...
We strongly recommend to not make use of
Guest URLs that anyone can use to issue certificates. Any form of check is completely bypassed when using Guest URLs.
API keys unless you want to program your own interface.
Under Authentication Settings you can enable the two factors of authentication for login (2FA). Both client certificates and One Time Passwords (OTP) are available. Refer to the DigiCert Two-Factor Authentication section in the user guide (Documents section in this wiki) for more info. Switch on 2FA by individual user, not for your entire division or entire account; and also one by one. So if one admin locks himself out of the service, another admin can solve the problem. You can click '30 day' caching of a two factor authentication for the computer you are logging into. If its IP address changes (laptop...) you need re-authentication.