picture of tbs certificates
picture of tbs certificates
Our products range

Install a certificate to use the ANAPLAN API

In order to use the ANAPLAN API, you must acquire a client certificate with the S/MIME attribute like the TBS X509 Email Professional.

Generation of the private key and CSR

There is no tool specific to ANAPLAN to generate the private key and the CSR. So you have to use a third party tool, the best known being OpenSSL. You can also use our online tool Keybot:

Installation of the certificate

Extraction of the certificate in PEM format

ANAPLAN needs a certificate in PEM format. To get this certificate:

  • Go to the certificate status page (link available in the delivery email or by logging into your account).

  • Click on "View certificate" to bring up a popup and click on the link "View certificate in X509 format with chain".

  • Download the file whose name starts with "pem-XXXXXXXXXX-XXXXXX.pem".

  • Open the .pem file with a text editor (Windows Notepad or Notepad++). In this file you will find several "blocks" starting with
    -------BEGIN CERTIFICATE-------
     -------END CERTIFICATE-------

  • Keep only the first block of this file and delete everything else. Save the file with a new name, for example "certificate.pem".

Import of your certificate on the Anaplan platform

This part will be used to ensure that your certificate is known to Anaplan, so that you are allowed to use the API.

  • Log into the Anaplan administration interface ( with administrator rights.

  • In the top left corner, click on the icon with the three horizontal lines and navigate to Administration->Security->Certificates

  • Click on "Add certificates" and go get the previously saved file ("certificate.pem")

Certificate configuration for Anaplan Connect v.1.4.X

The configuration is done with a script : in .bat for Windows, in .sh if you are under Linux

You have two possibilities to implement the certificate in the configuration file:

  • either with a certificate and its private key in two separate files.
  • either via a JAVA keystore

Below, we will show how to configure the certificate and its private key in a Windows script.

Retrieve your previously saved file, as well as the private key of your certificate. As a reminder, this private key was generated :

  • either when ordering with our Keybot tool. You have downloaded a .pkey file which is password protected.
  • either with OpenSSL. Your private key file can have the extension .key, .pkey or .pem, password protected or not.

Define a path where these two files will be saved. This is the path you will need to specify in the script for Anaplan Connect. Here is an example of a script on Windows that allows you to test:

@echo off

set CertPath="C:\Anaplan_Connect\Certs\Public Certificate.pem"
set PrivateKey="C:\Anaplan_Connect\Certs\Private Key.pem:"

set WorkspaceId="workspaceGUID"
set ModelId="modelGUID"
set ServiceUrl=""
set AuthUrl=""

set FileName="Employee.txt"
set FilePath="C:\Anaplan_Connect\Imports\Employee.txt"
set ImportName="New Hire from Employee.txt"
set DumpName="C:\Anaplan_Connect\Errors\My Errors.txt"
set Chunksize=15

set Operation=-debug -chunksize %Chunksize% -file %FileName% -put %FilePath% -import %ImportName% -execute -output %DumpName%

set Credentials=-certificate %CertPath% -pkey %PrivateKey%

rem *** End of settings - Do not edit below this line ***

setlocal enableextensions enabledelayedexpansion || exit /b 1
cd %~dp0

set Command=.\AnaplanClient.bat %Credentials% -service %ServiceUrl% -auth %AuthUrl% -workspace %WorkspaceId% -model %ModelId% %Operation%
@echo %Command%
cmd /c %Command%

NOTE: If your private key is password protected, you have two options:

  • you want to use the password : on the line "set PrivateKey...", you must indicate the password after the sign ":". Example:
    set PrivateKey="C:\Anaplan_Connect\Certs\Private Key.pem:password"
    In this case, the password is in clear text in your configuration file
  • you do not want to use the password: you have to decrypt your private key, either with OpenSSL (see our FAQ), or by using our online tool: Private key decryption. In the script, on the line "SetPrivateKey, indicate the path and the name of your private key and end with the sign ":" (see the example above).

All you have to do is save your script.

Useful links