ceven

SSLMate Cert Spotter API

Monitors certificate transparency logs for your domains, alerts you to unauthorized SSL certificates, and manages your monitoring list to prevent domain hijacking.

Try SSLMate Cert Spotter API in Ceven

Ask Ceven anything
Standard

Why use Ceven?

  1. AI native SSLMate Cert Spotter API integration

    • Describe the outcome and Ceven picks the right SSLMate Cert Spotter API calls, fills the parameters, and checks the result.
    • Structured, agent friendly tool schemas so each call runs reliably instead of by guesswork.
    • Rich coverage for reading, writing, and querying your SSLMate Cert Spotter API data, across all 9 of its actions.

  2. Managed auth

    • Built in OAuth with automatic token refresh and rotation.
    • One place to manage, scope, and revoke SSLMate Cert Spotter API access.
    • Per user and per environment credentials instead of shared keys.

  3. Agent optimized design

    • Actions are tuned from real success and error rates so reliability climbs over time.
    • Full execution logs so you always know what ran in SSLMate Cert Spotter API, when, and on whose behalf.
    • The agent pauses and asks when SSLMate Cert Spotter API is unclear instead of plowing ahead.

  4. Enterprise grade security

    • Fine grained access so you control which agents and people can reach SSLMate Cert Spotter API.
    • Least privilege by default, read scopes first and only the writes a workflow needs.
    • A full audit trail of every SSLMate Cert Spotter API action to support review and sign off.

Supported tools

Every action Ceven's agents can run on SSLMate Cert Spotter API, and when to use it.

Get CertSpotter Event
Use this when you need to inspect event metadata after confirming an event id to see the full certificate chain.
List Monitored Domains
Use this when you need to audit or review the domains currently monitored by cert spotter for security gaps.
Retrieve Webhook Settings
Use this when you need to view the currently configured cert spotter webhook to verify alert routing.
Add Monitored Domain
Register a new domain for monitoring. Use this during new asset onboarding to ensure immediate log tracking.
Remove Monitored Domain
Stop monitoring a domain. Use this when a domain is decommissioned or sold to clean up the alert stream.
Update Webhook URL
Change the destination for certificate alerts. Use this when migrating your security orchestration tool.
Search Certificates
Query the transparency logs for a specific domain to find all historically issued certificates.
Get Domain Summary
Pull a high level overview of all certificates associated with a single domain name.
Verify Webhook Health
Check if the configured webhook is successfully receiving events from the SSLMate system.
List All Events
Retrieve a chronological list of recent certificate events across all monitored assets.
Filter Certificates by Issuer
Search for certificates issued by a specific CA to identify unauthorized certificate authorities.
Get API Usage Stats
Pull current quota and usage data to ensure the agent does not hit rate limits.

12 actions · scroll to see them all

Frequently asked questions

Ceven connects to the Cert Spotter webhook system to receive push notifications the moment a certificate is logged in the public transparency logs. When an event hits the webhook, Ceven parses the JSON payload to extract the domain name, the issuing authority, and the validity period. The agent then compares this data against your known assets list. If the certificate is unrecognized, the agent follows your predefined security playbook, such as opening a high priority ticket or sending an urgent page to the on call engineer. This ensures that no certificate is ever issued for your domain without an automated audit trail and a corresponding security review.
Ceven can add any domain string to the Cert Spotter monitoring list regardless of whether the domain is currently active or pointed to a server. This is a critical proactive security measure. By monitoring domains before they are officially launched or for domains you intend to purchase, you can detect if someone else is attempting to issue certificates for those names in anticipation of a takeover. The agent simply sends the domain string to the SSLMate API, and the system begins watching the transparency logs for any matching entries, providing a layer of protection against preemptive domain spoofing.
The Cert Spotter API employs strict rate limiting based on your subscription tier. If the agent detects a 429 Too Many Requests error, it automatically implements an exponential backoff strategy. This means the agent will pause and retry the request at increasing intervals to avoid a permanent block. For users on the free tier, this is more common during large scale domain audits. To avoid this, we recommend scheduling heavy audit workflows during off peak hours or upgrading your SSLMate plan to increase the request ceiling. The agent logs these events so you can see if your workflow is being throttled.
No, Ceven does not store the private keys or the full certificate files. It only stores the metadata provided by the Cert Spotter API, such as the certificate fingerprint, the issuer, and the issuance date. The primary goal is monitoring and alerting rather than certificate management. If you need to inspect the full certificate, the agent provides the link to the transparency log or the certificate authority where the public record resides. This architecture ensures that your sensitive security data remains within the encrypted boundaries of the certificate authority and the public logs.
Ceven cannot directly revoke a certificate because revocation is a function of the Certificate Authority that issued the cert, not the monitoring service. However, the agent can automate the entire request process. Once an unauthorized certificate is found via Cert Spotter, Ceven can draft the revocation request email to the CA, gather the necessary proof of domain ownership from your DNS provider, and notify your legal team. You still need to perform the final sign off for revocation to prevent accidental outages, but the agent handles all the evidence gathering and communication.
Cert Spotter monitors Certificate Transparency logs in near real time. Most certificates appear in the logs shortly after they are issued by the CA. Ceven leverages this by using webhooks for immediate notification. If you are using the polling method instead of webhooks, the agent can be scheduled to check for updates every few minutes. Because the agent handles the pagination and cursor management of the API, you will not miss any events even during high volume issuance periods, such as when a large company rotates all their certificates at once.
The limit is determined by your SSLMate account tier rather than Ceven. Free accounts have a small limit on monitored domains, while enterprise accounts can monitor thousands. Ceven simply manages the list for you. If you try to add a domain that exceeds your current SSLMate quota, the API will return an error. The agent will capture this error and notify you that your plan limit has been reached, often providing a link to the SSLMate billing page so you can upgrade your plan and continue adding assets to your security perimeter.
Yes, the integration fully supports wildcard certificates. When a wildcard certificate is issued, it appears in the transparency logs and is captured by Cert Spotter. Ceven is programmed to recognize the asterisk notation and can be configured to treat wildcards with a higher risk level. For example, you can set a workflow where any wildcard certificate issuance triggers a mandatory manual review, as these certificates provide broader access and represent a higher security risk if they are issued to an unauthorized party.

Alternatives to SSLMate Cert Spotter API

Other tools that solve a similar problem. Ceven supports these too, so you can switch or run more than one at once.

crt.sh logocrt.shFacebook Certificate Transparency logoFacebook Certificate TransparencyDigiCert logoDigiCert

Try Ceven on your stack

Plug Ceven on top of the tools you already run. Connect SSLMate Cert Spotter API and the rest of your stack, describe the outcome, and its agents handle the work end to end, days of it in minutes.

Get started for free