Knowledge Base
Removal of Organization Web API Secret Key in SCM
The ability to specify a secret key for Web APIs per organization was removed in SCM release 23.6.1.
With SCM release 23.6.1, the organization creation REST API was enhanced to allow for the specification of the initial state of the “Enable Web / REST API” setting for SSL and client certificates.
Prior to this release, it was not possible to programmatically create an organization with the REST API enabled and then continue to configure/change the organization in other ways via REST.
The default value was disabled, forcing usage of the SCM UI to enable before further REST calls could be used.
When creating the enhanced organization creation REST API, it was decided that the ability to specify a secret key was of limited value and unnecessarily complicated configuration.
It applied only to the SOAP API for SSL certificates, though it was required to be set in all cases. It was used to authenticate a SOAP API request in addition to the admin’s username/password.
The previous authentication would validate that authentication data (username/password), role based access to the requested organization and then the secret key.
The secret key was thus removed from an organization’s web API configuration and is no longer checked during SOAP API for SSL certificate requests.
If client software that uses the SCM SSL SOAP API requires a secret key to be entered per organization, you may specify any value, since SCM will ignore it during authentication.
Please contact SCM Support for further information.
With SCM release 23.6.1, the organization creation REST API was enhanced to allow for the specification of the initial state of the “Enable Web / REST API” setting for SSL and client certificates.
Prior to this release, it was not possible to programmatically create an organization with the REST API enabled and then continue to configure/change the organization in other ways via REST.
The default value was disabled, forcing usage of the SCM UI to enable before further REST calls could be used.
When creating the enhanced organization creation REST API, it was decided that the ability to specify a secret key was of limited value and unnecessarily complicated configuration.
It applied only to the SOAP API for SSL certificates, though it was required to be set in all cases. It was used to authenticate a SOAP API request in addition to the admin’s username/password.
The previous authentication would validate that authentication data (username/password), role based access to the requested organization and then the secret key.
The secret key was thus removed from an organization’s web API configuration and is no longer checked during SOAP API for SSL certificate requests.
If client software that uses the SCM SSL SOAP API requires a secret key to be entered per organization, you may specify any value, since SCM will ignore it during authentication.
Please contact SCM Support for further information.
Need help?
Need help making a purchase? Contact us today to get your certificate issued right away.
Live chat
Click the button below or click "Chat with an Expert" to start chatting with us now!
