API reference

The complete dnswiz HTTP API. New to it? Start with the Quickstart, it walks the create-zone → add-record → verify thread end to end.

Example requests below assume $DNSWIZ_API_KEY is exported. Mint one in console → Settings → API keys.

Auth & conventions

Base URL. https://api.dnswiz.app in prod, http://localhost:8787 for local dev.
Auth. Bearer token in Authorization. Two kinds: session tokens from POST /v1/auth/verify and API keys minted at /v1/api-keys (prefix dnswiz_).
Errors. RFC 7807 problem+json; the type URI links to an error doc.
Lists. Cursor pagination, envelope { items, next_cursor }.
Mutations. Accept Idempotency-Key.

auth

POST /v1/auth/send

Send a magic-link sign-in email.

Request body

object

Responses

Status	Description	Schema
`200`	link sent (always 200, no enumeration leak)	`object`
`default`	Problem

Example request

curl -X POST https://api.dnswiz.app/v1/auth/send

POST /v1/auth/verify

Verify a magic-link token and start a session.

If the email is new, a tenant is auto-created with the user as owner and a sample zone is seeded. If the email exists, a session is attached to the existing tenant.

Request body

object

Responses

Status	Description	Schema
`200`	session created	`object`
`default`	Problem

Example request

curl -X POST https://api.dnswiz.app/v1/auth/verify

POST /v1/auth/logout

Revoke the current session.

Responses

Status	Description	Schema
`204`	revoked
`default`	Problem

Example request

curl -X POST https://api.dnswiz.app/v1/auth/logout \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

me

GET /v1/me

Get the current user, tenant, plan, usage, and onboarding state.

Responses

Status	Description	Schema
`200`	profile	`Me`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/me \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

GET /v1/me/dashboard

Workspace cockpit, vital signs, top names/zones, certs, incidents.

Responses

Status	Description	Schema
`200`	dashboard payload	`Dashboard`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/me/dashboard \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

GET /v1/me/incidents

Recent endpoint incidents + 30-day summary.

Responses

Status	Description	Schema
`200`	incidents	`IncidentsSummary`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/me/incidents \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

GET /v1/me/export

Download every zone + record as a zonefile/JSON bundle.

Responses

Status	Description	Schema
`200`	tarball
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/me/export \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

DELETE /v1/me/tenant

Soft-delete the workspace (30-day grace, then purged).

Requires sudo and a name-match confirmation in the body. The soft-delete cancels Stripe subscriptions immediately and starts the 30-day purge clock.

Parameters

Name	In	Type	Required
`Idempotency-Key`	header	`string`	no

Request body

object

Responses

Status	Description	Schema
`204`	deleted (soft)
`default`	Problem

Example request

curl -X DELETE https://api.dnswiz.app/v1/me/tenant \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

plans

GET /v1/plans

List public pricing tiers.

Responses

Status	Description	Schema
`200`	plans	`Plan[]`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/plans

zones

GET /v1/zones

List zones.

Parameters

Name	In	Type	Required
`cursor`	query	`string`	no
`limit`	query	`integer`	no

Responses

Status	Description	Schema
`200`	page of zones	`ZonePage`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/zones \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

POST /v1/zones

Create a zone.

Parameters

Name	In	Type	Required
`Idempotency-Key`	header	`string`	no

Request body

ZoneCreate

Responses

Status	Description	Schema
`201`	created	`Zone`
`default`	Problem

Example request

curl -X POST https://api.dnswiz.app/v1/zones \
  -H "Authorization: Bearer $DNSWIZ_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
       "name": "example.com"
     }'

Example response

{
  "id": "a1b2c3d4-0000-0000-0000-000000000000",
  "name": "example.com.",
  "active": true,
  "created_at": "2026-05-28T09:00:00Z",
  "updated_at": "2026-05-28T09:00:00Z"
}

GET /v1/zones/{zone_id}

Get a zone.

