Skip to content

feat(integration): add domain CRUD endpoints to integration API#2432

Open
ChanningHe wants to merge 1 commit intofosrl:devfrom
ChanningHe:feat-integration-api-domain-crud
Open

feat(integration): add domain CRUD endpoints to integration API#2432
ChanningHe wants to merge 1 commit intofosrl:devfrom
ChanningHe:feat-integration-api-domain-crud

Conversation

@ChanningHe
Copy link

@ChanningHe ChanningHe commented Feb 8, 2026

Community Contribution License Agreement

By creating this pull request, I grant the project maintainers an unlimited,
perpetual license to use, modify, and redistribute these contributions under any terms they
choose, including both the AGPLv3 and the Fossorial Commercial license terms. I
represent that I have the right to grant this license for all contributed content.

Description

  • Add 6 domain CRUD endpoints to integration API (get, create, update, delete, dns-records, restart)
  • Create verifyApiKeyDomainAccess middleware for domain-org ownership validation
  • Enable API key holders to fully manage domains programmatically

How to test?

API_KEY="xxxxxx"
ORG_ID="test-org"
BASE_URL="http://localhost:3003/v1"

# --- 1. Create a domain (PUT) ---
curl -s -X PUT "$BASE_URL/org/$ORG_ID/domain" \
  -H "Authorization: Bearer $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"type": "wildcard", "baseDomain": "test.example.com"}'
# Expected: 201 Created, response includes domainId

# --- 2. Get a domain (GET) ---
DOMAIN_ID="<domainId from step 1>"
curl -s "$BASE_URL/org/$ORG_ID/domain/$DOMAIN_ID" \
  -H "Authorization: Bearer $API_KEY"
# Expected: 200 OK, returns domain details

# --- 3. Get DNS records (GET) ---
curl -s "$BASE_URL/org/$ORG_ID/domain/$DOMAIN_ID/dns-records" \
  -H "Authorization: Bearer $API_KEY"
# Expected: 200 OK, returns array of DNS records

# --- 4. Update a domain (PATCH) ---
curl -s -X PATCH "$BASE_URL/org/$ORG_ID/domain/$DOMAIN_ID" \
  -H "Authorization: Bearer $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"preferWildcardCert": true}'
# Expected: 200 OK, returns updated domain

# --- 5. Restart a domain (POST) ---
curl -s -X POST "$BASE_URL/org/$ORG_ID/domain/$DOMAIN_ID/restart" \
  -H "Authorization: Bearer $API_KEY"
# Expected: 200 OK

# --- 6. Delete a domain (DELETE) ---
curl -s -X DELETE "$BASE_URL/org/$ORG_ID/domain/$DOMAIN_ID" \
  -H "Authorization: Bearer $API_KEY"
# Expected: 200 OK

# --- 7. Verify deletion (GET should return 404) ---
curl -s "$BASE_URL/org/$ORG_ID/domain/$DOMAIN_ID" \
  -H "Authorization: Bearer $API_KEY"
# Expected: 404 Not Found

# --- Security tests ---

# No auth → 401
curl -s "$BASE_URL/org/$ORG_ID/domain/$DOMAIN_ID"
# Expected: 401 Unauthorized

# Wrong org → 403
curl -s "$BASE_URL/org/wrong-org/domain/$DOMAIN_ID" \
  -H "Authorization: Bearer $API_KEY"
# Expected: 403 Forbidden

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ChanningHe