Domain Authentication
An authenticated domain allows you to remove the “via” or “sent on behalf of” message that your recipients see when they read your emails. Authenticating a domain allows you to replace sendgrid.net with your personal sending domain. You will be required to create a subdomain so that SendGrid can generate the DNS records which you must give to your host provider. If you choose to use Automated Security, SendGrid will provide you with 3 CNAME records. If you turn Automated Security off, you will get 2 TXT records and 1 MX record.
Domain Authentication was formerly called "Domain Whitelabel".
For more information, please see How to set up domain authentication.
Each user may have a maximum of 3,000 authenticated domains and 3,000 link brandings. This limit is at the user level, meaning each Subuser belonging to a parent account may have its own 3,000 authenticated domains and 3,000 link brandings.
Authenticate a domain
POST /v3/whitelabel/domains
Base url: https://api.sendgrid.com
This endpoint allows you to authenticate a domain.
If you are authenticating a domain for a subuser, you have two options: 1. Use the "username" parameter. This allows you to authenticate a domain on behalf of your subuser. This means the subuser is able to see and modify the authenticated domain. 2. Use the Association workflow (see Associate Domain section). This allows you to authenticate a domain created by the parent to a subuser. This means the subuser will default to the assigned domain, but will not be able to see or modify that authenticated domain. However, if the subuser authenticates their own domain it will overwrite the assigned domain.
Authentication
- API Key
Headers
The on-behalf-of header allows you to make API calls from a parent account on behalf of the parent's Subusers or customer accounts. You will use the parent account's API key when using this header. When making a call on behalf of a customer account, the property value should be "account-id" followed by the customer account's ID (e.g., on-behalf-of: account-id <account-id>). When making a call on behalf of a Subuser, the property value should be the Subuser's username (e.g., on-behalf-of: <subuser-username>). See On Behalf Of for more information.
Request Body
Domain being authenticated.
The subdomain to use for this authenticated domain.
The username associated with this domain.
The IP addresses that will be included in the custom SPF record for this authenticated domain.
Specify whether to use a custom SPF or allow SendGrid to manage your SPF. This option is only available to authenticated domains set up for manual security.
Whether to use this authenticated domain as the fallback if no authenticated domains match the sender's domain.
Whether to allow SendGrid to manage your SPF records, DKIM keys, and DKIM key rotation.
Add a custom DKIM selector. Accepts three letters or numbers.
The region of the domain. Allowed values are global and eu. The default value is global.
{
"domain": "example.com",
"subdomain": "news",
"username": "john@example.com",
"ips": [
"192.168.1.1",
"192.168.1.2"
],
"custom_spf": true,
"default": true,
"automatic_security": false,
"custom_dkim_selector": "string",
"region": "global"
}Responses
The ID of the authenticated domain.
The ID of the user that this domain is associated with.
The subdomain to use for this authenticated domain.
The domain to be authenticated.
The username that this domain will be associated with.
The IPs to be included in the custom SPF record for this authenticated domain.
Indicates whether this authenticated domain uses custom SPF.
Indicates if this is the default authenticated domain.
Indicates if this authenticated domain was created using the legacy whitelabel tool. If it is a legacy whitelabel, it will still function, but you'll need to create a new authenticated domain if you need to update it.
Indicates if this authenticated domain uses automated security.
Indicates if this is a valid authenticated domain.
The DNS records used to authenticate the sending domain.
The CNAME for your sending domain that points to sendgrid.net.
Indicates if this is a valid CNAME.
The type of DNS record.
The domain that this CNAME is created for.
format: hostnameThe CNAME record.
A DNS record.
Indicates if this is a valid DNS record.
The type of DNS record.
The domain that this DNS record was created for.
The DNS record.
A DNS record.
Indicates if this is a valid DNS record.
The type of DNS record.
The domain that this DNS record was created for.
The DNS record.
{
"id": 45373692,
"user_id": 66036447,
"subdomain": "sub",
"domain": "example.com",
"username": "jdoe",
"ips": [
"127.0.0.1"
],
"custom_spf": false,
"default": true,
"legacy": false,
"automatic_security": true,
"valid": true,
"dns": {
"mail_cname": {
"valid": true,
"type": "cname",
"host": "mail.example.com",
"data": "u7.wl.sendgrid.net"
},
"dkim1": {
"valid": true,
"type": "cname",
"host": "s1._domainkey.example.com",
"data": "s1._domainkey.u7.wl.sendgrid.net"
},
"dkim2": {
"valid": true,
"type": "cname",
"host": "s2._domainkey.example.com",
"data": "s2._domainkey.u7.wl.sendgrid.net"
}
}
}Need some help?
We all do sometimes. Get help now from the Twilio SendGrid Support Team.
Running into a coding hurdle? Lean on the wisdom of the crowd by browsing the SendGrid tag on Stack Overflow or visiting Twilio's Stack Overflow Collective.
