Least-privilege keys
Keys are hashed at rest, expire, can be CIDR-bound, and grant only explicitly selected read or write scopes.
MailDNS API v1
Manage verified domains, run bounded checks, retrieve findings, operate incidents, and configure signed webhooks through one tenant-scoped REST API. DMARC and TLS report resources are documented, while inbound aggregation remains a closed beta on this deployment.
curl --fail-with-body \
-H "Authorization: Bearer $MAILDNS_API_KEY" \
"https://getmaildns.com/api/v1/domains?limit=25"Keys are hashed at rest, expire, can be CIDR-bound, and grant only explicitly selected read or write scopes.
Every write requires a UUID Idempotency-Key, so a network retry cannot create a second domain or webhook.
Opaque cursors, bounded date ranges, export caps, and durable organization-wide limits keep automation predictable.
DNS observations, findings, incident transitions, and delivery outcomes preserve the evidence behind each result.
Web sessions never authenticate API v1. Create a key from the authenticated workspace, copy its one-time token, and send it as a Bearer credential from your server.
Choose only the scopes and CIDR ranges the integration needs. Tokens are shown once.
Use Authorization on every call. Cookies and browser sessions are intentionally ignored.
Attach a fresh UUID Idempotency-Key to POST, PATCH, and DELETE requests.
Read RateLimit headers, preserve opaque cursors, and honor Retry-After on 429 responses.
30 documented operations across the full monitoring workflow.
/organizationGet organization/domainsList domains/domainsCreate domain/domains/{domainId}Get domain/domains/{domainId}Update domain/domains/{domainId}Archive domain/domains/{domainId}/verifyVerify domain ownership/domains/{domainId}/verificationReplace verification challenge/domains/{domainId}/report-address/rotateRotate report address/domains/{domainId}/report-address/{addressId}/revokeRevoke previous report address/checksList check runs/checksRun a domain check/checks/{checkRunId}Get check run/findingsList findings/findings/{findingId}Get finding/incidentsList incidents/incidents/{incidentId}Get incident/incidents/{incidentId}Update incident state/reports/dmarcQuery DMARC analytics/reports/tlsQuery TLS report analytics/sending-sourcesList sending sources/sending-sources/exportExport sending sources/sending-sources/{sourceId}Get sending source/sending-sources/{sourceId}Review sending source/webhooksList webhooks/webhooksCreate webhook/webhooks/{endpointId}Get webhook/webhooks/{endpointId}Update webhook/webhooks/{endpointId}Delete webhook/webhooks/{endpointId}/secret/rotateRotate webhook secretCreating more keys cannot multiply either allowance. Every authenticated request consumes the same PostgreSQL-backed minute and UTC calendar-month budgets. Ordinary calls cost 1 unit, report analytics 5, and starting a check 25. Exhaustion returns 429 api_quota_exceeded; there is no automatic overage charge.
| Plan | Requests/minute | API units/month | Active keys | Check cooldown |
|---|---|---|---|---|
| Free | 20 | 2,000 | 1 | 15 minutes |
| Pro | 120 | 100,000 | 5 | 5 minutes |
| Agency | 300 | 1,000,000 | 25 | 2 minutes |