GlobalSign Support
Mark Certificates API Requests
Jun 16, 2026
OVERVIEW: This page covers Mark Certificates Requests and sample outputs. If you have any questions about any of the information provided in this document, please contact your Account Manager or our Support Team for assistance. For more Mark Certificate API guides, please refer to this page↗.
Mark Certificates are digital security certificates utilized in email communications to verify the sender's identity and display the organization’s official brand logo within the recipient's inbox. These certificates play an essential role in the BIMI (Brand Indicators for Message Identification) standard, acting as a formal confirmation that a logo is associated with a legitimate organization.
There are four types of Mark Certificates:
-
Verified Mark Certificate (VMC)
The Verified Mark Certificate is widely regarded as the benchmark for brand authentication. Organizations seeking a VMC must demonstrate ownership of a legally registered trademark for their logo within an approved jurisdiction.
Key Feature: This is currently the sole certificate that enables display of the blue verified checkmark in Gmail. -
Common Mark Certificate (CMC)
The Common Mark Certificate provides a more accessible alternative by allowing organizations to showcase a logo without a registered trademark, provided they can establish that the logo has been in public use for a minimum of 12 months (Prior Use Mark).
Key Feature: Permits the brand logo to appear in recipients’ inboxes but does not provide the blue verified checkmark in Gmail. -
Modified Mark Certificate (MMC)
Mark Certificate is typically considered a sub-type of the Common Mark Certificate (specifically, a Modified Registered Mark).
Key Feature: Enables brands to utilize slightly modified versions of their trademarked logo—such as adaptations for limited screen size or seasonal themes—while retaining a cryptographic link to the original registered trademark.
Validation: Documentation must confirm that the modified logo is a legitimate derivative of a valid registered mark. -
Government Mark Certificate (GMC)
Reserved for government agencies and departments, the Government Mark Certificate authorizes the display of official government seals or agency logos.
Key Feature: Provides authorized government entities with the same visual advantages as a VMC, including the blue verified checkmark in Gmail.
Validation: Verification is based on official granting via statute, regulation, treaty, or other formal governmental action.
| Product Code | Product Name | Use in Order Request |
|---|---|---|
| VMC | Verified Mark Certificates | Use VMC in Order Request for Verified Mark Certificates |
| GMC | Government Mark Certificates | Use GMC for Government Mark Certificates |
| CMC | Common Mark Certificates | Use CMC for Common Mark Certificates |
| MMC | Modified Registered Mark Certificates | Use MMC for Modified Registered Mark Certificates |
| Type | Feature | URL |
|---|---|---|
| Prod | Mark Functions WSDL | https://system.globalsign.com/kb/ws/v1/MarkService?wsdl |
| Test | Mark Functions WSDL for Testing purposes only | https://test-gcc.globalsign.com/kb/ws/v1/MarkService?wsdl PREREQUISITE To get test credentials, request a test account from your GlobalSign Account Manager or Support team. |
| Type | Feature | URL |
|---|---|---|
| Prod | Mark Functions | https://system.globalsign.com/kb/ws/v1/MarkService |
Prerequisite
-
User should have GCC Account created and has valid credentials i.e. username and password.
-
Contact your account manager for GCC Account creation.
-
User should have SVG file converted to Base64 for start placing and validating Mark SVGs files.
-
-
The APIs require the user's IP address to be whitelisted. Contact your GlobalSign Account Manager or support team.
-
MARKORDER
-
VALIDATELOGO
-
CHANGESUBJECTNAME
-
GETAGREEMENT
-
GETCERTPEMFILE
-
GETORDERBYORDERID
-
REVOKEORDER
-
GETREQUESTFORM
MarkOrder Request
MarkOrder Request will help you create the order.