Responses

Status	Description	Schema
`200`	zone	`Zone`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/zones/{zone_id} \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

Example response

{
  "id": "a1b2c3d4-0000-0000-0000-000000000000",
  "name": "example.com.",
  "active": true,
  "created_at": "2026-05-28T09:00:00Z",
  "updated_at": "2026-05-28T09:00:00Z"
}

DELETE /v1/zones/{zone_id}

Delete a zone.

Parameters

Name	In	Type	Required
`Idempotency-Key`	header	`string`	no

Responses

Status	Description	Schema
`204`	deleted
`default`	Problem

Example request

curl -X DELETE https://api.dnswiz.app/v1/zones/{zone_id} \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

GET /v1/zones/{zone_id}/health

Zone health score (gauge + sub-scores).

Responses

Status	Description	Schema
`200`	health	`ZoneHealth`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/zones/{zone_id}/health \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

records

GET /v1/zones/{zone_id}/records

List records in a zone.

Parameters

Name	In	Type	Required
`cursor`	query	`string`	no
`limit`	query	`integer`	no

Responses

Status	Description	Schema
`200`	page of records	`RecordPage`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/zones/{zone_id}/records \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

POST /v1/zones/{zone_id}/records

Create a record.

Parameters

Name	In	Type	Required
`Idempotency-Key`	header	`string`	no

Request body

RecordCreate

Responses

Status	Description	Schema
`201`	created	`Record`
`default`	Problem

Example request

curl -X POST https://api.dnswiz.app/v1/zones/{zone_id}/records \
  -H "Authorization: Bearer $DNSWIZ_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
       "name": "www",
       "type": "A",
       "ttl": 300,
       "data": {
         "value": "203.0.113.10"
       }
     }'

Example response

{
  "id": "11111111-0000-0000-0000-000000000000",
  "zone_id": "a1b2c3d4-0000-0000-0000-000000000000",
  "name": "www",
  "type": "A",
  "ttl": 300,
  "data": {
    "value": "203.0.113.10"
  },
  "created_at": "2026-05-28T09:01:00Z",
  "updated_at": "2026-05-28T09:01:00Z"
}

GET /v1/records/{record_id}

Get a record.

Responses

Status	Description	Schema
`200`	record	`Record`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/records/{record_id} \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

Example response

{
  "id": "11111111-0000-0000-0000-000000000000",
  "zone_id": "a1b2c3d4-0000-0000-0000-000000000000",
  "name": "www",
  "type": "A",
  "ttl": 300,
  "data": {
    "value": "203.0.113.10"
  },
  "created_at": "2026-05-28T09:01:00Z",
  "updated_at": "2026-05-28T09:01:00Z"
}

PATCH /v1/records/{record_id}

Update a record.

Parameters

Name	In	Type	Required
`Idempotency-Key`	header	`string`	no

Request body

RecordUpdate

Responses

Status	Description	Schema
`200`	updated	`Record`
`default`	Problem

Example request

curl -X PATCH https://api.dnswiz.app/v1/records/{record_id} \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

Example response

{
  "id": "11111111-0000-0000-0000-000000000000",
  "zone_id": "a1b2c3d4-0000-0000-0000-000000000000",
  "name": "www",
  "type": "A",
  "ttl": 300,
  "data": {
    "value": "203.0.113.10"
  },
  "created_at": "2026-05-28T09:01:00Z",
  "updated_at": "2026-05-28T09:01:00Z"
}

DELETE /v1/records/{record_id}

Delete a record.

Parameters

Name	In	Type	Required
`Idempotency-Key`	header	`string`	no

Responses

Status	Description	Schema
`204`	deleted
`default`	Problem

Example request

curl -X DELETE https://api.dnswiz.app/v1/records/{record_id} \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

POST /v1/records/{record_id}/test

Live-dig, resolve the record from the dnswiz edge fleet and return raw answers.

