Domain Verification¶
Before certain platform features can use a domain (e.g. automatic TLS, external email routing), you must prove you control it. Verification uses a DNS TXT record that only the domain owner can create.
Endpoints¶
| Method | Path | Description |
|---|---|---|
GET | /dns/domains?organization_id=<uuid> | List verified domains |
POST | /dns/domains | Add a domain for verification |
GET | /dns/domains/{id} | Show domain and verification status |
PATCH | /dns/domains/{id} | Update domain record |
DELETE | /dns/domains/{id} | Remove a domain |
POST | /dns/domains/{id}/verify | Trigger a verification check |
POST | /dns/domains/{id}/regenerate | Regenerate the verification token |
Add a domain¶
POST /dns/domains
Authorization: Bearer <token>
Content-Type: application/json
{
"domain": {
"name": "example.com",
"organization_id": "<uuid>"
}
}
Returns 201 Created with a domain object that includes a verification_token.
Create the TXT record¶
Add a TXT record at your DNS registrar (or in your b'nerd DNS zone if the zone is already hosted here):
The record name is always _bnerd-verification.<your-domain>.
Trigger verification¶
Once the TXT record is live (allow a few minutes for propagation), call:
The platform performs a DNS lookup for the TXT record. If found and matching, the domain status changes to verified.
If verification fails, the response describes the reason. Common causes:
- The TXT record has not propagated yet — wait and retry.
- The token in the TXT record does not match — regenerate the token and update the record.
Regenerate token¶
If the token is compromised or the verification record was lost:
Returns a new verification_token. Update your TXT record to the new value and re-verify.