued Certificates for Submitters and Owners

Get Published Templates

Gets Published Templates for Certificate Requests

Get Request

Retrieve a Certificate Signing Request (CSR)

Get Template

Fetch a certificate template configuration

Get User Deployments

Retrieves the users configured deployments

New Hook

Add a new hook to this Cloud PKI Deployment

New Request

New Certificate Request

Query Certificate Revocation Lists (CRLs)

Queries for CRLs based on selected criteria

Query Certificate Templates

Search for certificate templates

Query Certificates

Query Certificates Issued by this Cloud PKI deployment

Query Hooks

Query all hooks in this Cloud PKI Deployment

Query Requests

Query Certificate Signing Requests

Update Certificate

Change the status or metadata of a certificate

Update Request

Approve, Deny or Update an existing Certificate Request

Update Template

Change the status or metadata of a Template

Delete Hook

Delete a hook subscribed to this deployment by its ID

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Hook ID
hookid True string

Cloud PKI Hook ID. It is a SHA1 Thumbprint of the Callback URL/Email Address

Returns

response
string

Get Actions

Retrieve upcoming required actions for this PKI

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Returns

Name Path Type Description
array of object
Thumbprint
thumbprint string

Certificate Thumbprint

Valid To
validto string

Certificate Expiry Date

Valid To (Epoch)
validtoepoch integer

Certificate Expiry Date as Epoch Timestamp

Renewal Status
renewalstatus string

Current Renewal Status

Expires In / Since Requested
days integer

Days Until Certificate Expiry or Days Since Request Submitted

Type
objecttype string

Object Type (Certificate, or Request)

Status
objectstatus string

Current Status. Renewing, Expiring or Pending

Phase
phase string

Certificate Life-cycle phase

Request ID
requestid string

CloudPKI Request ID

Request Source
requestsource string

Request Source (Cloud PKI or Issuing CA)

When Submitted
submittedwhen string

When a Request Was Submitted

When Submitted
submittedwhenepoch string

When a Request Was Submitted Epoch Time

Submitted By
submitteremail string

Request Submitter Email

Display Subject
displaysubject string

A Rationalised Subject Name for Easy Identification.

Get Authentication Details

Gets the Azure Authentication Details for the Current Session

Returns

response
string

Get Certificate

Get a Certificate by its SHA1 Thumbprint

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Thumbprint
thumbprint True string

Certificate SHA1 Thumbprint

Returns

Name Path Type Description
Thumbprint
thumbprint string

Certificate SHA1 Thumbprint

Serial Number
serialnumber string

Serial Number

Valid From
validfrom string

Certificate Start Date

Valid To
validto string

Certificate Expiry Date

Valid From (Epoch)
validfromepoch integer

Certificate Start Date as Epoch timestamp

Valid To (Epoch)
validtoepoch integer

Certificate Expiry Date as Epoch Timestamp

Signing Algorithm
signaturealgorithm string

signaturealgorithm

Subject Key Identifier
subjectkeyidentifier string

The Subject Key Identifier of the certificate.

Authority Key Identifier
authoritykeyidentifier string

The Authority Key Identifier of the certificate.

Template OID
templateoid string

Template Object ID - Unique per Microsoft Entra ID Forest

Template Name
templatename string

Template Short Name

Key Type
keytype string

The Asymmetric KeyType. (RSA or ECC)

Key Length
keysize integer

The Asymmetric key length

Basic Key Usage
keyusage array of string

Basic Key Usages

Enhanced Key Usage
enhancedkeyusage array of string

The Enhanced Key Usages

Issuing CA
issuername string

The Issuers Common CA Name

Subject
subject array of string

The subject of the certificate

SAN
subjectalternativename array of string

Subject Alternate Names for the Certificate

Display Subject
displaysubject string

A rationalised subject name for easier identification.

CDP
cdp array of string

CRL Distribution Points

AIA
aia array of string

Authority Information Access

Constraints
basicconstraints array of string

Basic Certificate Constraints

Status
status string

Certificate Status (Issued or Revoked)

Public Key
publickey string

Public Key of the Certificate

Template ID
cloudpki.templateid string

Cloud PKI Template ID

Cloud PKI Request ID
cloudpki.requestid string

Cloud PKI Request ID if requested through Cloud PKI Management

Life-cycle Phase
cloudpki.phase string

Current Certificate Life-cycle Phase

Important
cloudpki.important string

Certificate Marked As Important

Comment
cloudpki.comment string

Comment

Reference
cloudpki.reference string

Reference

Owner Email Addresses
cloudpki.owneremail array of string

owneremail

Owner Email Addresses String
cloudpki.owneremailstring string

Owner Email Addresses String

Renewal Status
cloudpki.renewalstatus string

Current Renewal Status

Renewal Last Modified Timestamp
cloudpki.renewallastmodified string

Renewal Status Last Modified Timestamp

Renewal Last Modified Epoch Timestamp
cloudpki.renewallastmodifiedepoch integer

Renewal Status Last Modified Epoch Timestamp

Renewal Last Modified ID
cloudpki.renewallastmodifiedid string

Renewal Status Last Modified ID

Renewal Last Modified Email
cloudpki.renewallastmodifiedemail string

Renewal Status Last Modified Email

Last Modified Epoch Timestamp
cloudpki.lastmodified string

Last Modified Epoch Timestamp

lastmodifiedepoch
cloudpki.lastmodifiedepoch integer

lastmodifiedepoch

Last Modified By ID
cloudpki.lastmodifiedid string

Last Modified By ID

Last Modified By Email
cloudpki.lastmodifiedemail string

Last Modified By Email

Last Modified Event
cloudpki.lastmodifiedevent string

Last Modified Event

Revocation Status
cloudpki.revocationstatus string

Revocation Status

Last Revocation
cloudpki.revocationlastmodified string

Last Revocation Timestamp

Last Revocation Epoch
cloudpki.revocationlastmodifiedepoch string

Last Revocation Epoch Timestamp

Last Revoker ID
cloudpki.revocationlastmodifiedid string

Last Revoker ID

Last Revoker Email
cloudpki.revocationlastmodifiedemail string

Last Revoker Email

CA Request ID
requestdetails.carequestid integer

Request ID from Issuing CA

CA Request Details - Status Message
requestdetails.statusmessage string

Status Message from Certificate Request Submission to Issuing CA

CA Request Details - Submitted When
requestdetails.submittedwhen string

Submitted When

Resolved When
requestdetails.resolvedwhen string

Resolved When from Issuing CA

Revoked When
requestdetails.revokedwhen string

Revoked When

Revocation Effective When
requestdetails.revokedeffectivewhen string

Revocation Effective When

Revocation Reason
requestdetails.revokedreason integer

Revocation Reason

Requester Name
requestdetails.requestername string

Requester Name from Issuing CA

Caller Name
requestdetails.callername string

Caller Name from Issuing CA

CA Request Details - OS Version
requestdetails.requestosversion string

requestosversion

CA Request Details - CSP Provider
requestdetails.requestcspprovider string

CSP Provider / KSP Provider Name

Get Certificate Revocation List (CRL)

