Domain¶

Domain entity. Domains are used as part of message sender addresses.

Domains in DUO can be enabled in two ways: - Sending domain — usable in the header-from of emails. - Bounce domain — usable in both header-from and envelope-from. Also used for landing page URLs.

Endpoints¶

Proof of Domain Control¶

Pre-shared Key¶

1. Create the domain via POST.
2. GET the new domain and read the proof_of_control field.
3. Publish a DNS TXT record on the domain with the exact content of proof_of_control.

RSA Key¶

1. Generate a 1024-bit RSA key pair:

   openssl genrsa -out duo-private.pem 1024
   openssl rsa -in duo-private.pem -pubout -out duo-public.pem
   

2. Publish a DNS TXT record: DUO-DOMAIN-VERIFICATION=rsa:<content of duo-public.pem>
3. Set proof_of_control to DUO-DOMAIN-VERIFICATION=rsa:<content of duo-private.pem> on POST or PUT.

The public key can be published on a parent domain (e.g. example.com covers all subdomains).

DNS Records¶

Sending domains: - Publish a DKIM TXT record: <dkim_selector>._domainkey.<domain> with value v=DKIM1; k=rsa; s=email; p=<dkim_public_key> - If you have an SPF record, prepend include:_spf.duo.pt as the first mechanism.

Bounce domains: - Publish a CNAME record for the domain pointing to go.duo.pt.

Activation¶

Domains activate automatically when DNS records are present. You can force a DNS check via PUT by setting is_sending and/or is_bouncing to true.

GET /domain/<domain>¶

Payload: No payload.

Returns: The domain.

POST /domain¶

Returns: The new domain.

PUT /domain/<domain>¶

Same payload as POST.

Returns: The edited domain.

DELETE /domain/<domain>¶

Payload: No payload.

Returns: The deleted domain.