Responses

Status	Description	Schema
`200`	dig result	`LiveDig`
`default`	Problem

Example request

curl -X POST https://api.dnswiz.app/v1/records/{record_id}/test \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

POST /v1/records/{record_id}/canary/abort

Snap a CANARY record back to its primary (set ramp to 0%).

Responses

Status	Description	Schema
`200`	aborted	`Record`
`default`	Problem

Example request

curl -X POST https://api.dnswiz.app/v1/records/{record_id}/canary/abort \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

Example response

{
  "id": "11111111-0000-0000-0000-000000000000",
  "zone_id": "a1b2c3d4-0000-0000-0000-000000000000",
  "name": "www",
  "type": "A",
  "ttl": 300,
  "data": {
    "value": "203.0.113.10"
  },
  "created_at": "2026-05-28T09:01:00Z",
  "updated_at": "2026-05-28T09:01:00Z"
}

POST /v1/records/{record_id}/canary/resume

Resume a paused CANARY record from its current percentage.

Responses

Status	Description	Schema
`200`	resumed	`Record`
`default`	Problem

Example request

curl -X POST https://api.dnswiz.app/v1/records/{record_id}/canary/resume \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

Example response

{
  "id": "11111111-0000-0000-0000-000000000000",
  "zone_id": "a1b2c3d4-0000-0000-0000-000000000000",
  "name": "www",
  "type": "A",
  "ttl": 300,
  "data": {
    "value": "203.0.113.10"
  },
  "created_at": "2026-05-28T09:01:00Z",
  "updated_at": "2026-05-28T09:01:00Z"
}

pools

GET /v1/pools

List pools.

Parameters

Name	In	Type	Required
`cursor`	query	`string`	no
`limit`	query	`integer`	no

Responses

Status	Description	Schema
`200`	page of pools	`PoolPage`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/pools \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

POST /v1/pools

Create a pool.

Parameters

Name	In	Type	Required
`Idempotency-Key`	header	`string`	no

Request body

PoolCreate

Responses

Status	Description	Schema
`201`	created	`Pool`
`default`	Problem

Example request

curl -X POST https://api.dnswiz.app/v1/pools \
  -H "Authorization: Bearer $DNSWIZ_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
       "name": "api-us-east",
       "selection_method": "active-passive"
     }'

GET /v1/pools/{id}

Get a pool with its members.

Responses

Status	Description	Schema
`200`	pool	`Pool`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/pools/{id} \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

PATCH /v1/pools/{id}

Update pool name or selection method.

Request body

PoolCreate

Responses

Status	Description	Schema
`200`	updated	`Pool`
`default`	Problem

Example request

curl -X PATCH https://api.dnswiz.app/v1/pools/{id} \
  -H "Authorization: Bearer $DNSWIZ_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
       "name": "api-us-east",
       "selection_method": "active-passive"
     }'

DELETE /v1/pools/{id}

Delete a pool. Fails (409) if any record still references it.

Responses

Status	Description	Schema
`204`	deleted
`default`	Problem

Example request

curl -X DELETE https://api.dnswiz.app/v1/pools/{id} \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

POST /v1/pools/{id}/members

Attach an existing endpoint as a pool member.

Request body

object

Responses

Status	Description	Schema
`201`	attached	`PoolMember`
`default`	Problem

Example request

curl -X POST https://api.dnswiz.app/v1/pools/{id}/members \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

PATCH /v1/pools/{id}/members/{member_id}

Update member weight or priority.

Request body

object

Responses

Status	Description	Schema
`200`	updated	`PoolMember`
`default`	Problem

Example request

curl -X PATCH https://api.dnswiz.app/v1/pools/{id}/members/{member_id} \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

DELETE /v1/pools/{id}/members/{member_id}

Detach a member from a pool.

Responses

Status	Description	Schema
`204`	detached
`default`	Problem

Example request

curl -X DELETE https://api.dnswiz.app/v1/pools/{id}/members/{member_id} \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

PATCH /v1/pools/{id}/members/{member_id}/enabled

Flip member enabled (drain / un-drain without deleting).