Get a Certificate Revocation List from this deployment by its CRL ID

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

CRL ID
crlid True string

Certificate Revocation List in the form of -

Returns

Name Path Type Description
Valid From
validfrom string

CRL Start Date

Valid To
validto string

CRL Expiry Date

Valid From (Epoch)
validfromepoch integer

CRL Start Date as Epoch timestamp

Valid To (Epoch)
validtoepoch integer

CRL Expiry Date as Epoch Timestamp

Issuing CA
issuer string

Issuing CA Common Name

Signature Algorithm
signaturealgorithm string

Signature Algorithm

Signature Hash Algorithm
signaturehashalgorithm string

Signature Hash Algorithm

CA Version
caversion string

CA Version of the Associated CA Certificate

AKI
aki string

Authority Key Identifier

CRL Number
crlnumber string

CRL Number in Hex

CRL Number Decimal
crlnumberdecimal integer

CRL Number Decimal

Next Publish Date
nextpublish date-time

Next Publish Date

Next Publish Timestamp
nextpublishepoch integer

Next Publish Epoch Timestamp

CRL ID
crlid string

ID of the CRL

crlentries
crlentries array of string

crlentries

Get Connector Action

Get a Connector Action by its Action ID

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Connector Action ID
connectoractionid True string

Connector Action ID

Returns

Name Path Type Description
Connector Action Event
event string

The Event being executed by the Connector Action

Connector Action Asset ID
assetid string

The Asset ID being updated by the Connector Action

Connector Action Asset Type
assettype string

The Asset Type being updated by the Connector Action

Connector Action Created Timestamp
createdwhen string

Connector Action Created Timestamp

Connector Action Resolved Timestamp
resolvedwhen string

Connector Action Resolved Timestamp

Connector Action Submitted Timestamp
submittedwhen string

Connector Action Submitted to CA Timestamp

Connector Action Message
message string

The Message returned from the Connector Action

Connector Action ID
connectoractionid string

Connector Action ID

Connector Action Status
status string

The Status of the Connector Action

Get Hook

Get a hook subscribed to this deployment by its HookID

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Hook ID
hookid True string

Cloud PKI Hook ID. It is a SHA1 Thumbprint of the Callback URL/Email Address

Returns

Name Path Type Description
Hook ID
hookid string

Unique Identifier of Hook (SHA1 of Email Address or CallbackURL)

Events
events string

Events this hook is triggered by

Call Back URL
callbackurl string

The URL the hook will notify of subscribed events

Type
type string

Hook Type (Web, Email or PowerBI)

Object URI
objecturi string

Object URI of the Hook

Creator ID
creatorid string

Username of Admin Who Created the Hook

Creator Email
creatoremail string

Email Address of Admin Who Created the Hook

Status
status string

Hook Status (Enabled or Disabled)

When Changed
whenchanged date-time

When Changed Timestamp

When Changed Epoch
whenchangedepoch integer

When Changed Epoch Timestamp

User Agent
useragent string

Useragent Header of Hook Creation Call

Workflow - Name
workflowdetails.workflowname string

Workflow Name of the Logic Apps or Flow Workflow

Workflow - Operation Name
workflowdetails.workflowoperationname string

Operation Name of the Logic Apps or Flow Workflow

Workflow - ID
workflowdetails.workflowid string

ID of the Logic Apps or Flow Workflow

Workflow - Version
workflowdetails.workflowversion string

Version of the Logic Apps or Flow Workflow

Workflow - Subscription ID
workflowdetails.workflowsubscriptionid string

Subscription ID of the Logic Apps or Flow Workflow

Workflow - Location
workflowdetails.workflowlocation string

Location of the Logic Apps or Flow Workflow

Get Published Certificate

Download Issued Certificates for Submitters and Owners

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Thumbprint
thumbprint True string

Certificate SHA1 Thumbprint to Download

Returns

response
string

Get Published Templates

Gets Published Templates for Certificate Requests

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Returns

Name Path Type Description
array of object
Template ID
templateid string

Cloud PKI Template ID

Template Name
templatename string

Template Short Name

Template OID
templateoid string

Template Object ID

Template Microsoft Entra ID Forest
templateforestrootfqdn string

Template Microsoft Entra ID Forest DNS Name

Template Display Name
templatedisplayname string

Template Display Name

Get Request

Retrieve a Certificate Signing Request (CSR)

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Request ID
requestid True string

Cloud PKI Request ID

Returns

Name Path Type Description
Request Source
requestsource string

Source of Request (Cloud PKI or Issuing CA Name)

Status
status string

Request Status (Pending, Approved, Denied, Failed, Issued)

Public Key
publickey string

Public Key of Request

Key Type
keytype string

Key Type (RSA or ECC)

Key Length
keylength integer

Key Length

subject
subject array of string

subject

subjectalternativename
subjectalternativename array of string

subjectalternativename

Request Hash Algorithm
requesthash string

Hashing Algorithm Used to Sign the Request

Signature Algorithm
signaturealgorithm string

Signature Algorithm

alternatesignaturealgorithm
alternatesignaturealgorithm boolean

alternatesignaturealgorithm

Template OID
templateoid string

Template Object ID

Template ID
templateid string

Template ID

Template Name
templatename string

Template Name

criticalextensions
criticalextensions array of string

criticalextensions

enhancedkeyusage
enhancedkeyusage array of string

enhancedkeyusage

keyusage
keyusage array of string

keyusage

applicationpolicies
applicationpolicies array of string

applicationpolicies

SKI
subjectkeyidentifier string

Subject Key Identifier

Display Subject
displaysubject string

Display Subject

Cloud PKI Request ID
requestid string

Cloud PKI Request ID (Always different to the CA Request ID)

CA Request Details - CA Request ID
requestdetails.carequestid integer

Request ID from the Issuing CA

CA Request Details - Status Message
requestdetails.statusmessage string

Status Message from CA when Request Submitted

CA Request Details - Submitted When
requestdetails.submittedwhen string

Timestamp When Submitted to the Issuing CA

resolvedwhen
requestdetails.resolvedwhen string

resolvedwhen

CA Request Details - When Revoked
requestdetails.revokedwhen string

When the Issuing CA Revoked the Certificate

CA Request Details - Revocation Effective When
requestdetails.revokedeffectivewhen string

When the Certificate Revocation should apply. Signatures post this date should be considered invalid.

CA Request Details - Revocation Reason
requestdetails.revokedreason string

Why the Certificate was Revoked

requestername
requestdetails.requestername string

requestername

callername
requestdetails.callername string

callername

CA Request Details - OS Version
requestdetails.requestosversion string

Operation System Version of the Request

requestcspprovider
requestdetails.requestcspprovider string

requestcspprovider

cdc
requestdetails.cdc string

cdc

rmd
requestdetails.rmd string

rmd

ccm
requestdetails.ccm string

ccm

cloudpkirequestid
cloudpki.cloudpkirequestid string

cloudpkirequestid

Reference
cloudpki.reference string

Reference

Comment
cloudpki.comment string

Comment

Urgent Flag
cloudpki.urgent string

Urgent Flag

Important Flag
cloudpki.important string

Important Flag

Owner Email Addresses
cloudpki.owneremail array of string

owneremail

Owner Email Addresses String
cloudpki.owneremailstring string

owneremail

Certificate Signing Request
cloudpki.submittedcsr string

Certificate Signing Request Text

Submitted Template ID
cloudpki.submittedtemplateid string

Submitted Template ID

Submitted Reference
cloudpki.submittedreference string

Refernce From Request Submitter

Submitted Comment
cloudpki.submittedcomment string

Submitted Comment

Submitted Urgent Flag
cloudpki.submittedurgent string

Submitted Urgent Flag

Submitted Important Flag
cloudpki.submittedimportant string

Submitted Important Flag

Submitted Owner Email
cloudpki.submittedowneremail array of string

submittedowneremail

Submitted When
cloudpki.submittedwhen string

Timestamp of Request Submission

Submitted When Epoch
cloudpki.submittedwhenepoch integer

Submitted When Epoch Timestamp

Submitter ID
cloudpki.submitterid string

Username of Request Submitter

Submitter Email Address
cloudpki.submitteremail string

Submitter Email Address

approvedstatus
cloudpki.approvedstatus string

approvedstatus

Approver Comments
cloudpki.approvedcomment string

Comment from Request Approver

approvedreference
cloudpki.approvedreference string

approvedreference

Important Flag
cloudpki.approvedimportant string

Important Status from Request Approver

approvedwhen
cloudpki.approvedwhen string

approvedwhen

approvedwhenepoch
cloudpki.approvedwhenepoch integer

approvedwhenepoch

approverid
cloudpki.approverid string

approverid

approveremail
cloudpki.approveremail string

approveremail

Get Template

Fetch a certificate template configuration

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Template ID
templateid True string