Fields Definition
|
Field |
Condition |
Definition |
|---|---|---|
|
<UserName> |
*Required |
Input your user ID this is same for your GCC User Interface |
|
<Password> |
*Required |
Input your password this is same for your GCC User Interface |
|
<ProductCode> |
*Required |
See section 2 and basis the same you can add Product Code like MMC, VMC, GMC, CMC |
|
<OrderKind> |
*Required |
New / Renewal: indicates the order type |
|
<Licenses> |
*Required |
1 : as this Retail certificates so this depicts the license number as 1. |
|
<ValidityPeriod><Months></Months></ValidityPeriod> |
*Required |
The number of months that a certificate will be valid for. Set it to 12. |
|
<SvgLogoBase64> |
*Required |
For all mark types. Provide the base64 file of the SVG you want to use in your certificate. |
|
<MarkLicenseExpiryDate> |
Optional |
Please select input the date of the license expiry of your Trademark. If you are not sure, then please leave this blank. Our vetting team will find this out for you. |
|
<TrademarkIdentifier> |
Optional |
For VMC and MMC only. Enter the trademark license identifier/unique license number. |
|
<TrademarkCountryOrRegionName> |
*Required |
For VMC and MMC only. Enter the Two Digit Country code. |
|
<TrademarkOfficeName> |
*Required |
For VMC and MMC only. Select the trademark office where your trademark logo is registered. |
|
<CommonNameSAN> |
*Required |
For alL Mark Type. Enter your domain name like example.com |
|
<Organization> |
*Required |
Enter the organization name. |
|
<Locality> |
Optional |
Enter the locality name |
|
<StateOrProvince> |
Optional |
|
|
<Country> |
*Required |
Enter the Two Digit Country code. |
|
<ContactInfo> |
*Required |
Primary Contact Information of for a certificate request |
|
<Coupon> |
Optional |
Coupons can be used for payment |
|
<Campaign> |
Optional |
Campaign can be used for payment |
|
<StatuteCitation> |
Optional |
For GMC only. If you have some reference link that you can provide for the reference that can help us identify the legal status of the logo being used i.e. some legal statue reference or article. If not sure, leave it blank. |
| <StatuteLocalityName> | Optional | For GMC only. Enter the locality name |
|
<StatuteStateOrProvinceName> |
Optional |
For GMC only. Enter the state or province name |
|
<StatuteCountryName> |
Optional |
For GMC only. Enter the country name |
|
<PriorUseMarkSourceURL> |
Optional |
For CMC only. If you are sure of the archive URL of the logo display from past 12 months then please enter it here. |
|
<SecondContactInfo> |
Optional |
Secondary contact for this order. |
|
<SANEntries> <SANEntry> |
Optional |
<SANEntries> parameters should be set to what the SubjectAltName(s) will be after the change. GlobalSign will do a manual review of the change for Mark Certificates. New certificates with updated SANs will be issued and queriable after vetting has been completed. |
|
<OrganizationInfoEV> |
Mandatory 1. </AddressLine1> 2. <AddressLine2> 3. <AddressLine3> 4. <City> 5. <PostalCode> 6. <Country> 7. <Phone> |
Organization Info sent with Certificate request. |
| <RequestorInfo> <FirstName>?</FirstName> <FirstNameNative> </FirstNameNative> <LastName>?</LastName> <LastNameNative> </LastNameNative> <Function>?</Function> <OrganizationName> </OrganizationName> <OrganizationNameNative> </OrganizationNameNative> <OrganizationUnitNative> </OrganizationUnitNative> <Phone>?</Phone> <Email>?</Email> </RequestorInfo> |
Mandatory 1.<OrganizationName> 2. <FirstName> 3. <LastName> 4. <Phone> 5. <Email> |
A Certificate Requester is a natural person who is Applicant, employed by Applicant, or an authorized agent who has express authority to represent Applicant or a third party (such as an ISP or hosting company) that completes and submits a Certificate Request on behalf of Applicant. |
|
<ApproverInfo> |
Mandatory |
A Certificate Approver is a natural person who is Applicant, employed by Applicant, or an authorized agent who has express authority to represent Applicant to (i) act as a Certificate Requester and to authorize other employees or third parties to act as a Certificate Requester, and (ii) to approve Certificate Requests submitted by other Certificate Requesters. |
|
<AuthorizedSignerInfo> |
Mandatory |
A Contract Signer is a natural person who is Applicant, employed by Applicant, or an authorized agent who has express authority to represent Applicant who has authority on behalf of Applicant to sign Subscriber Agreements on behalf of Applicant. |
|
<JurisdictionInfo> |
Mandatory |
Jurisdiction of Incor |
ValidateLogo Request
Use the ValidateLogo Request to check for any compliance issues with in the supplied SVG file.