Request body

object

Responses

Status	Description	Schema
`200`	updated	`PoolMember`
`default`	Problem

Example request

curl -X PATCH https://api.dnswiz.app/v1/pools/{id}/members/{member_id}/enabled \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

endpoints

GET /v1/endpoints

List health-checked endpoints.

Parameters

Name	In	Type	Required
`cursor`	query	`string`	no
`limit`	query	`integer`	no

Responses

Status	Description	Schema
`200`	page of endpoints	`EndpointPage`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/endpoints \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

POST /v1/endpoints

Create an endpoint.

Parameters

Name	In	Type	Required
`Idempotency-Key`	header	`string`	no

Request body

EndpointCreate

Responses

Status	Description	Schema
`201`	created	`Endpoint`
`default`	Problem

Example request

curl -X POST https://api.dnswiz.app/v1/endpoints \
  -H "Authorization: Bearer $DNSWIZ_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
       "name": "api-us-east-1",
       "kind": "https",
       "target": "https://api-us-east.example.com/healthz",
       "value": "203.0.113.10",
       "expected_status": 200
     }'

GET /v1/endpoints/{id}

Get an endpoint with current health + recent incidents.

Responses

Status	Description	Schema
`200`	endpoint	`Endpoint`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/endpoints/{id} \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

PATCH /v1/endpoints/{id}

Update an endpoint.

Request body

EndpointCreate

Responses

Status	Description	Schema
`200`	updated	`Endpoint`
`default`	Problem

Example request

curl -X PATCH https://api.dnswiz.app/v1/endpoints/{id} \
  -H "Authorization: Bearer $DNSWIZ_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
       "name": "api-us-east-1",
       "kind": "https",
       "target": "https://api-us-east.example.com/healthz",
       "value": "203.0.113.10",
       "expected_status": 200
     }'

DELETE /v1/endpoints/{id}

Delete an endpoint (also removes pool memberships).

Responses

Status	Description	Schema
`204`	deleted
`default`	Problem

Example request

curl -X DELETE https://api.dnswiz.app/v1/endpoints/{id} \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

health-monitors

GET /v1/health-monitors

List reusable probe policies.

Responses

Status	Description	Schema
`200`	monitors	`HealthMonitor[]`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/health-monitors \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

POST /v1/health-monitors

Create a named monitor (interval/timeout/thresholds/expected status).

Parameters

Name	In	Type	Required
`Idempotency-Key`	header	`string`	no

Request body

HealthMonitorCreate

Responses

Status	Description	Schema
`201`	created	`HealthMonitor`
`default`	Problem

Example request

curl -X POST https://api.dnswiz.app/v1/health-monitors \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

PATCH /v1/health-monitors/{id}

Update a monitor (changes propagate to every attached endpoint on next probe tick).

Request body

HealthMonitorCreate

Responses

Status	Description	Schema
`200`	updated	`HealthMonitor`
`default`	Problem

Example request

curl -X PATCH https://api.dnswiz.app/v1/health-monitors/{id} \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

DELETE /v1/health-monitors/{id}

Delete a monitor. Endpoints that referenced it fall back to defaults.

Responses

Status	Description	Schema
`204`	deleted
`default`	Problem

Example request

curl -X DELETE https://api.dnswiz.app/v1/health-monitors/{id} \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

policies

GET /v1/me/policies

List tenant-default policies (apply across every zone unless overridden).

Responses

Status	Description	Schema
`200`	policies	`Policy[]`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/me/policies \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

PATCH /v1/me/policies/{kind}

Update a tenant-default policy (enable/disable, set config).

Request body

PolicyUpdate

Responses

Status	Description	Schema
`200`	updated	`Policy`
`default`	Problem

Example request

curl -X PATCH https://api.dnswiz.app/v1/me/policies/{kind} \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

GET /v1/zones/{zone_id}/security

List per-zone policies (firewall, hijack monitor) with their effective config.

