Verify ownership & go live
The ownership TXT check, per-record propagation reporting, and cert issuance.
Verify ownership
curl -X POST http://localhost:8080/v1/connections/<ID>/verify \
-H "Authorization: Bearer <YOUR_KEY>"This confirms the ownership TXT published at
_customdomain-challenge.<hostname> matches the challenge value (see
the ask gate).
On success the connection moves to verified. The background worker also runs
this check automatically once the TXT is visible, so polling it yourself is
optional.
If the application has a delegated DNS credential, the scoped provider token is implicit proof of control and this manual step is skipped entirely.
Watch propagation → live
curl -X POST http://localhost:8080/v1/connections/<ID>/records:check \
-H "Authorization: Bearer <YOUR_KEY>"Returns a per-record propagation report:
{
"records": [
{ "host": "app.customer.com", "type": "CNAME", "value": "edge.connectdomain.app", "propagated": true, "observed_value": "edge.connectdomain.app" }
]
}When every desired record resolves to its intended value, the connection
becomes live: the edge issues the TLS certificate on the next handshake, and
you receive ssl.issued and domain.flow.completed webhooks,
fired exactly once as a pair.
After go-live: drift
A background worker periodically re-checks live domains. If records stop
resolving to their intended values, the connection transitions to drifted and
fires domain.drift — see connections.