DNSSEC Delegation Signer Webservice API
GKG.NET offers a RESTful webservice for managing your DNSSEC Delegation Signer records. All request and response bodies are JSON documents.
URI and JSON templates in this document are represented as follows:
- Values in %% are variables
- The value domain.org should be replaced with your own domain name.
- All other symbols are literals
All errors use JSON to suppliement their status codes:
{"details":"%message%"}
Authentication
All requests must authenticate using HTTP basic authentication using your
GKG username and password. If authentication credentials are not passed
with the request, a 401 Unauthorized response is returned.
If valid credentials are passed, but the given user does not have
permission to perform the operation, then a 403 Forbidden
response is returned. In order to create, list, or retrieve keys
associated with a domain, the given user must be either the registrant,
administrative, or techical contact for the domain being acted upon.
API Methods
The following API methods are available:
- Create a Delegation Signer Record
- Get a Delegation Signer Record
- List Delegation Signer Records
- Delete Delegation Signer Records
Create a Delegation Signer Record
In order to create a new DS record in your domain account, you need to use the
POST method on the domain.
Request
- URL
- https://www.gkg.net/ws/domain/domain.org/ds
- Method
- POST
- Headers
-
- Accept: application/json
- Content-Type: application/json
- Request Body
-
{ "digest":"625F055ACB65C8B60AD18B3640062E8C23A5FD89", "digestType":"1", "algorithm":"3", "keyTag":"12345", "maxSigLife":"3456000" }
Response
On success, a 201 Created
response is returned along with the location header containing the URL of
the newly created Delegation Signer Record. The response body is a JSON
representation of the created object.
The 415 Unsupported Media Type error is returned if an
incorrect JSON string is sent.
- Possible Status Codes
-
- 201 Created
- 401 Unauthorized
- 403 Forbidden
- 404 Not Found
- 415 Unsupported Media Type
- Headers
-
- Content-Type: application/json
- Location: https://www.gkg.net/ws/domain/domain.org/ds/%digest%
- Response Body
-
{ "digest":"625F055ACB65C8B60AD18B3640062E8C23A5FD89", "digestType":"1", "algorithm":"3", "keyTag":"12345", "maxSigLife":"3456000" }
Get A Delegation Signer Record
In order to retrieve a specific DS record, you need to use the GET
method on the DS record's url.
Request
- URL
- https://www.gkg.net/ws/domain/domain.org/ds/%digest%
- Method
- GET
- Headers
-
- Accept: application/json
Response
On success, a 200 OK response is returned, along with a
JSON representation of the record.
- Possible Status Codes
-
- 200 OK
- 401 Unauthorized
- 404 Not Found
- Headers
-
- Content-Type: application/json
- Response Body
-
{ "digest":"625F055ACB65C8B60AD18B3640062E8C23A5FD89", "digestType":"1", "algorithm":"3", "keyTag":"12345", "maxSigLife":"3456000" }
List Delegation Signer Records
In order to retrieve all DS records for a domain, you need to use the
GET method on the domain's URL.
Request
- URL
- https://www.gkg.net/ws/domain/domain.org/ds
- Method
- GET
- Headers
-
- Accept: application/json
Response
On success, a 200 OK response is returned, along with a
JSON array containing the list of DS records associated with the domain.
- Possible Status Codes
-
- 200 OK
- 401 Unauthorized
- 404 Not Found
- Headers
-
- Content-Type: application/json
- Response Body
-
[ { "digest":"625F055ACB65C8B60AD18B3640062E8C23A5FD89", "digestType":"1", "algorithm":"3", "keyTag":"12345", "maxSigLife":"3456000" }, { "digest":"1234555ACB65C8B60AD18B3640062E8C23A5FD89", "digestType":"1", "algorithm":"3", "keyTag":"54321", "maxSigLife":"3456000" } ]
Delete A Delegation Signer Record
In order to delete a DS record from a domain, you need to use the
DELETE method on the DS record's URL.