Responses

Status	Description	Schema
`200`	policies	`Policy[]`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/zones/{zone_id}/security \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

PATCH /v1/zones/{zone_id}/security/{kind}

Update a per-zone policy (overrides tenant default).

Request body

PolicyUpdate

Responses

Status	Description	Schema
`200`	updated	`Policy`
`default`	Problem

Example request

curl -X PATCH https://api.dnswiz.app/v1/zones/{zone_id}/security/{kind} \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

GET /v1/zones/{zone_id}/security/hijack-probes

Recent hijack-probe results (every 5 min from 8 public resolvers).

Responses

Status	Description	Schema
`200`	probes	`HijackProbe[]`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/zones/{zone_id}/security/hijack-probes \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

certs

GET /v1/certs

List cert issuances (audit ledger).

Parameters

Name	In	Type	Required
`cursor`	query	`string`	no
`limit`	query	`integer`	no

Responses

Status	Description	Schema
`200`	page of issuances	`CertIssuancePage`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/certs \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

POST /v1/certs/issue

Issue (or re-issue) a TLS cert via ACME DNS-01. Returns the signed cert + chain.

The client generates the private key locally and submits a CSR. dnswiz solves the DNS-01 challenge against its own authoritative zones, returns cert+chain. Private key is never seen server-side.

Parameters

Name	In	Type	Required
`Idempotency-Key`	header	`string`	no

Request body

CertIssueRequest

Responses

Status	Description	Schema
`200`	issued	`CertIssueResponse`
`default`	Problem

Example request

curl -X POST https://api.dnswiz.app/v1/certs/issue \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

GET /v1/certs/coverage

Names that resolve to a public IP but have no covering TLS cert (gap detector).

Responses

Status	Description	Schema
`200`	coverage	`CertCoverage`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/certs/coverage \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

GET /v1/certs/{id}

Get a cert issuance (status, expiry, last_error).

Responses

Status	Description	Schema
`200`	issuance	`CertIssuance`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/certs/{id} \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

firewall

GET /v1/me/firewall/refused

Live ring buffer of recent firewall refusals (in-memory, ~1h, ≤200/tenant).

Parameters

Name	In	Type	Required
`limit`	query	`integer`	no

Responses

Status	Description	Schema
`200`	refusals, newest first	`object`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/me/firewall/refused \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

insights

GET /v1/zones/{zone_id}/insights

Query stats, top names, latency, refused-rcode breakdown for a zone.

Parameters

Name	In	Type	Required
`range`	query	`string (24h \| 7d \| 30d \| 90d)`	no

Responses

Status	Description	Schema
`200`	insights payload	`Insights`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/zones/{zone_id}/insights \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

notifications

GET /v1/notifications

List notification channels (email, slack, webhook).

Responses

Status	Description	Schema
`200`	channels	`NotificationChannel[]`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/notifications \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

POST /v1/notifications

Create a notification channel.

Parameters

Name	In	Type	Required
`Idempotency-Key`	header	`string`	no

Request body

NotificationChannelCreate

Responses

Status	Description	Schema
`201`	created	`NotificationChannel`
`default`	Problem

Example request

curl -X POST https://api.dnswiz.app/v1/notifications \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

PATCH /v1/notifications/{id}

Update a notification channel.

Request body

NotificationChannelCreate

Responses

Status	Description	Schema
`200`	updated	`NotificationChannel`
`default`	Problem

Example request

curl -X PATCH https://api.dnswiz.app/v1/notifications/{id} \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

DELETE /v1/notifications/{id}

Delete a notification channel.

Responses

Status	Description	Schema
`204`	deleted
`default`	Problem

Example request

curl -X DELETE https://api.dnswiz.app/v1/notifications/{id} \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

team

GET /v1/team/members

List workspace members.

