Skip to content Skip to navigation Skip to topbar

Authenticate a domain

API Overview

An authenticated domain allows you to remove the "via" or "sent on behalf of" message that your recipients see when they read your emails. Authenticating a domain allows you to replace sendgrid.net with your personal sending domain. You will be required to create a subdomain so that SendGrid can generate the DNS records which you must give to your host provider. If you choose to use Automated Security, SendGrid will provide you with 3 CNAME records. If you turn Automated Security off, you will get 2 TXT records and 1 MX record.

Domain Authentication was formerly called "Domain Whitelabel".

For more information, please see How to set up domain authentication.

(information)

Info

Each user may have a maximum of 3,000 authenticated domains and 3,000 link brandings. This limit is at the user level, meaning each Subuser belonging to a parent account may have its own 3,000 authenticated domains and 3,000 link brandings.

Operation overview

POST/v3/whitelabel/domains

Base url: https://api.sendgrid.com

This endpoint allows you to authenticate a domain.

If you are authenticating a domain for a subuser, you have two options:

Use the "username" parameter. This allows you to authenticate a domain on behalf of your subuser. This means the subuser is able to see and modify the authenticated domain.
Use the Association workflow (see Associate Domain section). This allows you to authenticate a domain created by the parent to a subuser. This means the subuser will default to the assigned domain, but will not be able to see or modify that authenticated domain. However, if the subuser authenticates their own domain it will overwrite the assigned domain.

Operation details

Authentication

API Key

Headers

Property nameTypeRequiredDescription

Authorizationstringrequired

Default: Bearer <<YOUR_API_KEY_HERE>>

on-behalf-ofstringOptional

The on-behalf-of header allows you to make API calls from a parent account on behalf of the parent's Subusers or customer accounts. You will use the parent account's API key when using this header. When making a call on behalf of a customer account, the property value should be "account-id" followed by the customer account's ID (e.g., on-behalf-of: account-id <account-id>). When making a call on behalf of a Subuser, the property value should be the Subuser's username (e.g., on-behalf-of: <subuser-username>). See On Behalf Of for more information.

Request body

SchemaExample

Property nameTypeRequiredDescriptionChild properties

domainstringrequired

Domain being authenticated.

subdomainstringOptional

The subdomain to use for this authenticated domain.

usernamestringOptional

The username associated with this domain.

ipsarray[string]Optional

The IP addresses that will be included in the custom SPF record for this authenticated domain.

custom_spfbooleanOptional

Specify whether to use a custom SPF or allow SendGrid to manage your SPF. This option is only available to authenticated domains set up for manual security.

defaultbooleanOptional

Whether to use this authenticated domain as the fallback if no authenticated domains match the sender's domain.

automatic_securitybooleanOptional

Whether to allow SendGrid to manage your SPF records, DKIM keys, and DKIM key rotation.

custom_dkim_selectorstringOptional

Add a custom DKIM selector. Accepts three letters or numbers.

regionstringOptional

The region of the domain. Allowed values are global and eu. The default value is global.

Responses

201

SchemaExample

Property nameTypeRequiredDescriptionChild properties

idnumber

The ID of the authenticated domain.

user_idnumber

The ID of the user that this domain is associated with.

subdomainstring

The subdomain to use for this authenticated domain.

domainstring

The domain to be authenticated.

usernamestring

The username that this domain will be associated with.

ipsarray[string]

The IPs to be included in the custom SPF record for this authenticated domain.

custom_spfboolean

Indicates whether this authenticated domain uses custom SPF.

defaultboolean

Indicates if this is the default authenticated domain.

legacyboolean

Indicates if this authenticated domain was created using the legacy whitelabel tool. If it is a legacy whitelabel, it will still function, but you'll need to create a new authenticated domain if you need to update it.

automatic_securityboolean

Indicates if this authenticated domain uses automated security.

validboolean

Indicates if this is a valid authenticated domain.

dnsobject

The DNS records used to authenticate the sending domain.

Show child properties for dns

Authenticate a domain

Node.js

Python

Java

PHP

Ruby

curl


_32const client = require('@sendgrid/client');
_32client.setApiKey(process.env.SENDGRID_API_KEY);
_32
_32const data = {
_32  "domain": "example.com",
_32  "subdomain": "news",
_32  "username": "john@example.com",
_32  "ips": [
_32    "192.168.1.1",
_32    "192.168.1.2"
_32  ],
_32  "custom_spf": true,
_32  "default": true,
_32  "automatic_security": false,
_32  "custom_dkim_selector": "string",
_32  "region": "global"
_32};
_32
_32const request = {
_32  url: `/v3/whitelabel/domains`,
_32  method: 'POST',
_32  body: data
_32}
_32
_32client.request(request)
_32  .then(([response, body]) => {
_32    console.log(response.statusCode);
_32    console.log(response.body);
_32  })
_32  .catch(error => {
_32    console.error(error);
_32  });