Domains API
API reference for managing sending domains, DNS verification, and domain health in Taifa Mail.
Base URL: https://govconnect.ke/v1
All endpoints require authentication via API Key or JWT cookie. API keys are passed as Authorization: Bearer tfm_k_....
List domains
Returns all domains visible to the authenticated account.
Response:
Domain statuses
| Status | Meaning |
|---|---|
pending | Domain added but DNS records not yet verified. |
verified | All required DNS records are correctly configured. |
failed | Verification ran but one or more records are missing or incorrect. |
Create a domain
Registers a new sending domain. Taifa Mail generates DKIM keys and the DNS records you must publish.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | The domain name. A pasted URL has its scheme, path, and port stripped automatically. |
Response (201 Created):
Each DNS record carries a purpose (verification, spf, dkim, dmarc, return_path) and an is_verified flag.
DNS propagation can take up to 48 hours, though most records propagate within minutes. You can trigger verification multiple times while waiting.
Check domain availability
Checks whether a domain is free to claim on this account by inspecting public taifa-verify TXT records.
Query parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
name | string | Yes | The domain name to check. |
Response:
When available is false, reason is one of already_on_this_account, in_use_by_other_account, or stale_records_detected.
Check a domain by name
Quick lookup of whether a domain is registered and verified on this account.
Response:
If the domain is not registered, the response is { "exists": false, "verified": false, "domain": "..." }.
Get domain details
Returns domain details including all DNS records and their verification state. The response shape matches the create response.
Verify a domain
Triggers DNS record verification. Taifa Mail checks all required records and updates each is_verified flag. The domain status becomes verified only when all records pass.
Response: the full domain object (same shape as create), with updated status and per-record is_verified flags.
If verification fails, inspect the is_verified field on each dns_records entry to find the record that needs attention. Common issues include trailing dots, extra spaces, or conflicting existing records.
Rotate DKIM keys
Generates a new DKIM key pair and returns the new DNS record value to publish.
Response:
Diagnose DNS issues
Detects DNS problems and returns actionable diagnostics plus a health score.
Response:
Domain health
Returns a consolidated verdict for each DNS check (DKIM, SPF, DMARC, bounce routing, MX) with a plain-language recommendation.
Response:
Each check status is one of ok, warn, error, or info.
MX status
Checks the domain's MX records, used for inbound email forwarding.
Response:
Detect DNS provider
Detects the domain's DNS provider via an NS record lookup.
Response:
Domain Connect URL
Returns a signed Domain Connect apply URL. Redirect the user to this URL; their registrar shows a summary of the DNS records to be added and an Authorize button.
Response:
Returns 400 if the domain has no DNS records, or 503 if Domain Connect is not configured.
Delete a domain
Removes a domain from the account. Returns 204 No Content with no body.
Deleting a domain immediately prevents sending from any address on that domain. This action cannot be undone.
Transfer a domain
To move a domain to another account or workspace instead of deleting it, use the Domain Transfers API. A transfer carries the domain's senders, forwards and inbox routing to the new owner after a two-sided handshake and a 24-hour safety window.