Purchasing an SSL Certificate

Function

This API is used to purchase an SSL certificate.

Debugging

You can debug this API through automatic authentication in API Explorer or use the SDK sample code generated by API Explorer.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.

If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.

If you are using identity policy-based authorization, the following identity policy-based permissions are required.

Action	Access Level	Resource Type (*: required)	Condition Key	Alias	Dependencies
scm:cert:subscribe	Write	cert *	-	scm:cert:purchase	-
scm:cert:subscribe	Write	-	g:EnterpriseProjectId g:RequestTag/<tag-key> g:TagKeys	scm:cert:purchase	-

URI

POST /v3/scm/certificates/buy

Request Parameters

**Table 1** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. It can be obtained by calling the IAM API. The value of X-Subject-Token in the response header is the user token. Minimum: 32 Maximum: 2097152

**Table 2** Request body parameters
Parameter	Mandatory	Type	Description
cert_brand	Yes	String	Certificate authority. The options are as follows: GEOTRUST GLOBALSIGN SYMANTEC CFCA TRUSTASIA VTRUS Minimum: 0 Maximum: 32
cert_type	Yes	String	Certificate type. The options are as follows: DV_SSL_CERT DV_SSL_CERT_BASIC EV_SSL_CERT EV_SSL_CERT_PRO OV_SSL_CERT OV_SSL_CERT_PRO Minimum: 0 Maximum: 32
domain_type	Yes	String	Domain name type. The options are as follows: SINGLE_DOMAIN: single domain name. MULTI_DOMAIN: multi-domain name type. WILDCARD: wildcard domain name. Minimum: 0 Maximum: 32
effective_time	Yes	Integer	Certificate validity period, in years. Minimum: 1 Maximum: 3
domain_numbers	Yes	Integer	Number of domain names. If domain_type is set to SINGLE_DOMAIN or WILDCARD, the value is 1. If domain_type is set to MULTI_DOMAIN, the value ranges from 2 to 100. Minimum: 1 Maximum: 100
order_number	Yes	Integer	Number of purchased certificates. The value ranges from 1 to 100. Minimum: 1 Maximum: 100
agree_privacy_protection	Yes	Boolean	Whether to agree to the privacy agreement. The value can only be true. true: agree false: disagree
primary_domain_type	No	String	Primary domain name type in multiple domain names. The value can be: SINGLE_DOMAIN: primary single domain name WILDCARD_DOMAIN: primary wildcard domain name Minimum: 0 Maximum: 63
single_domain_number	No	Integer	Number of additional single domain names. Minimum: 1 Maximum: 100
wildcard_domain_number	No	Integer	Number of additional wildcard domain names. Minimum: 1 Maximum: 100
is_auto_pay	No	Boolean	Whether to enable auto payment. true: enable false: disable
enterprise_project_id	No	String	Enterprise project ID. If the enterprise project function is not enabled, you do not need to set this parameter. If the enterprise project function is enabled, you can set this parameter when querying a resource. If this parameter is not specified, the system searches for the required resource in all the enterprise projects that you have permissions for. In this case, the value of enterprise_project_id is all. The parameter value must meet one of the following requirements: The value is all. The value is 0. The value matches the ^[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12}$ regular expression. Minimum: 0 Maximum: 36
order_id	No	String	Order ID. Used only in combined purchase scenarios. Minimum: 0 Maximum: 63
tags	No	Array of ScsResourceTag objects	Tags. Array Length: 0 - 10

**Table 3** ScsResourceTag
Parameter	Mandatory	Type	Description
key	No	String	Tag key. Minimum: 0 Maximum: 128
value	No	String	Tag value. Minimum: 0 Maximum: 255

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
order_id	String	Order ID. Minimum: 0 Maximum: 63
cert	Array of CertDetail objects	For details, see parameter description of the CertDetail field. Array Length: 0 - 1000

**Table 5** CertDetail
Parameter	Type	Description
cert_id	String	Certificate ID. Minimum: 16 Maximum: 16

Status code: 401

**Table 6** Response body parameters
Parameter	Type	Description
error_code	String	Error code returned for an error request. Minimum: 3 Maximum: 36
error_msg	String	Error information returned for an error request. Minimum: 0 Maximum: 1024

