Cert Spotter API

List certificates

GET https://certspotter.com/api/v0/certs?domain=DOMAIN

The following parameters may be specified in the query string:

domain Return certificates for the given domain and all sub-domains. Also returns matching wildcard certificates. Must be at or below a registered domain. Required.
expired Include expired certificates. true or false. Default: false. This option requires you to authenticate with a paid Cert Spotter plan.
duplicate Include duplicate certificates. true or false. When false, only the most recent (pre-)certificate is returned for any given tbsCertificate. Default: false.

Response: JSON array of certificate objects

Get certificate object

GET https://certspotter.com/api/v0/certs/SHA256

SHA256 is the hex-encoded SHA-256 digest of the (pre-)certificate.

Response: certificate object

Certificate Object

A (pre-)certificate is represented by a JSON object with the following fields:

type string cert or precert
dns_names list of strings DNS identifiers, from both the Subject CN and the DNS SANs
sha256 string The hex-encoded SHA-256 digest of the raw X.509 (pre-)certificate
pubkey_sha256 string The hex-encoded SHA-256 digest of the Subject Public Key Info
issuer string The distinguished name of the certificate's issuer
not_before string The not before date, in RFC3339 format (e.g. 2016-06-16T00:00:00-00:00)
not_after string The not after date, in RFC3339 format (e.g. 2016-06-16T00:00:00-00:00)
data string The raw X.509 (pre-)certificate, encoded in base64

Get X.509 certificate (PEM)

GET https://certspotter.com/api/v0/certs/SHA256.pem

SHA256 is the hex-encoded SHA-256 digest of the X.509 (pre-)certificate.

Response: raw X.509 (pre-)certificate, encoded in PEM

Get X.509 certificate (DER)

GET https://certspotter.com/api/v0/certs/SHA256.der

SHA256 is the hex-encoded SHA-256 digest of the X.509 (pre-)certificate.

Response: raw X.509 (pre-)certificate

Authentication

If you have a paid Cert Spotter plan, you can authenticate to the API using one the following methods:

Your API key can be found on your account page.

Examples:

curl -H "Authorization: Bearer 123_sampleapikey" https://certspotter.com/api/v0/certs?...

curl -u 123_sampleapikey: https://certspotter.com/api/v0/certs?...

Unauthenticated access to the API may be subject to rate limits. Some features (indicated above) require authentication.

Start Monitoring with Cert Spotter Today

Better visibility means better uptime and security. Cert Spotter gives you the visibility you need for your certificates.

Click to sign up