Custom domain management for an account: add, verify, and remove domains used for white-labeled portals and issuers.
Base URL: https://api.authpi.com — see the Core API overview for
authentication, pagination, and idempotency, or try these endpoints in the
interactive reference.
GET/v1/accounts/{account_id}/domainsList Account Domains
List all custom domains for an account, including their verification and assignment status.
| Name | Type | Required | Description |
|---|---|---|---|
account_id | string | Required | The unique identifier of the account |
| Code | Description | Schema |
|---|---|---|
| 200 | Domains retrieved successfully | object |
| 401 | Unauthorized - Authentication is required or has failed. | ApiError |
| 403 | Forbidden - You don't have permission to perform this action. | ApiError |
| 404 | Not Found - The requested resource does not exist. | ApiError |
POST/v1/accounts/{account_id}/domainsAdd Account Domain
Add a custom domain to the account.
The domain is added in an unverified state. Verification will happen via Cloudflare Custom Hostnames when the domain is assigned to an issuer (Phase 2).
Limits: Maximum 20 domains per account.
| Name | Type | Required | Description |
|---|---|---|---|
account_id | string | Required | The unique identifier of the account |
Content type: application/json
| Property | Type | Required | Description |
|---|---|---|---|
host | string | Required | Domain name (e.g., 'auth.example.com') |
| Code | Description | Schema |
|---|---|---|
| 201 | Domain added successfully | object |
| 400 | Bad Request - The request is malformed or contains invalid data. | ApiError |
| 401 | Unauthorized - Authentication is required or has failed. | ApiError |
| 403 | Forbidden - You don't have permission to perform this action. | ApiError |
| 404 | Not Found - The requested resource does not exist. | ApiError |
| 409 | Conflict - The request conflicts with the current state of the resource. | ApiError |
DELETE/v1/accounts/{account_id}/domains/{domain}Remove Account Domain
Remove a custom domain from the account.
If the domain is assigned to an issuer, the assignment and global routing index are cleaned up automatically.
| Name | Type | Required | Description |
|---|---|---|---|
account_id | string | Required | The unique identifier of the account |
domain | string | Required | Domain name (e.g., 'auth.example.com') |
| Code | Description | Schema |
|---|---|---|
| 204 | No Content - The operation completed successfully with no response body. | — |
| 401 | Unauthorized - Authentication is required or has failed. | ApiError |
| 403 | Forbidden - You don't have permission to perform this action. | ApiError |
| 404 | Not Found - The requested resource does not exist. | ApiError |
POST/v1/accounts/{account_id}/domains/{domain}/verifyVerify Account Domain
Mark a domain as verified.
In Phase 2, this will be called automatically when Cloudflare confirms the Custom Hostname is active. For now, it can be called manually (e.g., by an admin) after verifying ownership.
| Name | Type | Required | Description |
|---|---|---|---|
account_id | string | Required | The unique identifier of the account |
domain | string | Required | Domain name (e.g., 'auth.example.com') |
| Code | Description | Schema |
|---|---|---|
| 200 | Domain verified successfully | object |
| 400 | Bad Request - The request is malformed or contains invalid data. | ApiError |
| 401 | Unauthorized - Authentication is required or has failed. | ApiError |
| 403 | Forbidden - You don't have permission to perform this action. | ApiError |
| 404 | Not Found - The requested resource does not exist. | ApiError |
POST/v1/accounts/{account_id}/domains/{domain}/assignAssign Domain to Issuer
Assign a verified domain to an issuer owned by this account.
Once assigned, the IDP portal will route traffic for this domain to the specified issuer. A global KV index is written for fast domain-to-issuer lookups at the edge.
Requirements:
| Name | Type | Required | Description |
|---|---|---|---|
account_id | string | Required | The unique identifier of the account |
domain | string | Required | Domain name (e.g., 'auth.example.com') |
Content type: application/json
| Property | Type | Required | Description |
|---|---|---|---|
issuer_id | string | Required | The issuer ID to assign this domain to |
| Code | Description | Schema |
|---|---|---|
| 200 | Domain assigned to issuer successfully | object |
| 400 | Bad Request - The request is malformed or contains invalid data. | ApiError |
| 401 | Unauthorized - Authentication is required or has failed. | ApiError |
| 403 | Forbidden - You don't have permission to perform this action. | ApiError |
| 404 | Not Found - The requested resource does not exist. | ApiError |
POST/v1/accounts/{account_id}/domains/{domain}/unassignUnassign Domain from Issuer
Remove the issuer assignment from a domain.
The domain remains on the account but is no longer routed to any issuer. The global KV index entry is removed.
| Name | Type | Required | Description |
|---|---|---|---|
account_id | string | Required | The unique identifier of the account |
domain | string | Required | Domain name (e.g., 'auth.example.com') |
| Code | Description | Schema |
|---|---|---|
| 200 | Domain unassigned successfully | object |
| 400 | Bad Request - The request is malformed or contains invalid data. | ApiError |
| 401 | Unauthorized - Authentication is required or has failed. | ApiError |
| 403 | Forbidden - You don't have permission to perform this action. | ApiError |
| 404 | Not Found - The requested resource does not exist. | ApiError |