Status code: 403

**Table 7** Response body parameters
Parameter	Type	Description
error_code	String	Error code returned for an error request. Minimum: 3 Maximum: 36
error_msg	String	Error information returned for an error request. Minimum: 0 Maximum: 1024

Status code: 500

**Table 8** Response body parameters
Parameter	Type	Description
error_code	String	Error code returned for an error request. Minimum: 3 Maximum: 36
error_msg	String	Error information returned for an error request. Minimum: 0 Maximum: 1024

Example Requests

{
  "cert_brand" : "GLOBALSIGN",
  "cert_type" : "OV_SSL_CERT",
  "domain_type" : "MULTI_DOMAIN",
  "effective_time" : 1,
  "domain_numbers" : 5,
  "order_number" : 1,
  "agree_privacy_protection" : true
}

Example Responses

Status code: 200

Normal return.

{
  "order_id" : "CS1803192259ROA8U",
  "cert" : [ {
    "cert_id" : "scs1481110651012"
  } ]
}

Status code: 401

Authentication failed.

{
  "error_code" : "SCM.XXX",
  "error_msg" : "XXX"
}

Status code: 403

Access denied.

{
  "error_code" : "SCM.XXX",
  "error_msg" : "XXX"
}

Status code: 500

Failed to complete the request because of an internal server error.

{
  "error_code" : "SCM.XXX",
  "error_msg" : "XXX"
}

SDK Sample Code

The SDK sample code is as follows.

Java

    
     
       
       
         package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.GlobalCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.scm.v3.region.ScmRegion;
import com.huaweicloud.sdk.scm.v3.*;
import com.huaweicloud.sdk.scm.v3.model.*;


public class SubscribeCertificateSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");

        ICredential auth = new GlobalCredentials()
                .withAk(ak)
                .withSk(sk);

        ScmClient client = ScmClient.newBuilder()
                .withCredential(auth)
                .withRegion(ScmRegion.valueOf("<YOUR REGION>"))
                .build();
        SubscribeCertificateRequest request = new SubscribeCertificateRequest();
        PurchaseCertificateRequestBody body = new PurchaseCertificateRequestBody();
        body.withAgreePrivacyProtection(true);
        body.withOrderNumber(1);
        body.withDomainNumbers(5);
        body.withEffectiveTime(1);
        body.withDomainType("MULTI_DOMAIN");
        body.withCertType("OV_SSL_CERT");
        body.withCertBrand("GLOBALSIGN");
        request.withBody(body);
        try {
            SubscribeCertificateResponse response = client.subscribeCertificate(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

        

      

    
   

Python

    
     
       
       
         # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import GlobalCredentials
from huaweicloudsdkscm.v3.region.scm_region import ScmRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkscm.v3 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]

    credentials = GlobalCredentials(ak, sk)

    client = ScmClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(ScmRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = SubscribeCertificateRequest()
        request.body = PurchaseCertificateRequestBody(
            agree_privacy_protection=True,
            order_number=1,
            domain_numbers=5,
            effective_time=1,
            domain_type="MULTI_DOMAIN",
            cert_type="OV_SSL_CERT",
            cert_brand="GLOBALSIGN"
        )
        response = client.subscribe_certificate(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

        

      

    
   

Go

    
     
       
       
         package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global"
    scm "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")

    auth := global.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        Build()

    client := scm.NewScmClient(
        scm.ScmClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.SubscribeCertificateRequest{}
	request.Body = &model.PurchaseCertificateRequestBody{
		AgreePrivacyProtection: true,
		OrderNumber: int32(1),
		DomainNumbers: int32(5),
		EffectiveTime: int32(1),
		DomainType: "MULTI_DOMAIN",
		CertType: "OV_SSL_CERT",
		CertBrand: "GLOBALSIGN",
	}
	response, err := client.SubscribeCertificate(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

        

      

    
   

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code	Description
200	Normal return.
401	Authentication failed.
403	Access denied.
404	Access page not found.
500	Failed to complete the request because of an internal server error.