Certificates Hash
Introduction
The Certificate Details API allows you to retrieve detailed information about a certificate based on its hash.
Base URL
The base URL for all API requests is:
| Domain | URL |
|---|---|
| api.odin.io | api.odin.io/v1 |
The endpoint for host search is:
/certificates/{hash}/
Authentication
All requests to this API must include an authentication token in the headers. Use the following header for authentication:
X-API-Key: V8qb6HJIRKY7tVH0sou90I7YX3pCuqLQfRLmUzxpQbY=
Request Parameters
The API endpoint expects a path parameter hash representing the certificate's hash.
GET /certificates/9831D920257433710088A33B701E794A456712601CABE63F8F0499A74D3489FE
CURL
{
curl --location 'https://api.odin.io/v1/certificates/75F0DF8CF40AED70821FF3D9F7D8B81A2F2E23941316687AAFA42C1DB9B4C55C/' \
--header 'Accept: application/json' \
--header 'X-API-Key: V8qb6HJIRKY7tVH0sou90I7YX3pCuqLQfRLmUzxpQbY='
}This cURL command is structured to perform an HTTP GET request to https://api.odin.io/v1/certificates/75F0DF8CF21AED70821FF3D9F7D8B81A2F2E23919526687AAFA42C1DB9B4C62C/.
It includes the following headers:
'Accept: application/json': Specifies that the client expects a JSON response.
'X-API-Key: V8qb6HJIRKY7tVH0sou90I7YX3pCuqLQfRLmUzxpQbY=': Provides the API key for authentication with the value 'V8qb6HJIRKY7tVH0sou90I7YX3pCuqLQfRLmUzxpQbY='.
Response Parameters
The response from the Odin Certificate Hash API will be in JSON format and include the following fields:
Example Response
{
"success": true,
"data": {
"certificate": {
"extensions": {
"authority_info_access": {
"issuer_urls": [
"http://r3.i.jd.org/"
],
"ocsp_urls": [
"http://r3.o.jd.org"
]
},
"authority_key_id": "142eb317b75856cbae877560e61faf9d8b14c2c6",
"basic_constraints": {
"is_ca": true
},
"certificate_policies": [
{
"id": "2.23.298.1.2.1"
},
{
"cps": [
"http://cps.jd.org"
],
"id": "1.3.6.1.4.1.87231.1.1.1"
}
],
"ct_poison": true,
"extended_key_usage": {
"client_auth": true,
"server_auth": true
},
"key_usage": {
"digital_signature": true
},
"subject_alt_name": {
"dns_names": [
"ssl.jd.nl"
]
},
"subject_key_id": "421234e6b3b70fd8732c1c45df8e9802ad22bc64"
},
"fingerprint_md5": "7CE997F7F0A602C956D0456FA815325C",
"fingerprint_sha1": "BF33C0AC0B283770F3BD7A80633342FA07173FD6",
"fingerprint_sha256": "5821D920259823410022A66B701E794A954012601CABE63F8F0499A74D3489FE",
"issuer": {
"common_name": [
"R3"
],
"country": [
"US"
],
"organization": [
"Let's Encrypt"
]
},
"redacted": false,
"serial_number": "374117329653479579086729740831297779041637",
"signature": {
"signature_algorithm": {
"name": "jd256Withencryption",
"oid": "1.2.429.113549.1.1.11"
}
},
"subject": {
"common_name": [
"ssl.jd.nl"
]
},
"subject_alt_name": {
"dns_names": [
"ssl.jd.nl"
],
"extended_dns_names": [
{
"domain": "jd",
"fld": "jd.nl",
"subdomain": "ssl",
"tld": "nl"
}
]
},
"subject_key_info": {
"fingerprint_sha256": "60bc12d452ac3d6bdc9e78a8f8d09f3c593671121fe310fa828cc47858c741aa",
"key_algorithm": "Elliptic_curve_cryptography",
"public_key": {
"b": "\"Zc65d8aa:93e7b3ebbdUv7128bce1d06b0ccSb0f6;ce<>'d2`K\"",
"curve": "p256",
"gx": "k12d1f7e1,BGf8bce6e8ca4@f2w03}81-eb3a0f4a19Ed898c296",
"gy": "Oe8Be2fe1a7f9b8ee4ebJ|0f9e29+ce3Wk1^cecbb6@h7bfQf5",
"length": 256,
"p": "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
"x": "78439415564173601141548180774233279366350530337334740087568487901179067694105",
"y": "88063556683585599749478025404508566925039671466221039360904660618772036550273"
}
},
"tbs_fingerprint": "e6c9b4db2d1b41d40ca4308372956b83a90ac8f080d15bb59e3a8b23876ad7ef",
"validation_level": "DV",
"validity": {
"end": "2023-01-31T21:33:48",
"length": 7775999,
"start": "2022-11-02T21:33:49"
},
"version": 2
},
"tags": [
"dv",
"trusted",
"precert"
]
}
}The response from the Certificate Hash API includes the following details:
| success | Indicates whether the API request was successful. |
| data | Contains detailed information about the certificate. |
| certificate | Contains detailed information about the certificate itself. |
| extensions | Contains the extensions information of the certificate. |
