Programmatic domain verification
Instead of leveraging the Admin Portal, the Domain Verification API can be used to verify domains programmatically.
Integrating with the API goes as follows:
All domains belong to an organization. In order to create and verify a domain, an organization must first be created.
import { WorkOS } from '@workos-inc/node'; const workos = new WorkOS('sk_example_123456789'); // Creates a new organization. // You can also fetch an existing organization with workos.organizations.getOrganization(id) const organization = await workos.organizations.createOrganization({ name: 'Foo Corp', }); // Creates the organization domain const organizationDomain = await workos.organizationDomains.create({ organizationId: organization.id, domain: 'workos.com', });
{ "id": "org_domain_01HACSKJ57W8M2Q0N2X759C5HS", "organization_id": "org_123", "domain": "domain-to-verify.com", "state": "pending", "verification_token": "3CVZxo4HgvSiYRKlV4RdOWwWl", "verification_strategy": "dns" }
| curl https://api.workos.com/organization_domains \ | |
| --header "Authorization: Bearer sk_example_123456789" \ | |
| -d organization_id="org_123" \ | |
| -d domain="foo-corp.com" |
| import { WorkOS } from '@workos-inc/node'; | |
| const workos = new WorkOS('sk_example_123456789'); | |
| // Creates a new organization. | |
| // You can also fetch an existing organization with workos.organizations.getOrganization(id) | |
| const organization = await workos.organizations.createOrganization({ | |
| name: 'Foo Corp', | |
| }); | |
| // Creates the organization domain | |
| const organizationDomain = await workos.organizationDomains.create({ | |
| organizationId: organization.id, | |
| domain: 'workos.com', | |
| }); |
| package main | |
| import ( | |
| "context" | |
| "github.com/workos/workos-go/v4/pkg/organization_domains" | |
| "github.com/workos/workos-go/v4/pkg/organizations" | |
| ) | |
| func main() { | |
| organization_domains.SetAPIKey("sk_example_123456789") | |
| // Creates a new organization. | |
| organization, err := organizations.CreateOrganization( | |
| context.Background(), | |
| organizations.CreateOrganizationOpts{ | |
| Name: "Foo Corp", | |
| }, | |
| ) | |
| // Creates the organization domain | |
| organization_domains.CreateOrganizationDomain( | |
| context.Background(), | |
| organization_domains.CreateOrganizationDomainOpts{ | |
| OrganizationID: organization.ID, | |
| Domain: "workos.com", | |
| }, | |
| ) | |
| } |
| { | |
| "id": "org_domain_01HACSKJ57W8M2Q0N2X759C5HS", | |
| "organization_id": "org_123", | |
| "domain": "domain-to-verify.com", | |
| "state": "pending", | |
| "verification_token": "3CVZxo4HgvSiYRKlV4RdOWwWl", | |
| "verification_strategy": "dns" | |
| } |
The verification_token returned can then be set as the value of a TXT record that WorkOS will periodically check until the record is found. The TXT record for the above response example would be:
domain-to-verify.comverification_token=3CVZxo4HgvSiYRKlV4RdOWwWlFetch an existing domain and it’s current verification status. This endpoint can be polled once verification has been initiated to determine if verification has been successful.
