Manage certificates
Certificates enable mutual TLS (mTLS) for your webhook endpoints, allowing both Infobip and your system to authenticate each other during secure communication. This ensures that event notifications are exchanged only with trusted endpoints. You can create, manage, and delete certificates through the Infobip web interface or the Subscriptions API.
Mutual TLS secures the transport layer. For request-level authentication using Basic auth, HMAC, or OAuth 2.0, see Manage authentication settings. Both can be used together for layered security.
Prerequisites [#prerequisites]
To upload and use certificates for mTLS, you need:
- Certificate file: Your client certificate in PEM format, including the private key.
- Passphrase: The certificate passphrase.
- Notification profile: A profile where you want to apply mTLS, or plan to create one. See Manage notification profiles.
For details on what mTLS is, how it works with subscriptions, and layered security, see Subscription components.
Create a certificate [#create]
Upload your client certificate to Infobip, verify its status, and then attach it to a notification profile to enable mTLS for that webhook endpoint.
-
Log in to the Infobip web interface and go to Developer Tools > Subscriptions Management.
-
Open the Certificates tab.
-
Select Create certificate.
-
Enter the certificate information:
- Certificate name: Use only letters, numbers, dashes, or underscores.
- Certificate content: Paste the full certificate content, including both the certificate chain and the private key data (with PEM headers and footers).
- Passphrase: Enter the passphrase that protects your certificate.
IMPORTANTThe certificate content must include the private key. Without it, the mTLS handshake will fail because Infobip cannot authenticate as a client to your endpoint.
-
Select Save to upload your certificate.
-
Verify certificate status using the Get certificate status API request before applying it to a notification profile.
-
Once verified, attach the certificate to a notification profile:
- Go to Developer Tools > Subscriptions Management
- Open the Notification profiles tab
- Edit the profile where you want to enable mTLS
- Select your certificate under Security settings
- Save the profile
Use the Upload certificate API endpoint. The certificate content (including the private key) and passphrase must be Base64-encoded.
The certificateId cannot be changed after creation.
After uploading, verify the certificate status using the Get certificate status endpoint before attaching it to a notification profile.
View certificates [#view]
-
Log in to the Infobip web interface and go to Developer Tools > Subscriptions Management.
-
Open the Certificates tab.
The tab displays all created and uploaded certificates. Use the search bar to find a specific certificate.
Use the Subscriptions API to:
- Get all certificates with search, pagination, and sorting
- Get a specific certificate by certificate ID
- Get all certificate statuses or a specific status by certificate ID
Delete a certificate [#delete]
-
Log in to the Infobip web interface and go to Developer Tools > Subscriptions Management.
-
Open the Certificates tab.
-
Find the certificate you want to delete and select the three-dot menu next to it.
-
Select Delete.
Use the Delete certificate API endpoint. Specify the certificate ID in the request path.
A certificate linked to a notification profile cannot be deleted directly. Remove the certificate reference from the notification profile first. See Subscription hierarchy and deletion rules for details.
Best practices [#best-practices]
Use layered security
Combine mTLS with application-level authentication (Basic, HMAC, or OAuth) for defense-in-depth.
Plan certificate renewal
Renew certificates before expiration to avoid interruption to webhook delivery. Upload the renewed certificate and update your notification profiles.
Verify before applying
Always verify certificate status before applying to production notification profiles. Use the Get certificate status API request.
Secure passphrase storage
Store certificate passphrases securely. You need the passphrase when uploading to Infobip.
Manage notification profiles
Attach certificates to webhook endpoints.
Manage authentication settings
Configure application-level authentication for additional security.
Manage webhook subscriptions
Create and manage subscriptions.
Subscription hierarchy and deletion rules
Component relationships and deletion dependencies.