Add a SAN to a certificate
POST
/api/organizations/{organizationId}/certificates/{certificateId}/sans
Registers a new Subject Alternative Name on the certificate. The name is lower-cased and validated: it must be a valid ASCII/punycode DNS host name (max 253 characters), may be a wildcard (e.g. "*.example.com"), must belong to the certificate's domain, must be unique within the certificate, and must not be redundant with an existing entry. A DNS recheck is scheduled immediately after creation, so the SAN starts with dnsStatus "unknown".
Authorizations
ApiToken
Long-lived API token created via POST /api/api-tokens (returned once in plaintext).
Type
API Key (header: X-API-TOKEN)
or
JWT
JWT access token obtained via POST /api/auth/login. Send as: Authorization: Bearer
Type
HTTP (bearer)
Parameters
Path Parameters
organizationId*
Organization identifier
Type
Requiredstring
certificateId*
Certificate identifier
Type
Requiredstring
Request Body
JSON "name": "www.example.com"
{
}
Responses
certificate-san resource created
JSON "@context": "string", "@id": "string", "@type": "string", "id": "9d1e8a4c-6b2f-4d3e-8a1b-2c3d4e5f6a7b", "name": "www.example.com", "dnsStatus": "valid", "dnsLastCheckedAt": "2026-07-01T12:00:00+00:00", "dnsNextCheckAt": "2026-07-02T12:00:00+00:00", "sslStatus": "covered", "createdAt": "2026-07-01T12:00:00+00:00", "updatedAt": "2026-07-01T12:00:00+00:00"
{
}
