X.509 certificate
To secure the calls made by your application on the REST APIs, you must have an authentication certificate in your company's name. If your company already has a certificate, you can reuse it.
Several options are available to you:
- You can generate and use a self-signed certificate in your company's name. Please comply with the following constraints when creating your self-signed certificate:
| Constraint | Allowed values |
|---|---|
| Key pair generation algorithm | RSA or EC |
| Key size (bits) | For RSA: 2048, 3072, or 4096. For EC: P-384 or P-521 |
| Digest algorithm associated with certificate signature | SHA-256, SHA-384, or SHA-512 |
| Certificate key usage | Digital Signature |
- You can order this certificate from a recognized certification authority (e.g., GlobalSign, DigiCert, QuoVadis, Verisign, Certipost, etc.). Do not forget to have your onboarding form validated (by eBoxIntegration@smals.be) before ordering your certificates.