NOTE: Our API accepts only base64 format of the SVG file. So please make sure that you have converted the SVG file to Base64 before proceeding with both MarkOrder and ValidateLogo requests.
ChangeSubjectName Request
Use this request to add new SAN into your certificates. For example, if you have example.com added in commonname/san and you wish to add example2.com, then you use this request to add the same.
Fields Definition
|
Fields |
Definition |
|---|---|
|
<UserName> |
Input your user ID this is same for your GCC User Interface |
|
<Password> |
Input your password this is same for your GCC User Interface |
|
<TargetOrderID> |
This is certificate order number for which your want to add/change new SAN |
|
<SANOptionType> |
Keep it as 7 : this is let system know that you are request change SAN option |
|
<SubjectAltName> |
In API request please add all additional SANs that you need to be in certificate, even the one that are existing now in the certificate if you want that domain as well. Otherwise, you can specify the new one also. All added primary commonname/san need not be added only additional SANs should be specified again. |
|
<OrderID> |
Once your request is approved, this will provide the ID for the new certificate order. |
|
<SuccessCode> |
0 means your request has been accepted for processing. For detailed information visit XML Definition section |
GetAgreement Request
Use this request to obtain the Mark Certificate service agreement.
Fields Definition
|
Fields |
Definition |
|---|---|
|
<UserName> |
Input your user ID this is same for your GCC User Interface |
|
<Password> |
Input your password this is same for your GCC User Interface |
|
<ProductCode> |
See section 2 and basis the same you can add Product Code like MMC, VMC, GMC, CMC |
|
<AgreementVersion> |
This depicts the current version of the Service Agreement |
|
<AgreementText> |
This field presents the complete Service Agreement text. |
|
<SuccessCode> |
0 means its successful. For detailed information please visit XML Definition section |
GetCertPEMFile Request
This request enables retrieval of the PEM certificate file upon issuance. It also provides direct access to the PEM-encoded certificate chain file, which can be deployed on your public-facing server URLs. If a reissue is required, you may use this request accordingly.
Fields Definition
|
Fields |
Definition |
|---|---|
|
<UserName> |
Input your user ID this is same for your GCC User Interface |
|
<Password> |
Input your password this is same for your GCC User Interface |
|
<OrderID> |
Please enter the order ID for the PEM file you wish to receive. |
|
<MCHostingPEM> |
This field will return the PEM Encoded Certificate chain file. |
|
<AgreementVersion> |
This depicts the current version of the Service Agreement |
|
<SuccessCode> |
0 means its successful. For more information please visit XML Definition section |
GetOrderByOrderID Request
This request will enable you to obtain comprehensive information regarding your issued certificate.