Template Identifier

Returns

Name Path Type Description
Template ID
templateid string

Template ID

Template Name
name string

Template Short Name

Template Display Name
displayname string

Template Display Name

Template DN
distinguishedname string

Microsoft Entra ID Forest Distinguished Name of Template

Microsoft Entra ID Object GUID
objectguid string

Microsoft Entra ID Object GUID of Template

Forest Root DN
forestrootdn string

Microsoft Entra ID Forest Root Distinguished Name

Forest Root DNS Name
forestrootfqdn string

Microsoft Entra ID Forest Root DNS Name

When Created
whencreated date-time

Creation Date of Template Microsoft Entra ID Object

When Changed
whenchanged date-time

Last Modified Date of Template Microsoft Entra ID Object

Status
status string

Current Template Status (Published or Unpublished)

publishedby
publishedby array of string

publishedby

Template OID
templateoid string

Template OID

Template Version
templateversion integer

Template Version - 1,2,3,4 (2000, 2003 Ent, 2008, 2012)

Major Version
majorversion integer

Template Major Version

Minor Version
minorversion integer

Template Minor Version

Template Type
templatetype string

Template Type (User or Computer)

Validity Period
validityperiod integer

Certificate Validity Period in Days

renewalperiod
renewalperiod integer

renewalperiod

defaultkeyspec
defaultkeyspec integer

defaultkeyspec

defaultkeyspecdecoded
defaultkeyspecdecoded string

defaultkeyspecdecoded

Basic Key Usages
basickeyusage integer

Basic Key Usages

Basic Key Usage - Key Encipherment
basickeyusagedecoded.KEYENCIPHERMENT string

Basic Key Usage - Key Encipherment

Basic Key Usage - Non-Repudiation
basickeyusagedecoded.NONREPUDIATION string

Basic Key Usage - Non-Repudiation

Basic Key Usage - Key Agreement
basickeyusagedecoded.KEYAGREEMENT string

Basic Key Usage - Key Agreement

Basic Key Usage - Digital Signature
basickeyusagedecoded.DIGITALSIGNATURE string

Basic Key Usage - Digital Signature

Basic Key Usage - Data Encipherment
basickeyusagedecoded.DATAENCIPHERMENT string

Basic Key Usage - Data Encipherment

Basic Key Usage - Key Certificate Signing
basickeyusagedecoded.KEYCERTSIGN string