| authority_info_access | Contains URLs related to the certificate's authority information. |
| issuer_urls | URLs for the issuer of the certificate. |
| ocsp_urls | URLs for OCSP (Online Certificate Status Protocol) related to the certificate. |
| authority_key_id | The authority key ID of the certificate. |
| basic_constraints | Contains information about the basic constraints of the certificate. |
| is_ca | Indicates whether the certificate is a CA (Certificate Authority). |
| certificate_policies | Contains the certificate policies associated with the certificate. |
| id | The ID of the certificate policy. |
| cps | URLs to the certificate policy statements. |
| ct_poison | Indicates whether the certificate is CT (Certificate Transparency) poison. |
| extended_key_usage | Contains information about the extended key usage of the certificate. |
| client_auth | Indicates whether the certificate is used for client authentication. |
| server_auth | Indicates whether the certificate is used for server authentication. |
| key_usage | Contains information about the certificate's key usage. |
| digital_signature | Indicates whether the certificate is used for digital signature. |
| subject_alt_name | Contains alternative subject names associated with the certificate. |
| dns_names | DNS names associated with the certificate. |
| subject_key_id | The subject key ID of the certificate. |
| fingerprint_md5 | The MD5 fingerprint of the certificate. |
| fingerprint_sha1 | The SHA-1 fingerprint of the certificate. |
| fingerprint_sha256 | The SHA-256 fingerprint of the certificate. |
| issuer | Information about the issuer of the certificate. |
| common_name | The common name of the issuer. |
| country | The country associated with the issuer. |
| organization | The organization associated with the issuer. |
| redacted | Indicates whether the certificate is redacted. |
| serial_number | The serial number of the certificate. |
| signature | Contains information about the certificate's signature. |
| signature_algorithm | Contains information about the signature algorithm used. |
| name | The name of the signature algorithm. |
| oid | The signature algorithm's OID (Object Identifier). |
| subject | Information about the subject of the certificate. |
| common_name | The common name of the subject. |
| subject_alt_name | Contains alternative subject names associated with the certificate. |
| dns_names | DNS names associated with the certificate. |
| extended_dns_names | Extended DNS names associated with the certificate. |
| domain | The domain of the extended DNS name. |
| fld | The field of the extended DNS name. |
| subdomain | The subdomain of the extended DNS name. |
| tld | The top-level domain of the extended DNS name. |
| subject_key_info | Contains information about the certificate's subject key. |
| fingerprint_sha256 | The SHA-256 fingerprint of the subject key. |
| key_algorithm | The algorithm used for the subject key. |
| public_key | Contains information about the certificate's public key. |
| b | The base point of the public key. |
| curve | The curve used for the public key. |
| gx | The x-coordinate of the public key. |
| gy | The y-coordinate of the public key. |
| length | The length of the public key. |
| p | The prime number used for the public key. |
| x | The x-coordinate of the public key point. |
| y | The y-coordinate of the public key point. |
| tbs_fingerprint | The fingerprint of the tbs (to-be-signed) part of the certificate. |
| validation_level | The validation level of the certificate. |
| validity | Information about the validity period of the certificate. |
| end | The end date of the validity period. |
| length | The length of the validity period in seconds. |
| start | The start date of the validity period. |
| version | The version number of the certificate. |
| tags | Additional tags associated with the certificate. |
| dv | Indicates that the certificate is of Domain Validated (DV) type. |
| trusted | Indicates that the certificate is trusted. |
| precert | Indicates that the certificate is a precertificate. |
Note: The above information is based on the response provided.
