Skip to contentSkip to navigationSkip to topbar
On this page

Authenticate a domain



API Overview

api-overview page anchor

An authenticated domain allows you to remove the "via" or "sent on behalf of" message that your recipients see when they read your emails. Authenticating a domain allows you to replace sendgrid.net with your personal sending domain. You will be required to create a subdomain so that SendGrid can generate the DNS records which you must give to your host provider. If you choose to use Automated Security, SendGrid will provide you with 3 CNAME records. If you turn Automated Security off, you will get 2 TXT records and 1 MX record.

Domain Authentication was formerly called "Domain Whitelabel".

For more information, please see How to set up domain authentication.

(information)

Info

Each user may have a maximum of 3,000 authenticated domains and 3,000 link brandings. This limit is at the user level, meaning each Subuser belonging to a parent account may have its own 3,000 authenticated domains and 3,000 link brandings.


POST/v3/whitelabel/domains

Base url: https://api.sendgrid.com (for global users and subusers)

Base url: https://api.eu.sendgrid.com (for EU regional subusers)

This endpoint allows you to authenticate a domain.

If you are authenticating a domain for a subuser, you have two options:

  1. Use the "username" parameter. This allows you to authenticate a domain on behalf of your subuser. This means the subuser is able to see and modify the authenticated domain.
  2. Use the Association workflow (see Associate Domain section). This allows you to authenticate a domain created by the parent to a subuser. This means the subuser will default to the assigned domain, but will not be able to see or modify that authenticated domain. However, if the subuser authenticates their own domain it will overwrite the assigned domain.

Authentication

authentication page anchor
Property nameTypeRequiredDescription
Authorizationstringrequired
Default: Bearer <<YOUR_API_KEY_HERE>>

on-behalf-ofstringOptional

The on-behalf-of header allows you to make API calls from a parent account on behalf of the parent's Subusers or customer accounts. You will use the parent account's API key when using this header. When making a call on behalf of a customer account, the property value should be "account-id" followed by the customer account's ID (e.g., on-behalf-of: account-id <account-id>). When making a call on behalf of a Subuser, the property value should be the Subuser's username (e.g., on-behalf-of: <subuser-username>). See On Behalf Of for more information.

Encoding type:application/json
SchemaExample
Property nameTypeRequiredDescriptionChild properties
domainstringrequired

Domain being authenticated.


subdomainstringOptional

The subdomain to use for this authenticated domain.


usernamestringOptional

The username associated with this domain.


ipsarray[string]Optional

The IP addresses that will be included in the custom SPF record for this authenticated domain.


custom_spfbooleanOptional

Specify whether to use a custom SPF or allow SendGrid to manage your SPF. This option is only available to authenticated domains set up for manual security.


defaultbooleanOptional

Whether to use this authenticated domain as the fallback if no authenticated domains match the sender's domain.


automatic_securitybooleanOptional

Whether to allow SendGrid to manage your SPF records, DKIM keys, and DKIM key rotation.


custom_dkim_selectorstringOptional

Add a custom DKIM selector. Accepts three letters or numbers.


regionstringOptional

The region of the domain. Allowed values are global and eu. The default value is global.

201
SchemaExample
Property nameTypeRequiredDescriptionChild properties
idnumber

The ID of the authenticated domain.


user_idnumber

The ID of the user that this domain is associated with.


subdomainstring

The subdomain to use for this authenticated domain.


domainstring

The domain to be authenticated.


usernamestring

The username that this domain will be associated with.


ipsarray[string]

The IPs to be included in the custom SPF record for this authenticated domain.


custom_spfboolean

Indicates whether this authenticated domain uses custom SPF.


defaultboolean

Indicates if this is the default authenticated domain.


legacyboolean

Indicates if this authenticated domain was created using the legacy whitelabel tool. If it is a legacy whitelabel, it will still function, but you'll need to create a new authenticated domain if you need to update it.


automatic_securityboolean

Indicates if this authenticated domain uses automated security.


validboolean

Indicates if this is a valid authenticated domain.


dnsobject

The DNS records used to authenticate the sending domain.

Authenticate a domainLink to code sample: Authenticate a domain
1
const client = require("@sendgrid/client");
2
client.setApiKey(process.env.SENDGRID_API_KEY);
3
4
const data = {
5
domain: "example.com",
6
subdomain: "news",
7
username: "john@example.com",
8
ips: ["192.168.1.1", "192.168.1.2"],
9
custom_spf: true,
10
default: true,
11
automatic_security: false,
12
custom_dkim_selector: "string",
13
region: "global",
14
};
15
16
const request = {
17
url: `/v3/whitelabel/domains`,
18
method: "POST",
19
body: data,
20
};
21
22
client
23
.request(request)
24
.then(([response, body]) => {
25
console.log(response.statusCode);
26
console.log(response.body);
27
})
28
.catch((error) => {
29
console.error(error);
30
});

Need some help?

Terms of service

Copyright © 2024 Twilio Inc.