Responses

Status	Description	Schema
`200`	members	`Member[]`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/team/members \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

PATCH /v1/team/members/{user_id}

Change a member's role.

Request body

object

Responses

Status	Description	Schema
`200`	updated	`Member`
`default`	Problem

Example request

curl -X PATCH https://api.dnswiz.app/v1/team/members/{user_id} \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

DELETE /v1/team/members/{user_id}

Remove a member from the workspace.

Responses

Status	Description	Schema
`204`	removed
`default`	Problem

Example request

curl -X DELETE https://api.dnswiz.app/v1/team/members/{user_id} \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

GET /v1/team/invitations

List pending invitations.

Responses

Status	Description	Schema
`200`	invitations	`Invitation[]`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/team/invitations \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

POST /v1/team/invitations

Invite someone by email.

Parameters

Name	In	Type	Required
`Idempotency-Key`	header	`string`	no

Request body

object

Responses

Status	Description	Schema
`201`	invited	`Invitation`
`default`	Problem

Example request

curl -X POST https://api.dnswiz.app/v1/team/invitations \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

DELETE /v1/team/invitations/{id}

Revoke a pending invitation.

Responses

Status	Description	Schema
`204`	revoked
`default`	Problem

Example request

curl -X DELETE https://api.dnswiz.app/v1/team/invitations/{id} \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

billing

POST /v1/me/billing/checkout

Start a Stripe Checkout session for a plan upgrade.

Request body

object

Responses

Status	Description	Schema
`200`	redirect target	`object`
`default`	Problem

Example request

curl -X POST https://api.dnswiz.app/v1/me/billing/checkout \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

POST /v1/me/billing/portal

Start a Stripe Customer Portal session.

Responses

Status	Description	Schema
`200`	redirect target	`object`
`default`	Problem

Example request

curl -X POST https://api.dnswiz.app/v1/me/billing/portal \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

api-keys

GET /v1/api-keys

List API keys.

Parameters

Name	In	Type	Required
`cursor`	query	`string`	no
`limit`	query	`integer`	no

Responses

Status	Description	Schema
`200`	page of api keys	`ApiKeyPage`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/api-keys \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

POST /v1/api-keys

Create an API key (returns plaintext exactly once).

Parameters

Name	In	Type	Required
`Idempotency-Key`	header	`string`	no

Request body

ApiKeyCreate

Responses

Status	Description	Schema
`201`	created	`ApiKeyWithSecret`
`default`	Problem

Example request

curl -X POST https://api.dnswiz.app/v1/api-keys \
  -H "Authorization: Bearer $DNSWIZ_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
       "name": "ci-runner",
       "scopes": []
     }'

audit

GET /v1/audit

List audit events.

Parameters

Name	In	Type	Required
`cursor`	query	`string`	no
`limit`	query	`integer`	no
`resource`	query	`string`	no
`action`	query	`string`	no

Responses

Status	Description	Schema
`200`	page of audit events	`AuditEventPage`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/audit \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

public

POST /v1/public/check

Free failover-readiness checker, paste a hostname, get a DNS + latency audit + score.

Request body

object

Responses

Status	Description	Schema
`200`	audit result	`ReadinessCheck`
`default`	Problem

Example request

curl -X POST https://api.dnswiz.app/v1/public/check

system-settings

GET /healthz

Liveness probe.

Responses

Status	Description	Schema
`200`	alive	`object`

Example request

curl https://api.dnswiz.app/healthz

GET /readyz

Readiness probe (DB reachable).

Responses

Status	Description	Schema
`200`	ready
`503`	not ready

Example request

curl https://api.dnswiz.app/readyz

GET /v1/system-settings

Get all system settings (admin-only). Secret values are masked.

Responses

Status	Description	Schema
`200`	settings	`Setting[]`
`default`	Problem

Example request

curl https://api.dnswiz.app/v1/system-settings \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

PUT /v1/system-settings/{key}

Upsert a system setting (admin-only).

