Connect Domain
Connect flow

Verify ownership & go live

The ownership TXT check, per-record propagation reporting, and cert issuance.

Verify ownership

curl -X POST http://localhost:8080/v1/connections/<ID>/verify \
  -H "Authorization: Bearer <YOUR_KEY>"

This confirms the ownership TXT published at _customdomain-challenge.<hostname> matches the challenge value (see the ask gate). On success the connection moves to verified. The background worker also runs this check automatically once the TXT is visible, so polling it yourself is optional.

If the application has a delegated DNS credential, the scoped provider token is implicit proof of control and this manual step is skipped entirely.

Watch propagation → live

curl -X POST http://localhost:8080/v1/connections/<ID>/records:check \
  -H "Authorization: Bearer <YOUR_KEY>"

Returns a per-record propagation report:

{
  "records": [
    { "host": "app.customer.com", "type": "CNAME", "value": "edge.connectdomain.app", "propagated": true, "observed_value": "edge.connectdomain.app" }
  ]
}

When every desired record resolves to its intended value, the connection becomes live: the edge issues the TLS certificate on the next handshake, and you receive ssl.issued and domain.flow.completed webhooks, fired exactly once as a pair.

After go-live: drift

A background worker periodically re-checks live domains. If records stop resolving to their intended values, the connection transitions to drifted and fires domain.drift — see connections.

On this page