Basic Key Usage - Key Certificate Signing

Basic Key Usage - CRL Signing
basickeyusagedecoded.CRLSIGN string

Basic Key Usage - CRL Signing

enhancedkeyusage
enhancedkeyusage array of string

enhancedkeyusage

criticalextensions
criticalextensions array of string

criticalextensions

Minimum Key Size
minimumkeysize integer

Minimum Key Size

defaultcsps
defaultcsps array of string

defaultcsps

maxdepth
maxdepth integer

maxdepth

supersededtemplates
supersededtemplates array of string

supersededtemplates

issuancepolicy
issuancepolicy array of string

issuancepolicy

applicationpolicy
applicationpolicy array of string

applicationpolicy

rasignaturecount
rasignaturecount integer

rasignaturecount

rasignatureissuancepolicies
rasignatureissuancepolicies array of string

rasignatureissuancepolicies

templateflags integer

templateflags

Private Key Exportable
templateflagsdecoded.PRIVATEKEYEXPORTABLE string

Is The Private Key Exportable

ENABLEAUTOENROLLMENT
templateflagsdecoded.ENABLEAUTOENROLLMENT string

ENABLEAUTOENROLLMENT

ISCOMPUTERCERT
templateflagsdecoded.ISCOMPUTERCERT string

ISCOMPUTERCERT

ISCROSSCA
templateflagsdecoded.ISCROSSCA string

ISCROSSCA

ISCA
templateflagsdecoded.ISCA string

ISCA

templateflagsdecoded.PUBLISHTOREQUESTERUSEROBJECT string

PUBLISHTOREQUESTERUSEROBJECT

templateflagsdecoded.ISEDITABLE string

ISEDITABLE

templateflagsdecoded.DONOTPERSISTINDB string

DONOTPERSISTINDB

templateflagsdecoded.ADDDETAILSTOCERT string

ADDDETAILSTOCERT

templateflagsdecoded.ADDEMAIL string

ADDEMAIL

templateflagsdecoded.ISDEFAULT string

ISDEFAULT

enrollmentflags integer

enrollmentflags

enrollmentflagsdecoded.ENABLEKEYREUSEONNTTOKENKEYSETSTORAGEFULL string

ENABLEKEYREUSEONNTTOKENKEYSETSTORAGEFULL

enrollmentflagsdecoded.EXCLUDECRLDETAILSINCERT string

EXCLUDECRLDETAILSINCERT

enrollmentflagsdecoded.PREVIOUSAPPROVALVALIDATEREENROLLMENT string

PREVIOUSAPPROVALVALIDATEREENROLLMENT

enrollmentflagsdecoded.AUTOENROLLMENTCHECKUSERDSCERTIFICATE string

AUTOENROLLMENTCHECKUSERDSCERTIFICATE

enrollmentflagsdecoded.INCLUDEBASICCONSTRAINTSFOREECERTS string

INCLUDEBASICCONSTRAINTSFOREECERTS

enrollmentflagsdecoded.REMOVEINVALIDCERTIFICATEFROMPERSONALSTORE string

REMOVEINVALIDCERTIFICATEFROMPERSONALSTORE

enrollmentflagsdecoded.EXCLUDEOCSPDETAILSINCERT string

EXCLUDEOCSPDETAILSINCERT

enrollmentflagsdecoded.ALLOWISSUANCEPOLICIESFROMREQUEST string

ALLOWISSUANCEPOLICIESFROMREQUEST

enrollmentflagsdecoded.AUTOENROLLMENT string

AUTOENROLLMENT

enrollmentflagsdecoded.PUBLISHTODS string

PUBLISHTODS

enrollmentflagsdecoded.ALLOWENROLLONBEHALFOF string

ALLOWENROLLONBEHALFOF

enrollmentflagsdecoded.ALLOWKEYBASEDRENEWAL string

ALLOWKEYBASEDRENEWAL

enrollmentflagsdecoded.PUBLISHTOKRACONTAINER string

PUBLISHTOKRACONTAINER

enrollmentflagsdecoded.USERINTERACTIONREQUIRED string

USERINTERACTIONREQUIRED

enrollmentflagsdecoded.CERTMGRAPPROVALREQUIRED string

CERTMGRAPPROVALREQUIRED

enrollmentflagsdecoded.INCLUDESYMETRICALGORITHMS string

INCLUDESYMETRICALGORITHMS

certificatenameflags integer

certificatenameflags

certificatenameflagsdecoded.SUBJECTREQUIREDNSASCN string

SUBJECTREQUIREDNSASCN

certificatenameflagsdecoded.SUBJECTALTREQUIREEMAIL string

SUBJECTALTREQUIREEMAIL

certificatenameflagsdecoded.SUBJECTREQUIREEMAIL string

SUBJECTREQUIREEMAIL

certificatenameflagsdecoded.SUBJECTALTREQUIREDNS string

SUBJECTALTREQUIREDNS

certificatenameflagsdecoded.SUBJECTALTREQUIREDOMAINDNS string

SUBJECTALTREQUIREDOMAINDNS

certificatenameflagsdecoded.ENROLEESUPLIESSUBJECTALTNAME string

ENROLEESUPLIESSUBJECTALTNAME

certificatenameflagsdecoded.OLDCERTSUPPLIESSUBJECTANDALTNAME string

OLDCERTSUPPLIESSUBJECTANDALTNAME

certificatenameflagsdecoded.SUBJECTALTREQUIREUPN string

SUBJECTALTREQUIREUPN

certificatenameflagsdecoded.SUBJECTALTREQUIREDIRECTORYGUID string

SUBJECTALTREQUIREDIRECTORYGUID

certificatenameflagsdecoded.SUBJECTREQUIRECOMMONNAME string

SUBJECTREQUIRECOMMONNAME

certificatenameflagsdecoded.SUBJECTALTREQUIRESPN string

SUBJECTALTREQUIRESPN

certificatenameflagsdecoded.ENROLEESUPLIESSUBJECT string

ENROLEESUPLIESSUBJECT

certificatenameflagsdecoded.SUBJECTREQUIREDIRECTORYPATH string

SUBJECTREQUIREDIRECTORYPATH

privatekeyflags integer

privatekeyflags

privatekeyflagsdecoded.REQUIREALTERNATESIGNATUREALGORITHM string

REQUIREALTERNATESIGNATUREALGORITHM

privatekeyflagsdecoded.EXPORTABLEKEY string

EXPORTABLEKEY

privatekeyflagsdecoded.REQUIRESAMEKEYRENEWAL string

REQUIRESAMEKEYRENEWAL

privatekeyflagsdecoded.EKVALIDATECERT string

EKVALIDATECERT

privatekeyflagsdecoded.EKVALIDATEKEY string

EKVALIDATEKEY

privatekeyflagsdecoded.STRONGKEYPROTECTIONREQUIRED string

STRONGKEYPROTECTIONREQUIRED

privatekeyflagsdecoded.ATTESTATIONWITHOUTPOLICY string

ATTESTATIONWITHOUTPOLICY

privatekeyflagsdecoded.EKTRUSTONUSE string

EKTRUSTONUSE

privatekeyflagsdecoded.ATTESTREQUIRED string

ATTESTREQUIRED

privatekeyflagsdecoded.USELEGACYPROVIDER string

USELEGACYPROVIDER

privatekeyflagsdecoded.ATTESTPREFERRED string

ATTESTPREFERRED

privatekeyflagsdecoded.REQUIREPRIVATEKEYARCHIVAL string

REQUIREPRIVATEKEYARCHIVAL

privatekeyflagsdecoded.ATTESTNONE string

ATTESTNONE

rasignatureapplicationpolicy string

rasignatureapplicationpolicy

keytype string

keytype

Important
cloudpki.important string

Imported Certificates from this template will be marked as important

Owner Email Addresses
cloudpki.owneremail array of string

owneremail

Owner Emails String
cloudpki.owneremailstring string

owneremailstring

Owner Email Addresses
cloudpki.autoapproveid array of string

owneremail

Auto Approved IDs String
cloudpki.autoapproveidstring string

autoapproveidstring

Template Hidden
cloudpki.hidden string

Certificate Template hidden from certificate requesters.

Renewal Status
cloudpki.renewalstatus string

Imported certificates will have this renewal status

Last Modified Epoch Timestamp
cloudpki.lastmodified string

Last Modified Epoch Timestamp

lastmodifiedepoch
cloudpki.lastmodifiedepoch integer

lastmodifiedepoch

Last Modified By ID
cloudpki.lastmodifiedid string

Last Modified By ID

Last Modified By Email
cloudpki.lastmodifiedemail string

Last Modified By Email

Last Modified Event
cloudpki.lastmodifiedevent string

Last Modified Event

Get User Deployments

Retrieves the users configured deployments

Returns

Name Path Type Description
array of object
default
default string

default

regionid
regionid string

regionid

deploymentid
deploymentid string

deploymentid

friendlyname
friendlyname string

friendlyname

New Hook

Add a new hook to this Cloud PKI Deployment

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Are You PowerApps?
powerapps True string

Set to false unless calling from PowerApps

Email
email string

Email Address to be notified when Event is triggered.

CallBack URL
callbackurl string

The URL to be called when an Event is triggered

Hook Type
type True string

Select Hook Type - Web, Email or PowerBI

events
events True array of string

events

Returns

Name Path Type Description
status
status string

status

objecturi
objecturi string

objecturi

hookid
hookid string

hookid

New Request

New Certificate Request

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Are You PowerApps?
powerapps True string

Set to false unless calling from PowerApps

Certificate Signing Request
csr True string

Paste your CSR here. It must start with '-----BEGIN NEW CERTIFICATE REQUEST-----'

Template Name
templateid string

Template Name

Owner Notifications Email Addresses
owneremail string

Owner Email

Reference
reference string

RFC ID, CMDB Reference, Ticket Reference or other reference

Request Comment
comment string

Extra non-critical info for the request approver

Urgent Request
urgent string

Urgent Request

Important Certificate
important string

Important Certificate

Renewal Request?
renewal string

Is this request renewing an existing certificate?

Thumbprint Renewal Certificate
previouscertificate string

Thumbprint Of Certificate being renewed with this request

Pre-Approve Future Renewal
renewalstatus string

Pre-Approve Future Renewal of the issued Certificate?

Returns

Name Path Type Description
Submission Status
status string

Submission Status

Cloud PKI Request ID
requestid string

Request ID

objecturi
objecturi string

objecturi

message
message string

message

Query Certificate Revocation Lists (CRLs)

Queries for CRLs based on selected criteria

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

CRL ID
crlid string

Cloud PKI Certificate Revocation List ID

CRL Status
status string

Current CRL Status

Issued in the past # days
issued integer

Days

CRLS Expiring in the next # days
expiring integer

Days

CRL Number
crlnumber string

Hexadecimal CRL number as shown by the OS

CRL Number in Decimal
crlnumberdecimal string

Decimal representation of the CRL Number

Authority Key Identifier
aki string

AKI which is the SKI of the CRLs Issuing CA

Contains Serial Number
serialnumber string

Serial number to search for in certificate revocation lists

Returns

Name Path Type Description
array of object
Valid From
validfrom string

CRL Start Date

Valid To
validto string

CRL Expiry Date

Valid From (Epoch)
validfromepoch integer

CRL Start Date as Epoch timestamp

Valid To (Epoch)
validtoepoch integer

CRL Expiry Date as Epoch Timestamp

issuer
issuer string

issuer

signaturealgorithm
signaturealgorithm string

signaturealgorithm

signaturehashalgorithm
signaturehashalgorithm string

signaturehashalgorithm

caversion
caversion string

caversion

aki
aki string

aki

crlnumber
crlnumber string

crlnumber

crlnumberdecimal
crlnumberdecimal integer

crlnumberdecimal

nextpublish
nextpublish date-time

nextpublish

nextpublishepoch
nextpublishepoch integer

nextpublishepoch

crlid
crlid string

crlid

crlentries
crlentries array of string

crlentries

Query Certificate Templates

Search for certificate templates

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Status
status string

Select Published or Unpublished

Type
type string

Select User or Computer

Template Version
version string

Select Version 1 (Server 2000), Version 2 (Server 2003 Enterprise), Version 3 (Server 2008 Standard), Version 4 (Server 2012 Standard)