Parameters

Name	In	Type	Required
`Idempotency-Key`	header	`string`	no

Request body

SettingUpsert

Responses

Status	Description	Schema
`200`	upserted	`Setting`
`default`	Problem

Example request

curl -X PUT https://api.dnswiz.app/v1/system-settings/{key} \
  -H "Authorization: Bearer $DNSWIZ_API_KEY"

Schemas

Object shapes referenced by the operations above.

ApiKey

Field	Type	Required
`id`	`string <uuid>`	yes
`name`	`string`	yes
`prefix`	`string`	yes
`scopes`	`string[]`	yes
`last_used_at`	`string <date-time>`	no
`expires_at`	`string <date-time>`	no
`revoked_at`	`string <date-time>`	no
`created_at`	`string <date-time>`	yes

ApiKeyCreate

Field	Type	Required
`name`	`string`	yes
`scopes`	`string[]`	no
`expires_at`	`string <date-time>`	no

ApiKeyPage

Field	Type	Required
`items`	`ApiKey[]`	yes
`next_cursor`	`string`	yes

ApiKeyWithSecret

AuditEvent

Field	Type	Required
`id`	`integer <int64>`	yes
`user_id`	`string <uuid>`	no
`request_id`	`string`	no
`resource`	`string`	yes
`resource_id`	`string <uuid>`	no
`action`	`string`	yes
`before`	`object`	no
`after`	`object`	no
`occurred_at`	`string <date-time>`	yes

AuditEventPage

Field	Type	Required
`items`	`AuditEvent[]`	yes
`next_cursor`	`string`	yes

CertCoverage

Field	Type	Required
`total_names`	`integer`	yes
`covered_names`	`integer`	yes
`gaps`	`CertCoverageGap[]`	yes

CertCoverageGap

Field	Type	Required
`name`	`string`	yes
`record_type`	`string`	yes
`zone_id`	`string <uuid>`	no
`zone_name`	`string`	no

CertIssuance

Field	Type	Required
`id`	`string <uuid>`	yes
`name`	`string`	yes
`status`	`string (pending \| issued \| failed \| revoked)`	yes
`expires_at`	`string <date-time>`	no
`fingerprint`	`string`	no
`last_error`	`string`	no
`issued_at`	`string <date-time>`	no
`created_at`	`string <date-time>`	no

CertIssuancePage

Field	Type	Required
`items`	`CertIssuance[]`	yes
`next_cursor`	`string`	yes

CertIssueRequest

Field	Type	Required
`csr_pem`	`string`	yes

CertIssueResponse

Field	Type	Required
`issuance_id`	`string <uuid>`	yes
`cert_pem`	`string`	yes
`chain_pem`	`string`	yes
`expires_at`	`string <date-time>`	no

Dashboard

Workspace cockpit payload. The response is wide and may gain fields over time; the stable, documented ones are below.

Field	Type	Required
`live_qps`	`number`	no
`queries_today`	`integer <int64>`	no
`queries_yesterday`	`integer <int64>`	no
`queries_month`	`integer <int64>`	no
`downtime_prevented_sec`	`integer <int64>`	no
`incidents_count_30d`	`integer`	no
`zones_healthy`	`integer`	no
`zones_total`	`integer`	no
`top_names_24h`	`object[]`	no
`countries_24h`	`object[]`	no
`certs`	`object`	no
`generated_at`	`string <date-time>`	no

Endpoint

Field	Type	Required
`id`	`string <uuid>`	yes
`name`	`string`	yes
`kind`	`string (http \| https \| tcp)`	yes
`target`	`string`	yes
`value`	`string`	no
`host`	`string`	no
`port`	`integer`	no
`expected_status`	`integer`	no
`interval_seconds`	`integer`	no
`timeout_seconds`	`integer`	no
`healthy_after`	`integer`	no
`unhealthy_after`	`integer`	no
`health_monitor_id`	`string <uuid>`	no
`health`	`object`	no
`created_at`	`string <date-time>`	no
`updated_at`	`string <date-time>`	no

