TLS Certificate Management API

The TLS Certificate Management API Application Programming Interface; a set of clearly defined methods of communication between various software components. allows participants to self-manage their AEMO Australian Energy Market Operator-signed TLS certificates. It provides the following endpoints:

Create a new certificate – Generate a new TLS certificate and order for either pre-production or production environment.
Download a certificate – Download a TLS certificate and certificate chain in PEM format.
Revoke a certificate – Revoke an existing certificate that’s no longer required or if the private key has been compromised.
Get certificate order details – Get all certificates ((including expired, revoked, renewed and reissued certificates) associated with an order ID for a Participant ID.
Get all certificate orders – Get all certificate orders for a Participant ID.
Reissue a certificate – Creates a new certificate with a new CSR under an existing order. The reissued certificate will be the primary certificate in the order.
Renew a certificate – Renew a certificate under an existing order. A renewed certificate uses the CSR for the newest (primary) certificate issued under that order. You can only renew a certificate within the renewal period of 90-days of the certificate expiry.

For more information about the API, see TLS Certificate Management API (getpostman.com).

API authentication and authorisation

API connections use TLS certificates to secure the transport layer ensuring encrypted communication and secure interactions between participant and AEMO’s systems. AEMO issues the TLS certificates to participants on request.

API calls are authorised by Basic HTTP authentication using a username and password assigned by the company’s Participant Administrator Creates and maintains access to AEMO systems for their Participant ID users..

For more information about user rights, creating new Participant Users, and assigning rights, see Guide to User Rights Management (URM).