Inspect the security certificate of any host: issuer, subject, validity window, days remaining, expiry flags, alternative names, serial number, fingerprint, negotiated protocol and the full chain. Built for expiry monitoring and renewal alerts.
{"host":"google.com","port":443,"authorized":true,"authorization_error":null,"protocol":"TLSv1.3","alpn":"h2","subject_cn":"*.google.com","issuer":"Google Trust Services","valid_from":"Jun 22 08:35:23 2026 GMT","valid_to":"Sep 14 08:35:22 2026 GMT","days_remaining":65,"expired":false,"not_yet_valid":false,"serial_number":"AE068DC8BDF3E7570A0C6AFB39C2E9C5","fingerprint_sha256":"DC:53:B5:AD:68:0E:E4:41:6D:AC:DF:1A:CD:1F:59:2A:FA:78:43:B8:DC:D8:CB:63:98:E7:A9:7C:F9:DB:34:94","subject_alt_names":["*.google.com","*.appengine.google.com","*.bdn.dev","*.origin-test.bdn.dev","*.cloud.google.com","*.crowdsource.google.com","*.datacompute.google.com","*.google.ca","*.google.cl","*.google.co.in","*.google.co.jp","*.google.co.uk","*.google.com.ar","*.google.com.au","*.google.com.br","*.google.com.co","*.google.com.mx","*.google.com.tr","*.google.com.vn","*.google.de","*.google.es","*.google.fr","*.google.hu","*.google.it","*.google.nl","*.google.pl","*.google.pt","*.gemini.cloud.google.com","*.gstatic.com","*.metric.gstatic.com","*.gvt1.com","*.gcpcdn.gvt1.com","*.gvt2.com","*.gcp.gvt2.com","*.url.google.com","*.youtube-nocookie.com","*.ytimg.com","ai.android","android.com","*.android.com","*.flash.android.com","g.co","*.g.co","goo.gl","www.goo.gl","google-analytics.com","*.google-analytics.com","google.com","googlecommerce.com","*.googlecommerce.com","urchin.com","*.urchin.com","youtu.be","youtube.com","*.youtube.com","music.youtube.com","*.music.youtube.com","youtubeeducation.com","*.youtubeeducation.com","youtubekids.com","*.youtubekids.com","yt.be","*.yt.be","android.clients.google.com","*.aistudio.google.com"],"chain":[{"subject":"*.google.com","issuer":"WR2"},{"subject":"WR2","issuer":"GTS Root R1"},{"subject":"GTS Root R1","issuer":"GlobalSign Root CA"}]}
curl --location --request GET 'https://zylalabs.com/api/13152/website+security+certificate+checker+api/26698/check+certificate+of+a+host' --header 'Authorization: Bearer YOUR_API_KEY'
After signing up, every developer is assigned a personal API access key, a unique combination of letters and digits provided to access to our API endpoint. To authenticate with the Website Security Certificate Checker API simply include your bearer token in the Authorization header.
| Header | Description |
|---|---|
Authorization
|
Required
Should be Bearer access_key. See "Your API Access Key" above when you are subscribed.
|
No long-term commitment. Upgrade, downgrade, or cancel anytime. Free Trial includes up to 50 requests.
(Save 2 months with annual billing 🎉)
Trusted by leading companies
Never let a certificate expire in production again. One call inspects the security certificate of any host and returns everything a monitoring pipeline needs.
Ideal for certificate expiry monitoring and renewal alerts, post-deploy checks in delivery pipelines, and auditing issuers across a domain portfolio. Expired or invalid certificates are still returned in full so you can diagnose them.
The endpoint returns detailed information about a host's security certificate, including the issuer, subject, validity window, days remaining, expiry flags, alternative names, serial number, fingerprint, negotiated protocol, and the full certificate chain.
Key fields in the response include "host," "authorized," "valid_from," "valid_to," "days_remaining," "expired," "not_yet_valid," "serial_number," "fingerprint_sha256," and "subject_alt_names," providing comprehensive certificate details.
The response data is structured in JSON format, with key-value pairs representing various attributes of the security certificate. This allows for easy parsing and integration into monitoring systems.
The endpoint provides information on certificate validity, trust verification, detailed certificate attributes, and handshake protocol details, making it suitable for monitoring and auditing purposes.
Typical use cases include monitoring certificate expiry, setting up renewal alerts, conducting post-deployment checks in CI/CD pipelines, and auditing certificates across multiple domains for compliance.
Users can customize requests by specifying the host they want to inspect in the endpoint URL. This allows for targeted checks on specific domains or services.
Data accuracy is maintained through regular updates and checks against trusted certificate authorities, ensuring that the information returned reflects the current status of the security certificates.
Users can expect consistent data patterns, such as valid and expiry dates formatted in GMT, boolean flags for certificate status, and structured lists for alternative names, facilitating straightforward analysis and monitoring.
To obtain your API key, first sign in to your account and navigate to the API you want to use. From the API's Pricing section, choose a plan and complete the subscription process. Once subscribed, return to the API page and you will see your API Access Key displayed at the top of the documentation page. You can use this key to authenticate your requests.
You can’t switch APIs during the free trial. If you subscribe to a different API, your trial will end and the new subscription will start as a paid plan.
The free trial lasts for 7 days and allows you to make up to 50 API requests.
No, the free trial is available only once, so we recommend using it on the API that interests you the most. Most of our APIs offer a free trial, but some may not include this option.
Yes. If the API offers a free trial, you will see a "Free 7-Day Trial" option in its Pricing section. The trial lasts for 7 days and allows up to 50 API requests, enabling you to evaluate the API before subscribing to a paid plan.
Zyla API Hub is like a big store for APIs, where you can find thousands of them all in one place. We also offer dedicated support and real-time monitoring of all APIs. Once you sign up, you can pick and choose which APIs you want to use. Just remember, each API needs its own subscription. But if you subscribe to multiple ones, you'll use the same key for all of them, making things easier for you.
You can monitor your API usage through the response headers included with every request:
x-zyla-api-calls-monthly-used: Shows the total number of API requests you have used during the current billing period.
x-zyla-api-calls-monthly-remaining: Shows the number of API requests you have remaining for the current billing period.
Yes, you can cancel your subscription at any time. Simply go to the Pricing section of the API you're subscribed to and click the "Unsubscribe" button.
Please note that upgrades, downgrades, and cancellations take effect immediately. Once your subscription is canceled, access to the service will end immediately, regardless of any remaining API calls in your quota.
Please have a look at our Refund Policy: https://zylalabs.com/terms#refund