DELETE Certificates/{guid}

Removes a Certificate object, all associated objects including pending workflow tickets, and the corresponding Secret Store vault information. To confirm, look in the UI. DELETE Certificates/{guid} removes the objects when the following conditions are met:

  • The Certificate object when it corresponds to the GUID.
  • The Application object, associated with the certificate, has no children or only Generational Credential children after the Certificate object is deleted.
  • The Device object, associated with the application, when it has no children after the Application object is deleted.


  • Permissions:  The caller must have either Master Admin permission, or the caller must have Delete permission to the Certificate, Application, and Device objects.
  • Token scope:  Certificate:Delete


  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.


Input parameters



{guid} A GUID that uniquely identifies the certificate. Depending on your environment, the GUID may be expressed with or without curly braces {}. For example, {3d6b61d-1c71-4603-883f-25b8c2ceecdd}. To get the Certificate GUID, filter via GET Certificates or look in the UI. For more information, see How to find class names and attributes.


DELETE Certificates/{guid} returns an HTTP status message and response as described in the following table. For valid requests, DELETE Certificates/{guid} returns a HTTP 200 message. An event is logged whenever a certificate is successfully deleted by this method. For invalid requests, the API call returns a HTTP 400 Bad request error and a response that includes Error details.

Response description



HTTP 200

For valid requests, this call returns a HTTP 200 message and the following data in the message body:

  • Success: true

HTTP 400

For invalid requests, this call returns a HTTP 400 BadRequest and the following data in the message body:

  • Error: true: One of the following error values:

    • Certificate delete failed. A config error occurred error: [Error]. + [Config.Error].
    • Certificate delete failed. The certificate is locked and in use by another process. Please try again later.
    • Certificate delete failed. The corresponding Secret Store data failed to delete error: + [SecretStore.Error].
    • Certificate object delete failed. The object that corresponds with Guid [Guid] is not a certificate.
    • Invalid certificate Guid. The value [Guid] is null, empty, or in an invalid format.
    • Invalid permissions. You do not have permission to delete the certificate with Guid + [Guid].
    • Object retrieval failed. The Certificate object with Guid [Guid] does not exist or you do not have access to it.
  • Success: false

Example: Delete a certificate


DELETE https://tpp.venafi.example/vedsdk/Certificates/{3d6b61d-1c71-4603-883f-25b8c2ceecdd}
Authorization:Bearer 4MyGeneratedBearerTknz==


HTTP/1.1 200 OK
   "Success": true