SSL Certificate API Tutorial

The Apixies SSL Inspector API checks any domain's SSL certificate and gives you back structured JSON. You get the issuer, expiry date, subject alternative names, signature algorithm, and whether the cert is actually valid. One GET request, no OpenSSL commands to remember.

What You Get Back

Quick Example

curl -H "X-API-Key: YOUR_API_KEY" \
  "https://apixies.io/api/v1/inspect-ssl?domain=github.com"

The response looks like this:

{
  "status": "success",
  "http_code": 200,
  "code": "SUCCESS",
  "message": "SSL inspection successful",
  "data": {
    "domain": "github.com",
    "port": 443,
    "valid": true,
    "issuer": "CN=Sectigo ECC Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB",
    "subject": "CN=github.com",
    "common_name": "github.com",
    "alt_names": ["github.com", "www.github.com"],
    "valid_from": "2024-03-07 00:00:00",
    "valid_to": "2025-03-07 23:59:59",
    "days_until_expiry": 287,
    "signature_algorithm": "ecdsa-with-SHA256",
    "validation_issues": []
  }
}

The days_until_expiry field is the one you'll use most. It tells you exactly how much runway you have before the cert expires.

Authentication

Pass your API key in the X-API-Key header. You can also make anonymous requests (20/day) or grab a free API key for 75 requests per day.

Step-by-Step: Check a Certificate

Step 1: Basic Check

The simplest call just needs a domain name:

curl -H "X-API-Key: YOUR_API_KEY" \
  "https://apixies.io/api/v1/inspect-ssl?domain=stripe.com"

The API connects on port 443 by default. If the cert is valid, you'll see "valid": true and an empty validation_issues array.

Step 2: Check a Custom Port

Some services run TLS on non-standard ports. Pass the port parameter:

curl -H "X-API-Key: YOUR_API_KEY" \
  "https://apixies.io/api/v1/inspect-ssl?domain=smtp.gmail.com&port=465"

This works for any port, whether it's SMTPS (465), IMAPS (993), or a custom application port.

Step 3: Check Expiry

The days_until_expiry field is an integer. Compare it to your threshold:

• Above 30 days: you're fine
• 14-30 days: time to renew
• Below 14 days: urgent
• Negative: expired

Code Examples

JavaScript

const response = await fetch("https://apixies.io/api/v1/inspect-ssl?domain=github.com", {
  headers: { "X-API-Key": "YOUR_API_KEY" },
});

const { data } = await response.json();

if (data.days_until_expiry < 14) {
  console.warn(`Certificate expires in ${data.days_until_expiry} days`);
}

Python

import requests

response = requests.get("https://apixies.io/api/v1/inspect-ssl",
    headers={"X-API-Key": "YOUR_API_KEY"},
    params={"domain": "github.com"},
)

data = response.json()["data"]
print(f"Valid: {data['valid']}, Expires in {data['days_until_expiry']} days")

PHP

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://apixies.io/api/v1/inspect-ssl?domain=github.com");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    "X-API-Key: YOUR_API_KEY",
]);

$response = curl_exec($ch);
curl_close($ch);

$data = json_decode($response, true)["data"];
echo "Expires in {$data['days_until_expiry']} days\n";

Common Use Cases

• Certificate monitoring: Check your domains daily and alert when expiry is under 14 days. See the automated monitoring guide for a complete setup.
• Client domain checks: If you host client sites, check their certs periodically to catch issues before they call you.
• CI/CD validation: Add a cert check to your deployment pipeline. Fail the build if the staging cert is expired.
• Let's Encrypt renewals: Let's Encrypt certs last 90 days. Automate checks to make sure auto-renewal actually worked.

Next Steps

• Automated SSL Certificate Monitoring -- build a monitoring script with alerts
• SSL Checker tool -- try it in the browser, no API key needed
• SSL endpoint docs -- full API reference
• All guides