Template OID
templateoid string

eg..1.3.6.1.4.1.52136

Key Type
keytype string

Select RSA or ECC

Smallest Minimum Key Length
min-minkeylength integer

Minimum key lengths greater than or equal to eg.. 512

Largest Minimum Key Length
max-minkeylength integer

Minimum key lengths less than or equal to eg.. 4096

Shortest Validity Period
min-validity integer

Certificates valid for at least "x" days eg.. 180

Longest Validity Period
max-validity integer

Certificates valid for at most "x" days eg.. 180

Returns

Name Path Type Description
array of object
name
name string

name

displayname
displayname string

displayname

distinguishedname
distinguishedname string

distinguishedname

objectguid
objectguid string

objectguid

forestrootdn
forestrootdn string

forestrootdn

forestrootfqdn
forestrootfqdn string

forestrootfqdn

whencreated
whencreated string

whencreated

whenchanged
whenchanged string

whenchanged

status
status string

status

publishedby
publishedby array of string

publishedby

templateoid
templateoid string

templateoid

templateversion
templateversion integer

templateversion

majorversion
majorversion integer

majorversion

minorversion
minorversion integer

minorversion

templateid
templateid string

templateid

templatetype
templatetype string

templatetype

validityperiod
validityperiod integer

validityperiod

renewalperiod
renewalperiod integer

renewalperiod

defaultkeyspec
defaultkeyspec integer

defaultkeyspec

basickeyusage
basickeyusage integer

basickeyusage

KEYENCIPHERMENT
basickeyusagedecoded.KEYENCIPHERMENT string

KEYENCIPHERMENT

NONREPUDIATION
basickeyusagedecoded.NONREPUDIATION string

NONREPUDIATION

KEYAGREEMENT
basickeyusagedecoded.KEYAGREEMENT string

KEYAGREEMENT

DIGITALSIGNATURE
basickeyusagedecoded.DIGITALSIGNATURE string

DIGITALSIGNATURE

DATAENCIPHERMENT
basickeyusagedecoded.DATAENCIPHERMENT string

DATAENCIPHERMENT

KEYCERTSIGN
basickeyusagedecoded.KEYCERTSIGN string

KEYCERTSIGN

CRLSIGN
basickeyusagedecoded.CRLSIGN string

CRLSIGN

enhancedkeyusage
enhancedkeyusage array of string

enhancedkeyusage

criticalextensions
criticalextensions array of string

criticalextensions

minimumkeysize
minimumkeysize integer

minimumkeysize

defaultcsps
defaultcsps array of string

defaultcsps

maxdepth
maxdepth integer

maxdepth

supersededtemplates
supersededtemplates array of string

supersededtemplates

issuancepolicy
issuancepolicy array of string

issuancepolicy

applicationpolicy
applicationpolicy array of string

applicationpolicy

rasignaturecount
rasignaturecount integer

rasignaturecount

rasignatureissuancepolicies
rasignatureissuancepolicies array of string

rasignatureissuancepolicies

templateflags
templateflags integer

templateflags

PRIVATEKEYEXPORTABLE
templateflagsdecoded.PRIVATEKEYEXPORTABLE string

PRIVATEKEYEXPORTABLE

ENABLEAUTOENROLLMENT
templateflagsdecoded.ENABLEAUTOENROLLMENT string

ENABLEAUTOENROLLMENT

ISCOMPUTERCERT
templateflagsdecoded.ISCOMPUTERCERT string

ISCOMPUTERCERT

ISCROSSCA
templateflagsdecoded.ISCROSSCA string

ISCROSSCA

ISCA
templateflagsdecoded.ISCA string

ISCA

PUBLISHTOREQUESTERUSEROBJECT
templateflagsdecoded.PUBLISHTOREQUESTERUSEROBJECT string

PUBLISHTOREQUESTERUSEROBJECT

ISEDITABLE
templateflagsdecoded.ISEDITABLE string

ISEDITABLE

DONOTPERSISTINDB
templateflagsdecoded.DONOTPERSISTINDB string

DONOTPERSISTINDB

ADDDETAILSTOCERT
templateflagsdecoded.ADDDETAILSTOCERT string

ADDDETAILSTOCERT

ADDEMAIL
templateflagsdecoded.ADDEMAIL string

ADDEMAIL

ISDEFAULT
templateflagsdecoded.ISDEFAULT string

ISDEFAULT

enrollmentflags
enrollmentflags integer

enrollmentflags

ENABLEKEYREUSEONNTTOKENKEYSETSTORAGEFULL
enrollmentflagsdecoded.ENABLEKEYREUSEONNTTOKENKEYSETSTORAGEFULL string

ENABLEKEYREUSEONNTTOKENKEYSETSTORAGEFULL

EXCLUDECRLDETAILSINCERT
enrollmentflagsdecoded.EXCLUDECRLDETAILSINCERT string

EXCLUDECRLDETAILSINCERT

PREVIOUSAPPROVALVALIDATEREENROLLMENT
enrollmentflagsdecoded.PREVIOUSAPPROVALVALIDATEREENROLLMENT string

PREVIOUSAPPROVALVALIDATEREENROLLMENT

AUTOENROLLMENTCHECKUSERDSCERTIFICATE
enrollmentflagsdecoded.AUTOENROLLMENTCHECKUSERDSCERTIFICATE string

AUTOENROLLMENTCHECKUSERDSCERTIFICATE

INCLUDEBASICCONSTRAINTSFOREECERTS
enrollmentflagsdecoded.INCLUDEBASICCONSTRAINTSFOREECERTS string

INCLUDEBASICCONSTRAINTSFOREECERTS

REMOVEINVALIDCERTIFICATEFROMPERSONALSTORE
enrollmentflagsdecoded.REMOVEINVALIDCERTIFICATEFROMPERSONALSTORE string

REMOVEINVALIDCERTIFICATEFROMPERSONALSTORE

EXCLUDEOCSPDETAILSINCERT
enrollmentflagsdecoded.EXCLUDEOCSPDETAILSINCERT string

EXCLUDEOCSPDETAILSINCERT

ALLOWISSUANCEPOLICIESFROMREQUEST
enrollmentflagsdecoded.ALLOWISSUANCEPOLICIESFROMREQUEST string

ALLOWISSUANCEPOLICIESFROMREQUEST

AUTOENROLLMENT
enrollmentflagsdecoded.AUTOENROLLMENT string

AUTOENROLLMENT

PUBLISHTODS
enrollmentflagsdecoded.PUBLISHTODS string

PUBLISHTODS

ALLOWENROLLONBEHALFOF
enrollmentflagsdecoded.ALLOWENROLLONBEHALFOF string

ALLOWENROLLONBEHALFOF

ALLOWKEYBASEDRENEWAL
enrollmentflagsdecoded.ALLOWKEYBASEDRENEWAL string

ALLOWKEYBASEDRENEWAL

PUBLISHTOKRACONTAINER
enrollmentflagsdecoded.PUBLISHTOKRACONTAINER string

PUBLISHTOKRACONTAINER

USERINTERACTIONREQUIRED
enrollmentflagsdecoded.USERINTERACTIONREQUIRED string

USERINTERACTIONREQUIRED

CERTMGRAPPROVALREQUIRED
enrollmentflagsdecoded.CERTMGRAPPROVALREQUIRED string

CERTMGRAPPROVALREQUIRED

INCLUDESYMETRICALGORITHMS
enrollmentflagsdecoded.INCLUDESYMETRICALGORITHMS string

