Domains
Add and verify sending domains via the Sendry API.
You must verify at least one domain before sending live emails. Verification proves you own the domain and configures DKIM, SPF, and DMARC records.
Add domain
POST /v1/domainsRequires full_access scope.
Request body
{
"name": "acme.com"
}| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Fully qualified domain name. |
Response
{
"id": "dom_abc123",
"name": "acme.com",
"status": "pending",
"dns_records": [
{
"type": "TXT",
"host": "_dmarc.acme.com",
"value": "v=DMARC1; p=none; rua=mailto:dmarc@acme.com",
"name": "DMARC",
"verified": false
},
{
"type": "TXT",
"host": "sendry._domainkey.acme.com",
"value": "v=DKIM1; k=rsa; p=MIGfMA0...",
"name": "DKIM",
"verified": false
},
{
"type": "TXT",
"host": "acme.com",
"value": "v=spf1 include:spf.sendry.online ~all",
"name": "SPF",
"verified": false
}
],
"created_at": "2025-03-12T09:00:00Z"
}Add all three DNS records to your DNS provider, then call Verify domain.
Verify domain
POST /v1/domains/:id/verifyRequires full_access scope. Checks all DNS records and updates the domain status.
Response — all records verified
{
"id": "dom_abc123",
"name": "acme.com",
"status": "verified",
"spf_verified": true,
"dkim_verified": true,
"dmarc_verified": true,
"checks": [
{ "kind": "spf", "verified": true, "record": "acme.com", "actual": "v=spf1 include:amazonses.com ~all", "expected": "v=spf1 include:amazonses.com ~all", "issue": null, "next_step": null },
{ "kind": "dkim", "verified": true, "record": "sendry1731.test._domainkey.acme.com", "actual": "v=DKIM1; k=rsa; p=MIIB...", "expected": "v=DKIM1; k=rsa; p=MIIB...", "issue": null, "next_step": null },
{ "kind": "dmarc", "verified": true, "record": "_dmarc.acme.com", "actual": "v=DMARC1; p=none;", "expected": "v=DMARC1; p=none;", "issue": null, "next_step": null }
]
}Response — verification failed (actionable guidance)
When one or more records fail, every entry in checks carries a plain-language issue and next_step. Each entry is self-contained — you can render it as a checklist item without consulting any other field.
{
"id": "dom_abc123",
"name": "acme.com",
"status": "failed",
"spf_verified": false,
"dkim_verified": false,
"dmarc_verified": true,
"checks": [
{
"kind": "spf",
"verified": false,
"record": "acme.com",
"actual": null,
"expected": "v=spf1 include:amazonses.com ~all",
"issue": "No TXT record found at acme.com",
"next_step": "Add a TXT record at acme.com with value: v=spf1 include:amazonses.com ~all. Wait 5-15 min for DNS propagation."
},
{
"kind": "dkim",
"verified": false,
"record": "sendry1731.test._domainkey.acme.com",
"actual": "v=DKIM1; k=rsa; p=DIFFERENT",
"expected": "v=DKIM1; k=rsa; p=MIIB...",
"issue": "DKIM public key at sendry1731.test._domainkey.acme.com does not match the expected value",
"next_step": "The public key at sendry1731.test._domainkey.acme.com does not match. Copy the exact expected value above and replace the TXT record — some DNS providers truncate long TXT values, which breaks DKIM. Wait 5-15 min for DNS propagation."
},
{
"kind": "dmarc",
"verified": true,
"record": "_dmarc.acme.com",
"actual": "v=DMARC1; p=none;",
"expected": "v=DMARC1; p=none;",
"issue": null,
"next_step": null
}
]
}checks[].kind
| Value | Description |
|---|---|
spf | Apex TXT record advertising authorized senders. |
dkim | TXT record at <selector>._domainkey.<domain> holding the public key. |
dmarc | TXT record at _dmarc.<domain> declaring the alignment policy. |
mx | Returned when inbound is enabled for this domain. |
return_path | Returned when a custom return path subdomain is configured. |
Status values: pending, verified, failed
If some records are not yet propagated, the status remains pending. Wait a few minutes and verify again — DNS propagation typically takes 2–10 minutes but can take up to 48 hours. The dashboard renders the checks array as an inline checklist on the domain detail page.
Get domain
GET /v1/domains/:idRequires read_only scope.
Returns the full domain object including DNS records and their current verification status.
List domains
GET /v1/domainsRequires read_only scope.
Query parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
limit | number | 50 | Results per page (1–100). |
cursor | string | Pagination cursor. |
Response
{
"data": [
{
"id": "dom_abc123",
"name": "acme.com",
"status": "verified",
"dns_records": [...],
"created_at": "2025-03-12T09:00:00Z"
}
],
"has_more": false,
"next_cursor": null
}Delete domain
DELETE /v1/domains/:idRequires full_access scope. Deletes the domain and all associated DNS configuration. Emails from this domain will fail after deletion.
Transfer domain
POST /v1/domains/:id/transferMove a domain to another organization. Requires full_access scope and a dashboard session (not an API key). The signed-in user must own or be an admin of the target organization.
Request body
| Field | Type | Required | Description |
|---|---|---|---|
target_org_id | string | Yes | ID of the organization the domain should be moved to. |
Response
Returns the same shape as GET /v1/domains/:id, now scoped to the target org. DNS records, verification status, TLS policy, return-path, and BIMI configuration are all preserved.
If a domain with the same name already exists in the target org, the request fails with 409 domain_already_exists.
DNS records explained
| Record | Purpose |
|---|---|
| SPF | Authorizes Sendry's servers to send mail on behalf of your domain |
| DKIM | Cryptographically signs outgoing emails to prevent spoofing |
| DMARC | Policy for handling SPF/DKIM failures; enables reporting |
All three records must be verified for reliable deliverability.
BIMI support
Pro and higher plans support BIMI (Brand Indicators for Message Identification), which displays your logo in supporting email clients. BIMI requires a verified DMARC record with p=quarantine or p=reject policy.
Configure BIMI for a domain
POST /v1/domains/:id/bimi| Field | Type | Required | Description |
|---|---|---|---|
logo_url | string | Yes | HTTPS URL to your logo. Must end in .svg (SVG Tiny PS). |
vmc_url | string | No | HTTPS URL to your Verified Mark Certificate. Ends in .pem. Required by Gmail and Apple Mail. |
selector | string | No | DNS selector. Defaults to default. |
The response includes the generated BIMI TXT record value and the DNS host (e.g. default._bimi.example.com). Add that record to your DNS, then call:
POST /v1/domains/:id/bimi/verifyto check whether the DNS record is published and (if a VMC was provided) that the certificate is reachable.
GET /v1/domains/:id/bimi
DELETE /v1/domains/:id/bimiretrieve or remove the configuration. The dashboard's domain detail page exposes the same flow through a form — logo URL, optional VMC URL, selector, Verify, and Remove.
See the Domain Setup guide for step-by-step DNS instructions.