Numbers from account IDs

Hello,

We’re in the process of migrating my team’s LE client implementation from v1 to v2. We anticipate that our users will have cause to request an adjustment to the new rate limit on certificate orders and so want to provide them with their LE/ACME account ID so they will have all of the necessary information.

(Heretofore we’ve not exposed the information via our UI.)

What I’m wondering is:


  1. Given an account ID like:

https://acme-v02.api.letsencrypt.org/acme/acct/12345678

… and the note in Finding Account IDs - Let's Encrypt that:

You can also provide just the digits at the end of that URL as a shorthand.

… is there any established nomenclature that distinguishes that 12345678 from the full account ID? We’re leery about telling users that their “account ID” is 12345678 when “account ID” more prevalently seems to refer to the full URL.


  1. Is it safe to assume that LE’s “account ID” URL will always match the regexp /.+\/([0-9]+)$/, where the capture represents the “account number”?
1 Like

Hi @fgasper,

Great question. Thanks for posting it :+1:

I'm not aware of any nomenclature for this beyond the "shorthand" sentence you linked. I was actually surprised to see that there.

I think in an RFC 8555 world we should try to refer to the account ID as the whole URL, and not any specific component of it. I'll propose changing our docs to remove the shorthand note and emphasize this. The fact that there is a numeric shorthand is definitely LE specific and not a function of ACME/RFC 8555.

Yes, that's safe to assume for LE. It's very unlikely we'll be changing this.

1 Like

One more note: in the specific context of requesting a Let's Encrypt rate limit adjustment we would know what to do with either a full URL or the shorthand. It shouldn't cause any issues for your users with LE if they choose to share one or the other.

Heh, me too. I missed it the first time; a coworker pointed it out.

I actually think the shorthand is useful from a UX perspective because it allows people to reference the ACME account more flexibly (e.g., via telephone) and reduces visual noise.

I wonder if it would be worthwhile to define that number as the “account number”, a substring of the “account ID”. (Notwithstanding the confusion of having two “identifiers” to refer to the account, one of which is LE-specific.)

Agreed, I'm only concerned that it might cause confusion down the road if other ACME CA's don't support the same shorthand.

You would like to see this defined in our docs, or more broadly within the ACME community?

My thought is LE’s docs, since (at least currently) “account number”—or, maybe better: “short account ID”—is an LE-specific pattern.

That having been said, I think I’m going to recommend to my team that we just use the full account ID for now then reevaluate the use case for a “short account ID” if a case for it materializes. Hopefully—particularly given the wildcard support now—these rate limit errors will be relatively few.

2 Likes

Fixed with docs: update account-id page, remove shorthand. by cpu · Pull Request #580 · letsencrypt/website · GitHub (though not yet deployed)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.