import { WorkOS } from '@workos-inc/node'; const workos = new WorkOS('sk_example_123456789'); const organizationDomainId = 'org_domain_0123ABCD'; // Fetch the organization domain by Id const organizationDomain = await workos.organizationDomains.get(organizationDomainId); // Check organization state switch (organizationDomain) { case OrganizationDomainState.Verified: case OrganizationDomainState.Pending: case OrganizationDomainState.Failed: return; }
{ "id": "org_domain_01HACSKJ57W8M2Q0N2X759C5HS", "organization_id": "org_123", "domain": "domain-to-verify.com", "state": "verified", "verification_token": "3CVZxo4HgvSiYRKlV4RdOWwWl", "verification_strategy": "dns" }
| curl https://api.workos.com/organization_domains/org_domain_01EZTR5N6Y9RQKHK2E9F31KZX6 \ | |
| --header "Authorization: Bearer sk_example_123456789" |
| import { WorkOS } from '@workos-inc/node'; | |
| const workos = new WorkOS('sk_example_123456789'); | |
| const organizationDomainId = 'org_domain_0123ABCD'; | |
| // Fetch the organization domain by Id | |
| const organizationDomain = | |
| await workos.organizationDomains.get(organizationDomainId); | |
| // Check organization state | |
| switch (organizationDomain) { | |
| case OrganizationDomainState.Verified: | |
| case OrganizationDomainState.Pending: | |
| case OrganizationDomainState.Failed: | |
| return; | |
| } |
| package main | |
| import ( | |
| "context" | |
| "github.com/workos/workos-go/v4/pkg/organization_domains" | |
| ) | |
| func main() { | |
| organization_domains.SetAPIKey("sk_example_123456789") | |
| domain, err := organization_domains.GetOrganizationDomain( | |
| context.Background(), | |
| organization_domains.GetOrganizationDomainOpts{ | |
| DomainID: "org_domain_0123ABCD", | |
| }, | |
| ) | |
| } |
| { | |
| "id": "org_domain_01HACSKJ57W8M2Q0N2X759C5HS", | |
| "organization_id": "org_123", | |
| "domain": "domain-to-verify.com", | |
| "state": "verified", | |
| "verification_token": "3CVZxo4HgvSiYRKlV4RdOWwWl", | |
| "verification_strategy": "dns" | |
| } |
Possible state values:
pending: domain verification has been initiated and not yet completedverified: domain has been verifiedfailed: domain was not able to be verifiedPossible verification_strategy values:
dns: domain is verified with the DNS flowmanual: domain is verified by a person or a system, without running the DNS flowIf a domain has not successfully verified within thirty days and moves to the failed state, verification can be restarted manually.
import { WorkOS } from '@workos-inc/node'; const workos = new WorkOS('sk_example_123456789'); const organizationDomainId = 'org_domain_01EZTR5N6Y9RQKHK2E9F31KZX6'; // Initiate verification by Organization Domain ID const organizationDomainVerifying = await workos.organizationDomains.verify(organizationDomainId);
{ "id": "org_domain_01HACSKJ57W8M2Q0N2X759C5HS", "organization_id": "org_123", "domain": "domain-to-verify.com", "state": "pending", "verification_token": "3CVZxo4HgvSiYRKlV4RdOWwWl", "verification_strategy": "dns" }
| curl https://api.workos.com/organization_domains/org_domain_01EZTR5N6Y9RQKHK2E9F31KZX6/verify \ | |
| --header "Authorization: Bearer sk_example_123456789" |
| import { WorkOS } from '@workos-inc/node'; | |
| const workos = new WorkOS('sk_example_123456789'); | |
| const organizationDomainId = 'org_domain_01EZTR5N6Y9RQKHK2E9F31KZX6'; | |
| // Initiate verification by Organization Domain ID | |
| const organizationDomainVerifying = | |
| await workos.organizationDomains.verify(organizationDomainId); |
| package main | |
| import ( | |
| "context" | |
| "github.com/workos/workos-go/v4/pkg/organization_domains" | |
| ) | |
| func main() { | |
| organization_domains.SetAPIKey("sk_example_123456789") | |
| domain, err := organization_domains.GetOrganizationDomain( | |
| context.Background(), | |
| organization_domains.VerifyOrganizationDomainsOpts{ | |
| DomainID: "org_domain_01EZTR5N6Y9RQKHK2E9F31KZX6", | |
| }, | |
| ) | |
| } |
| { | |
| "id": "org_domain_01HACSKJ57W8M2Q0N2X759C5HS", | |
| "organization_id": "org_123", | |
| "domain": "domain-to-verify.com", | |
| "state": "pending", | |
| "verification_token": "3CVZxo4HgvSiYRKlV4RdOWwWl", | |
| "verification_strategy": "dns" | |
| } |