INCLUDESYMETRICALGORITHMS

certificatenameflags
certificatenameflags integer

certificatenameflags

SUBJECTREQUIREDNSASCN
certificatenameflagsdecoded.SUBJECTREQUIREDNSASCN string

SUBJECTREQUIREDNSASCN

SUBJECTALTREQUIREEMAIL
certificatenameflagsdecoded.SUBJECTALTREQUIREEMAIL string

SUBJECTALTREQUIREEMAIL

SUBJECTREQUIREEMAIL
certificatenameflagsdecoded.SUBJECTREQUIREEMAIL string

SUBJECTREQUIREEMAIL

SUBJECTALTREQUIREDNS
certificatenameflagsdecoded.SUBJECTALTREQUIREDNS string

SUBJECTALTREQUIREDNS

SUBJECTALTREQUIREDOMAINDNS
certificatenameflagsdecoded.SUBJECTALTREQUIREDOMAINDNS string

SUBJECTALTREQUIREDOMAINDNS

ENROLEESUPLIESSUBJECTALTNAME
certificatenameflagsdecoded.ENROLEESUPLIESSUBJECTALTNAME string

ENROLEESUPLIESSUBJECTALTNAME

OLDCERTSUPPLIESSUBJECTANDALTNAME
certificatenameflagsdecoded.OLDCERTSUPPLIESSUBJECTANDALTNAME string

OLDCERTSUPPLIESSUBJECTANDALTNAME

SUBJECTALTREQUIREUPN
certificatenameflagsdecoded.SUBJECTALTREQUIREUPN string

SUBJECTALTREQUIREUPN

SUBJECTALTREQUIREDIRECTORYGUID
certificatenameflagsdecoded.SUBJECTALTREQUIREDIRECTORYGUID string

SUBJECTALTREQUIREDIRECTORYGUID

SUBJECTREQUIRECOMMONNAME
certificatenameflagsdecoded.SUBJECTREQUIRECOMMONNAME string

SUBJECTREQUIRECOMMONNAME

SUBJECTALTREQUIRESPN
certificatenameflagsdecoded.SUBJECTALTREQUIRESPN string

SUBJECTALTREQUIRESPN

ENROLEESUPLIESSUBJECT
certificatenameflagsdecoded.ENROLEESUPLIESSUBJECT string

ENROLEESUPLIESSUBJECT

SUBJECTREQUIREDIRECTORYPATH
certificatenameflagsdecoded.SUBJECTREQUIREDIRECTORYPATH string

SUBJECTREQUIREDIRECTORYPATH

privatekeyflags
privatekeyflags integer

privatekeyflags

REQUIREALTERNATESIGNATUREALGORITHM
privatekeyflagsdecoded.REQUIREALTERNATESIGNATUREALGORITHM string

REQUIREALTERNATESIGNATUREALGORITHM

EXPORTABLEKEY
privatekeyflagsdecoded.EXPORTABLEKEY string

EXPORTABLEKEY

REQUIRESAMEKEYRENEWAL
privatekeyflagsdecoded.REQUIRESAMEKEYRENEWAL string

REQUIRESAMEKEYRENEWAL

EKVALIDATECERT
privatekeyflagsdecoded.EKVALIDATECERT string

EKVALIDATECERT

EKVALIDATEKEY
privatekeyflagsdecoded.EKVALIDATEKEY string

EKVALIDATEKEY

STRONGKEYPROTECTIONREQUIRED
privatekeyflagsdecoded.STRONGKEYPROTECTIONREQUIRED string

STRONGKEYPROTECTIONREQUIRED

ATTESTATIONWITHOUTPOLICY
privatekeyflagsdecoded.ATTESTATIONWITHOUTPOLICY string

ATTESTATIONWITHOUTPOLICY

EKTRUSTONUSE
privatekeyflagsdecoded.EKTRUSTONUSE string

EKTRUSTONUSE

ATTESTREQUIRED
privatekeyflagsdecoded.ATTESTREQUIRED string

ATTESTREQUIRED

USELEGACYPROVIDER
privatekeyflagsdecoded.USELEGACYPROVIDER string

USELEGACYPROVIDER

ATTESTPREFERRED
privatekeyflagsdecoded.ATTESTPREFERRED string

ATTESTPREFERRED

REQUIREPRIVATEKEYARCHIVAL
privatekeyflagsdecoded.REQUIREPRIVATEKEYARCHIVAL string

REQUIREPRIVATEKEYARCHIVAL

ATTESTNONE
privatekeyflagsdecoded.ATTESTNONE string

ATTESTNONE

rasignatureapplicationpolicy
rasignatureapplicationpolicy string

rasignatureapplicationpolicy

keytype
keytype string

keytype

defaultkeyspecdecoded
defaultkeyspecdecoded string

defaultkeyspecdecoded

privatekeyasymmetricalgorithm
privatekeyasymmetricalgorithm string

privatekeyasymmetricalgorithm

requesthashalgorithm
requesthashalgorithm string

requesthashalgorithm

privatekeysecuritydescriptor
privatekeysecuritydescriptor string

privatekeysecuritydescriptor

privatekeyusage
privatekeyusage string

privatekeyusage

KEYAGREEMENT
privatekeyusagedecoded.KEYAGREEMENT string

KEYAGREEMENT

SIGNING
privatekeyusagedecoded.SIGNING string

SIGNING

DECRYPTION
privatekeyusagedecoded.DECRYPTION string

DECRYPTION

ALLUSAGES
privatekeyusagedecoded.ALLUSAGES string

ALLUSAGES

keyarchivalsymmetricalgorithm
keyarchivalsymmetricalgorithm string

keyarchivalsymmetricalgorithm

keyarchivalsymmetrickeylength
keyarchivalsymmetrickeylength string

keyarchivalsymmetrickeylength

Important
cloudpki.important string

Imported Certificates from this template will be marked as important

Owner Email Addresses
cloudpki.owneremail array of string

owneremail

Imported Certificates from this template will have these Owners String
cloudpki.owneremailstring string

owneremail

Auto Approve Account IDs
cloudpki.autoapproveid array of string

autoapproveid

Certificate Template Auto Approver Account IDs String
cloudpki.autoapproveidstring string

autoapproveidstring

Template Hidden
cloudpki.hidden string

Certificate Template hidden from certificate requesters.