Fields Definition
|
Fields |
Definition |
|---|---|
|
<UserName> |
Input your user ID this is same for your GCC User Interface |
|
<Password> |
Input your password this is same for your GCC User Interface |
|
<OrderID> |
Please enter the order ID for the PEM file you wish to receive. |
|
<ReturnFulfillment>
|
TRUE / FALSE : Use TRUE in case you wish to receive the PEM End Entity file IF This is kept as empty then you will not receive the PEM File so we request you to keep this as TRUE |
|
<ReturnCACerts> |
TRUE / FALSE : Use TRUE in case you wish to receive the PEM Encoded chain file which contains both Intermediate Certificate Authority (ICA) and Root. This is the file that you can place directly on your public facing server Use FALSE , in case you wish to just receive the End Entity PEM file |
|
<SuccessCode> |
0 means your request has been accepted and is successful |
|
<Timestamp> |
Time when the request tis processed |
|
<ProductCode> |
This will return the code of the Mark Certificate : Please have a look at section 2 to understand this. |
|
<OrderKind> |
New / Renewal: indicates the order type |
|
<Licenses> |
1 : as this Retail certificates so this depicts the license number as 1. |
|
<DomainName> |
Depicts the primary domain added in Mark Certificate |
|
<OrderDate> |
The date on which this order was initiated to be placed |
|
<OrderCompleteDate> |
The date on which this order is completed. |
|
<OrderStatus> |
4 : Please look at XML Fields Definitions :-> Data Definitions |
|
<Price> |
Certificate price |
|
<Currency>
|
Currency for your Order Price |
|
<ValidityPeriod> |
To know for how many months is this certificate valid |
|
<OrganizationInfo> |
This structure will return your organization details as parsed in the certificates. |
|
<RequestorInfo> |
A Certificate Requester is a natural person who is Applicant, employed by Applicant, or an authorized agent who has express authority to represent Applicant or a third party (such as an ISP or hosting company) that completes and submits a Certificate Request on behalf of Applicant. |
|
<ApproverInfo> |
A Certificate Approver is a natural person who is Applicant, employed by Applicant, or an authorized agent who has express authority to represent Applicant to (i) act as a Certificate Requester and to authorize other employees or third parties to act as a Certificate Requester, and (ii) to approve Certificate Requests submitted by other Certificate Requesters. |
|
<AuthorizedSignerInfo> |
A Contract Signer is a natural person who is Applicant, employed by Applicant, or an authorized agent who has express authority to represent Applicant who has authority on behalf of Applicant to sign Subscriber Agreements on behalf of Applicant. |
|
<JurisdictionInfo> |
Jurisdiction of Incorporation Details. |
|
<ContactInfo> |
Primary Contact Information of for a certificate request. |
|
<CertificateInfo> |
This structure contains information stored related to the certificate in various Query operations. |
|
<CACertificates> |
This is the list of CA certificates associated with the server / mark certificate. If present, there must be one or more <CACertificate> fields in this structure. The Root certificate will always be present in this structure, and there may be one or more intermediate CA certificates. |
|
<CACertType> |
ROOT/INTER Type of PEM file |
|
<CACert> |
ROOT/INTER Certificate PEM file |
|
<X509Cert> |
End Entity Certificate PEM file |
|
<OriginalCSR> |
In Mark Certificates, user do not have to provide the CSR; but our system automatically creates one for the user in the backend: this displays the CSR created |
|
<ModificationEvents> |
See the Data Definitions section in the XML Fields Definitions |
RevokeOrder Request
If you need to revoke the certificate yourself in the future, this request will assist you.
Fields Definition
|
Fields |
Definition |
|---|---|
|
<UserName> |
Input your user ID this is same for your GCC User Interface |
|
<Password> |
Input your password this is same for your GCC User Interface |
|
<OrderID> |
Please enter the order ID for the PEM file you wish to receive. |
|
<RevokeReason> |
0 : unspecified 3 : affiliationChanged 4 : superseded 5 : cessationOfOperation |
|
<SuccessCode> |
0 means your request has been accepted and is successful |
GetRequestForm Request
Use this request to get the application form if your region needs it for vetting. Otherwise, you may disregard this request.
Fields Definition
|
Fields |
Definition |
|---|---|
|
<UserName> |
Input your user ID this is same for your GCC User Interface |
|
<Password> |
Input your password this is same for your GCC User Interface |
|
<OrderID> |
Please enter the order ID against whom you want to request for form |
|
<URL> |
The URL for the requested application form. Please copy and paste it into your browser to access the form. |
|
<SuccessCode> |
0 means your request has been accepted and is successful |
TrademarkCountry and Office List
For TrademarkCountryOrRegionName, please refer to the two-digit ISO codes as outlined in the document available at: https://www.wipo.int/documents/d/standards/docs-en-03-03-01.pdf. Regarding the TrademarkOffice List, we are providing a selection of some of the most frequently used and prominent offices for your reference, please refer to this page↗.
SSL Configuration Test
Check your certificate installation for SSL issues and vulnerabilities.