The Certisign Portal APIs authentication is carried out with the information of a Token you have to send in the header to authenticate all requests.

Token: It's a unique value generated for a product subscritpion.

Getting the Token for Sandbox

Once a new subscription is created in the developer portal, a Token is generated with the access rules required to access the Sandbox API.
You can view all your Sandbox subscriptions in the Profle menu.

Getting the token for Production

When you finish testing the Sandbox and your integration is ready for Go Live, you will need a new token with the necessary access rules for the production environment.
Unlike the Sandbox environment, the generation of this new token is not performed here in the Developer Portal. See more here.

Notes: The API Token is different for your test and your production application.

Transport Protocol

For security reasons, all information passed through the APIs should be made through HTTPS protocol, which ensures a safe channel and eliminates the manually encrypted tokens. So, you can only use our API through HTTPS protocol and calls made over plain HTTP will fail.

Authentication Errors

Inexistent/wrong Token:The error 401 Unauthorized is returned.

Access denied due to invalid subscription key. Make sure to provide a valid key for an active subscription.