Renewal Status
cloudpki.renewalstatus string

Imported certificates will have this renewal status

Last Modified Epoch Timestamp
cloudpki.lastmodified string

Last Modified Epoch Timestamp

lastmodifiedepoch
cloudpki.lastmodifiedepoch integer

lastmodifiedepoch

Last Modified By ID
cloudpki.lastmodifiedid string

Last Modified By ID

Last Modified By Email
cloudpki.lastmodifiedemail string

Last Modified By Email

Last Modified Event
cloudpki.lastmodifiedevent string

Last Modified Event

Query Certificates

Query Certificates Issued by this Cloud PKI deployment

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Time Valid
timevalid string

Certificates that are still time valid

Important Certificate
important string

Certificates that are marked important

Renewal Status
renewalstatus string

Query by Current renewal status

Expiring in
expiring integer

Certificates expiring in the next days. (Min=1 Max=180)

Subject
subject string

Subject name to query for

Status
status string

Current status of the certificate

Serial Number
serialnumber string

Serial Number of the certificate to query for

Subject Key Identifier (SKI)
ski string

Subject Key Identifier of the certificates to query for

Authority Key Identifier
aki string

Authority Key Identifier of the certificates to query for

Key Type
keytype string

Public Key Algorithm Type to search for

Key Length
keylength integer

Public Key Length of the certificates to query for

Owner Email Addresses
owneremail string

Email Address of Certificate Owners to query certificates for

Returns

Name Path Type Description
array of object
Status
status string

Certificate Status (Issued or Revoked)

Thumbprint
thumbprint string

Certificate SHA1 Thumbprint

Serial Number
serialnumber string

Serial Number

Valid From
validfrom string

Certificate Start Date

Valid To
validto string

Certificate Expiry Date

Valid From (Epoch)
validfromepoch integer

Certificate Start Date as Epoch timestamp

Valid To (Epoch)
validtoepoch integer

Certificate Expiry Date as Epoch Timestamp

Issuing CA
issuername string

The Issuers Common CA Name

Subject
subject array of string

The subject of the certificate

SAN
subjectalternativename array of string

Subject Alternate Names for the Certificate

Dispaly Subject
displaysubject string

A rationalised subject name for easier identification.

Template Name
templatename string

Template Short Name

Template ID
cloudpki.templateid string

Cloud PKI Template ID

owneremail
cloudpki.owneremail array of string

owneremail

Renewal Status
cloudpki.renewalstatus string

Current Renewal Status

Life-cycle Phase
cloudpki.phase string

Current Certificate Life-cycle Phase

Important
cloudpki.important string

Certificate Marked As Important

Query Hooks

Query all hooks in this Cloud PKI Deployment

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Status
status string

Hook Status

Type
type string

Hook Type

Event
event string

Event Name

Returns

Name Path Type Description
array of object
Hook ID
hookid string

Unique Identifier of Hook (SHA1 of Email Address or CallbackURL)

Events
events string

Events this hook is triggered by

Call Back URL
callbackurl string

The URL the hook will notify of subscribed events

Type
type string

Hook Type (Web, Email or PowerBI)

Object URI
objecturi string

Object URI of the Hook

Creator ID
creatorid string

Username of Admin Who Created the Hook

Creator Email
creatoremail string

Email Address of Admin Who Created the Hook

Status
status string

Hook Status (Enabled or Disabled)

When Changed
whenchanged date-time

When Changed Timestamp

When Changed Epoch
whenchangedepoch integer

When Changed Epoch Timestamp

User Agent
useragent string

Useragent Header of Hook Creation Call

Workflow - Name
workflowdetails.workflowname string

Workflow Name of the Logic Apps or Flow Workflow

Workflow - Operation Name
workflowdetails.workflowoperationname string

Operation Name of the Logic Apps or Flow Workflow

Workflow - ID
workflowdetails.workflowid string

ID of the Logic Apps or Flow Workflow

Workflow - Version
workflowdetails.workflowversion string

Version of the Logic Apps or Flow Workflow

Workflow - Subscription ID
workflowdetails.workflowsubscriptionid string

Subscription ID of the Logic Apps or Flow Workflow

Workflow - Location
workflowdetails.workflowlocation string

Location of the Logic Apps or Flow Workflow

Query Requests

Query Certificate Signing Requests

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Request Status
status string

Current Request Status

Request Source
source string

"Cloud PKI" or Certificate Authority Common Name eg "Issuing CA 1"

Approver ID
approverid string

Microsoft Entra ID Approver ID

Approver Email
approveremail string

Approvers Email Address

Submitter ID
submitterid string

Microsoft Entra ID Submitter ID

Submitter Email
submitteremail string

Submitters Email Address

Owner Email Addresses
owneremail string

Certificate Owner Email Addresses

Returns

Name Path Type Description
array of object
Cloud PKI Request ID
requestid string

Cloud PKI Request ID

Request Status
status string

Request Status

Request Source
requestsource string

Request Source

Display Subject
displaysubject string

Display Subject

subject
subject array of string

Subject

Template ID
templateid string

Template ID

Template Name
templatename string

Template Name

CA Request Details - CA Request ID
requestdetails.carequestid integer

Request ID from the Issuing CA

CA Requester Name
requestdetails.requestername string

CA Requester Name

Reference
cloudpki.reference string

Reference

Comment
cloudpki.comment string

Comment

Urgent Flag
cloudpki.urgent string

Urgent Flag

Important Flag
cloudpki.important string

Important Flag

Submitter ID
cloudpki.submitterid string

Submitter ID

Submitter Email
cloudpki.submitteremail string

Submitter Email

subjectalternativename
subjectalternativename array of string

subjectalternativename

Update Certificate

Change the status or metadata of a certificate

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Thumbprint
thumbprint True string

Certificate SHA1 Thumbprint

Are You PowerApps?
powerapps True string

Set to false unless calling from PowerApps

Important
important string

Choose if this certificate is Important

Issued Status
status string

Change the issued status of the certificate

Approved For Renewal
renewalstatus string

Should this certificate be renewed?

Comment
comment string

A comment for the Certificate

Reference
reference string

A reference for the certificate eg Server Name, CMDB URL

Certificate Owners
owneremail string

Certificate Owner Email Addresses

Returns

Name Path Type Description
Status
status string

Status

Status Message
message string

Status Message

Connector Action ID
connectoractionid string

Connector Action ID

Thumbprint
thumbprint string

Updated Certificate Thumbprint

Update Request

Approve, Deny or Update an existing Certificate Request

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Request ID
requestid True string

Cloud PKI Request ID

Are You PowerApps?
powerapps True string

Set to false unless calling from PowerApps

Request Status
status True string

Set the Request Status

Comment
comment string

Set a comment on the request

Reference
reference string

Set an RFC ID, CMDB Reference, Ticket Reference or other reference to the request

Urgent
urgent string

Is this Certificate Request Urgent?

Important Certificate
important string

Mark the issued Certificate as Important

Approved For Renewal
renewalstatus string

Should this certificate be renewed?

Template Name
templateid string

The template name for the Issued Certificate

Certificate Owners
owneremail string

Email Addresses of Certificate Owners to be Notified of Certificate Life-Cycle Events

Returns

Name Path Type Description
Status
status string

Status

Status Message
message string

Status Message

Request ID
requestid string

Request ID

Connector Action ID
connectoractionid string

Connector Action ID

Update Template

Change the status or metadata of a Template

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Template ID
templateid True string

Certificate Template ID

Are You PowerApps?
powerapps True string

Set to false unless calling from PowerApps

Important
important string

Choose if certificates issued from this template are Important.

Approved For Renewal
renewalstatus string

Choose the renewalstatus for certificates issued from this template.

Hidden
hidden string

Choose if this template should be hidden from certificate requesters.

Certificate Owners
owneremail string

Certificate Owner Email Addresses

Auto Approval Account IDs
autoapproveid string

Account IDs of certificate requesters who will have their requests approved automatically

Returns

Name Path Type Description
Status
status string

Status

Status Message
message string

Status Message

Updated Template ID
templateid string

Updated Certificate Template ID

Triggers

Certificate Expired

A certificate has expired.

