{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"df0be2fe-5715-4453-b7ff-5d949248e11a","name":"TLS Certificate Management API","description":"The TLS Certificate Management API allows authorised participants to self-manage their AEMO-signed TLS certificates. This API provides the following features:\n\n- Retrieve a list of your AEMO-signed TLS certificates and orders\n- Download a specific TLS certificate\n- Generate a new TLS certificate\n- Reissue a TLS certificate\n- Renew a soon-to-expire TLS certificate\n- Revoke a TLS certificate.\n    \n\n# Status\n\nFinal. Participants can use this specification to build their APIs.\n\n# Assumed knowledge\n\n- RESTful API practices and JSON basics.\n    \n\n# Prerequisites\n\nBefore using the TLS Certificate Management API, you must:\n\n1. Have a Participant ID. If your company is a Registered Participant, it is set up during the registration process. Have a Participant ID with an effective date of registration.\n2. Have a user ID and password with access rights provided by your company's participant administrator. For details, see user rights access below.\n3. Have an AEMO-signed [TLS certificate](https://portal.aemo.com.au/help/Content/API%20Reference/Manage%20TLS%20Certificates.html). If you need to get an AEMO-signed TLS certificate for the first time you can do this through the [Markets Portal](https://portal.prod.nemnet.net.au), or raise a request for a TLS certificate through the [Participant Portal](https://aemo.service-now.com/participantportal/).\n    \n\n# API portal and Open API Specification\n\n[TLS Certificate Management Open API Specification](https://dev.aemo.com.au/)\n\n# Authentication and Authorization methods\n\n## TLS Certificates\n\nThis API is protected by MTLS authentication. A valid AEMO-signed TLS certificate is required to access this API. See Prerequisites above on how to get an AEMO-signed TLS certificate for the first time.\n\n## User rights access\n\nParticipant administrators provide access to the TLS Certificate Management API using the **TLS_CERTIFICATE_MANAGEMENT** entity. See the [User Rights Management](https://portal.prod.nemnet.net.au/help/Content/UserRightsManagement/URM.htm) guide (URM) for details on managing URM functions.\n\nUsers must be assigned rights that have access to the entity **TLS_CERTIFICATE_MANAGEMENT**. The API allows two privileges (access levels) of access rights for that entity:\n\n- **Delete right** - all endpoints are available to users with the Delete right.\n- **Read right** - all GET endpoints are available to users under this right. Users with this right cannot create, revoke, reissue or renew TLS certificates. Rights created with Create and Update only have access to Read right features.\n    \n\nWhen calling this API, your username must be subscribed to a valid right under the **TLS_CERTIFICATE_MANAGEMENT** entity. You authorize your identity using Base64 encoding of your username and password, separated by a colon, in the Basic Auth header. For example:\n\n`Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==`\n\n# Throttling and quotas\n\nTo control traffic, AEMO implements Throttling on all API Endpoint requests. Also, some endpoints have a specific quota of requests. If a Participant ID requests exceed the Throttling limit a HTTP 429 or 422 response returns. For more details, see the examples under each request.\n\n| Endpoint  <br>  <br> |   <br>  <br>  <br>Limits  <br>  <br> |\n| --- | --- |\n| All endpoints  <br> |   <br>  <br>6 requests per minute per participantId.  <br>  <br>  <br>The participantId is identified from the X-InitiatingParticipantID request header parameter.  <br>  <br>  <br>The API has a general spike-arrest limit of 6 requests per minute per participantId. This is imposed across all endpoints of the API.  <br>  <br> |\n| POST requests |   <br>  <br>8 requests per month per participantId.  <br>  <br>  <br>The participantId is identified from the X-InitiatingParticipantID request header parameter.  <br>  <br>  <br>For each participantId there are only 8 POST requests that can be made to the API per month.  <br>  <br> |\n| GET requests |   <br>  <br>80 requests per month per participantId.  <br>  <br>  <br>The participantId is identified from the X-InitiatingParticipantID request header parameter.  <br>  <br>  <br>For each participantId there are only 80 GET requests that can be made to the API per month.  <br>  <br> |\n| POST `/certificates` | 1 request per participantId per environment/usage.  <br>  <br>  <br>The participantId is identified from the X-InitiatingParticipantID request header parameter.  <br>  <br>  <br>The environment is identified from the value of the environment key in the request body.  <br>  <br>  <br>A participantId can only have one set of TLS certificates (one NonProd certificate and one Prod certificate)  <br>  <br>  <br>This restriction is due to costs associated with providing TLS certificates. If more than one certificate is required to differentiate system access to AEMO systems you can use the /order/{order-id}/reissue endpoint.  <br>  <br>  <br>Participants systems must manage this throttling limit. If you submit multiple JSON requests for the same participantId at the same time, AEMO may reject some requests. |\n\n# Response codes\n\nFor detailed examples of response codes see the provided example under each request.\n\n# URLs\n\nThe API is available over the internet on the following base URLs:\n\n| **Environment** | **Base URL** |\n| --- | --- |\n| Pre-production | [https://partner.api.preprod.aemo.com.au/v1/TlsCertificateMgmt](https://partner.api.preprod.aemo.com.au/v1/TlsCertificateMgmt) |\n| Production | [https://partner.api.aemo.com.au/v1/TlsCertificateMgmt](https://partner.api.aemo.com.au/v1/TlsCertificateMgmt) |\n\n# Environment details\n\n### Pre-production\n\nTLS Certificates created in the pre-production environment contain the \"MOCK\" suffix in the commonName, and are mock certificates only. These certificates automatically expire after 10 days and cannot be used for accessing any AEMO systems.\n\n### Production\n\nTLS Certificates created in the production environment contain either the \"PROD\" or \"NONPROD\" suffix in the commonName depending on the environment entered in the API request. These certificates automatically expire after 3-years and are used for accessing MTLS-protected AEMO systems (both pre-production and production systems).\n\nNONPROD certificates can only be used for accessing AEMO non-production systems (for example APIs on [https://partner.api.preprod.aemo.com.au](https://partner.api.preprod.aemo.com.au), [https://apis.preprod.aemo.com.au:9319](https://apis.preprod.aemo.com.au:9319), or [https://apis.preprod.marketnet.net.au:9319](https://apis.preprod.marketnet.net.au:9319)). You need to use a pre-prod certificate to access AEMO non-production environments that are MTLS protected. The NONPROD certificate is issued by the certificate authority AEMO-ICA-TEST G1.\n\nProd certificates can only be used for accessing AEMO production systems (for example APIs on [https://partner.api.aemo.com.au](https://partner.api.aemo.com.au), [https://apis.aemo.com.au:9319](https://apis.aemo.com.au:9319), or [https://apis.marketnet.net.au:9319](https://apis.marketnet.net.au:9319)). You need to use the PROD certificate to access AEMO Production environments that are MTLS protected. The PROD certificate is issued by the certificate authority AEMO-ICA-MARKET G1.\n\n# Glossary\n\n- CA - Certificate Authority\n- PKI - Public Key Infrastructure\n- TLS - Transport Layer Security\n- X.509v3 - The specific TLS certificate standard used by AEMO","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"20729870","team":697355,"collectionId":"df0be2fe-5715-4453-b7ff-5d949248e11a","publishedId":"2s8ZDVZNsi","public":true,"publicUrl":"https://documenter-api.postman.tech/view/20729870/2s8ZDVZNsi","privateUrl":"https://go.postman.co/documentation/20729870-df0be2fe-5715-4453-b7ff-5d949248e11a","customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"EF5B25"},"documentationLayout":"classic-double-column","customisation":null,"version":"8.10.1","publishDate":"2023-01-17T23:13:44.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{},"logos":{}},"statusCode":200},"environments":[],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/0e9c230b9c633688d7622c4a4b8e49f9b0be191679bceb599dbd936b21c63e55","favicon":"https://res.cloudinary.com/postman/image/upload/v1647216860/team/ylzactqdgnmtkgk37zjq.ico"},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"}],"canonicalUrl":"https://documenter.gw.postman.com/view/metadata/2s8ZDVZNsi"}