Certificate Expiring

A certificate is expiring in 60 days

Certificate Issued

A new certificate has been issued by the Certificate Authority

Certificate Renewing

A certificate is available for renewal.

Certificate Revoked

An existing certificate has been revoked by the Certificate Authority

Certificate Updated

An existing certificate's CloudPKI properties have been updated.

Connector Action Added

A new Cloud PKI Connector action has been Added.

Connector Action Completed

An action executed by the Cloud PKI Connector has completed.

Connector Action Failed

An action executed by the Cloud PKI Connector has failed.

Connector Action Stalled

An action executed by the Cloud PKI Connector has stalled.

CRL Issued

A new certificate revocation list (CRL) has been issued by the Certificate Authority

Hook Added

A new hook has been added to this Cloud PKI deployment

Hook Removed

A hook has been removed from this Cloud PKI deployment

Request Approved

A certificate request has been approved for issuance by a Certificate Manager

Request Denied

A certificate request has been denied issuance by a Certificate Manager

Request Failed

A certificate request has failed to be processed by the Certificate Authority

Request Pending Approval

A new certificate request is pending approval from a Certificate Manager

Request Updated

An existing request's CloudPKI properties have been updated.

Template Published

A certificate template has been published by the Certificate Authority

Template Unpublished

A certificate template has been unpublished by the Certificate Authority

Template Updated

A certificate template has been updated.

Certificate Expired

A certificate has expired.

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Returns

Name Path Type Description
Region ID
regionID string

Expired Certificate Region ID

Deployment ID
deploymentid string

Expired Certificate Deployment ID

Thumbprint
thumbprint string

Expired Certificate Thumbprint

Certificate Expiring

A certificate is expiring in 60 days

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Returns

Name Path Type Description
Region ID
regionID string

Expiring Certificate Region ID

Deployment ID
deploymentid string

Expiring Certificate Deployment ID

Thumbprint
thumbprint string

Expiring Certificate Thumbprint

Certificate Issued

A new certificate has been issued by the Certificate Authority

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Returns

Name Path Type Description
Region ID
regionID string

Issued Certificate Region ID

Deployment ID
deploymentid string

Issued Certificate Deployment ID

Thumbprint
thumbprint string

Issued Certificate Thumbprint

Certificate Renewing

A certificate is available for renewal.

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Returns

Name Path Type Description
Region ID
regionID string

Renewing Certificate Region ID

Deployment ID
deploymentid string

Renewing Certificate Deployment ID

Thumbprint
thumbprint string

Renewing Certificate Thumbprint

Certificate Revoked

An existing certificate has been revoked by the Certificate Authority

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Returns

Name Path Type Description
Region ID
regionID string

Revoked Certificate Region ID

Deployment ID
deploymentid string

Revoked Certificate Deployment ID

Thumbprint
thumbprint string

Revoked Certificate Thumbprint

Certificate Updated

An existing certificate's CloudPKI properties have been updated.

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Returns

Name Path Type Description
Region ID
regionID string

Updated Certificate Region ID

Deployment ID
deploymentid string

Updated Certificate Deployment ID

Thumbprint
thumbprint string

Updated Certificate Thumbprint

Connector Action Added

A new Cloud PKI Connector action has been Added.

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Returns

Name Path Type Description
Region ID
regionID string

New Connector Action Region ID

Deployment ID
deploymentid string

New Connector Action Deployment ID

Connector Action ID
connectoractionid string

New Connector Action ID

Connector Action Completed

An action executed by the Cloud PKI Connector has completed.

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Returns

Name Path Type Description
Region ID
regionID string

Completed Connector Action Region ID

Deployment ID
deploymentid string

Completed Connector Action Deployment ID

Connector Action ID
connectoractionid string

Completed Connector Action ID

Connector Action Failed

An action executed by the Cloud PKI Connector has failed.

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Returns

Name Path Type Description
Region ID
regionID string

Failed Connector Action Region ID

Deployment ID
deploymentid string

Failed Connector Action Deployment ID

Connector Action ID
connectoractionid string

Failed Connector Action ID

Connector Action Stalled

An action executed by the Cloud PKI Connector has stalled.

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Returns

Name Path Type Description
Region ID
regionID string

Stalled Connector Action Region ID

Deployment ID
deploymentid string

Stalled Connector Action Deployment ID

Action ID
connectoractionid string

Stalled Connector Action ID

CRL Issued

A new certificate revocation list (CRL) has been issued by the Certificate Authority

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Returns

Name Path Type Description
Region ID
regionID string

Issued CRL Region ID

Deployment ID
deploymentid string

Issued CRL Deployment ID

CRL ID
crlid string

Issued CRL ID

Hook Added

A new hook has been added to this Cloud PKI deployment

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Returns

Name Path Type Description
Region ID
regionID string

Added Hook Region ID

Deployment ID
deploymentid string

Added Hook Deployment ID

Hook ID
hookid string

Added Hook ID

Hook Removed

A hook has been removed from this Cloud PKI deployment

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Returns

Name Path Type Description
Region ID
regionID string

Removed Hook Region ID

Deployment ID
deploymentid string

Removed Hook Deployment ID

Hook ID
hookid string

Removed Hook ID

Request Approved

A certificate request has been approved for issuance by a Certificate Manager

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Returns

Name Path Type Description
Region ID
regionID string

Approved Request Region ID

Deployment ID
deploymentid string

Approved Request Deployment ID

Request ID
requestid string

Approved Request ID

Request Denied

A certificate request has been denied issuance by a Certificate Manager

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Returns

Name Path Type Description
Region ID
regionID string

Denied Request Region ID

Deployment ID
deploymentid string

Denied Request Deployment ID

Request ID
requestid string

Denied Request ID

Request Failed

A certificate request has failed to be processed by the Certificate Authority

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Returns

Name Path Type Description
Region ID
regionID string

Failed Request Region ID

Deployment ID
deploymentid string

Failed Request Deployment ID

Request ID
requestid string

Failed Request ID

Request Pending Approval

A new certificate request is pending approval from a Certificate Manager

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Returns

Name Path Type Description
Region ID
regionID string

Pending Request Region ID

Deployment ID
deploymentid string

Pending Request Deployment ID

Request ID
requestid string

Pending Request ID

Request Updated

An existing request's CloudPKI properties have been updated.

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Returns

Name Path Type Description
Region ID
regionID string

Updated Request Region ID

Deployment ID
deploymentid string

Updated Request Deployment ID

Request ID
requestid string

Updated Request ID

Template Published

A certificate template has been published by the Certificate Authority

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Returns

Name Path Type Description
Region ID
regionID string

Published Template Region ID

Deployment ID
deploymentid string

Published Template Deployment ID

Template ID
templateid string

Published Template ID

Template Unpublished

A certificate template has been unpublished by the Certificate Authority

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Returns

Name Path Type Description
Region ID
regionID string

Unpublished Template Region ID

Deployment ID
deploymentid string

Unpublished Template Deployment ID

Template ID
templateid string

Unpublished Template ID

Template Updated

A certificate template has been updated.

Parameters

Name Key Required Type Description
Region ID
regionid True string

Cloud PKI Deployment Region

Deployment ID
deploymentid True string

Cloud PKI Deployment ID eg.. 24F3NU4E

Returns

Name Path Type Description
Region ID
regionID string

Updated Template Region ID

Deployment ID
deploymentid string

Updated Template Deployment ID

Template ID
templateid string

Updated Template ID

Definitions

string

This is the basic data type 'string'.