EndpointCreate

Field	Type	Required
`name`	`string`	yes
`kind`	`string (http \| https \| tcp)`	yes
`target`	`string`	yes
`value`	`string`	no
`host`	`string`	no
`port`	`integer`	no
`expected_status`	`integer`	no
`interval_seconds`	`integer`	no
`timeout_seconds`	`integer`	no
`healthy_after`	`integer`	no
`unhealthy_after`	`integer`	no
`health_monitor_id`	`string <uuid>`	no

EndpointPage

Field	Type	Required
`items`	`Endpoint[]`	yes
`next_cursor`	`string`	yes

HealthMonitor

Field	Type	Required
`id`	`string <uuid>`	yes
`name`	`string`	yes
`kind`	`string (http \| https \| tcp \| udp)`	yes
`path`	`string`	no
`expected_status`	`integer`	no
`interval_seconds`	`integer`	no
`timeout_seconds`	`integer`	no
`healthy_after`	`integer`	no
`unhealthy_after`	`integer`	no

HealthMonitorCreate

Field	Type	Required
`name`	`string`	yes
`kind`	`string (http \| https \| tcp \| udp)`	yes
`path`	`string`	no
`expected_status`	`integer`	no
`interval_seconds`	`integer`	no
`timeout_seconds`	`integer`	no
`healthy_after`	`integer`	no
`unhealthy_after`	`integer`	no

HijackProbe

Field	Type	Required
`id`	`string <uuid>`	yes
`probed_at`	`string <date-time>`	yes
`resolver`	`string`	yes
`qname`	`string`	yes
`qtype`	`string`	yes
`expected`	`string`	no
`observed`	`string`	no
`diverged`	`boolean`	yes
`err`	`string`	no

IncidentsSummary

Field	Type	Required
`items`	`object[]`	yes
`summary`	`object`	yes

Insights

Per-zone insights payload. Wide and evolving, only the always-present fields are listed.

Field	Type	Required
`range`	`string (24h \| 7d \| 30d \| 90d)`	no
`total`	`integer <int64>`	no
`timeseries`	`object[]`	no
`top_names`	`object[]`	no
`rcodes`	`object`	no
`latency`	`object`	no

Invitation

Field	Type	Required
`id`	`string <uuid>`	yes
`email`	`string <email>`	yes
`role`	`string (owner \| admin \| member)`	yes
`created_at`	`string <date-time>`	no
`expires_at`	`string <date-time>`	yes

LiveDig

Field	Type	Required
`name`	`string`	yes
`type`	`string`	yes
`answers`	`string[]`	yes
`rcode`	`string`	no
`elapsed_ms`	`integer`	no

Me

Field	Type	Required
`user`	`object`	yes
`tenant`	`object`	yes
`plan`	`Plan`	yes
`usage`	`object`	yes
`onboarding`	`object`	yes

Member

Field	Type	Required
`user_id`	`string <uuid>`	yes
`email`	`string <email>`	yes
`role`	`string (owner \| admin \| member)`	yes
`joined_at`	`string <date-time>`	no

NotificationChannel

Field	Type	Required
`id`	`string <uuid>`	yes
`name`	`string`	yes
`kind`	`string (email \| slack \| webhook)`	yes
`config`	`object`	no
`enabled`	`boolean`	yes
`created_at`	`string <date-time>`	no

NotificationChannelCreate

Field	Type	Required
`name`	`string`	yes
`kind`	`string (email \| slack \| webhook)`	yes
`config`	`object`	yes
`enabled`	`boolean`	no

Plan

Field	Type	Required
`id`	`string (free \| pro \| business \| enterprise)`	yes
`display_name`	`string`	yes
`monthly_price_cents`	`integer`	no
`yearly_price_cents`	`integer`	no
`max_zones`	`integer`	yes
`max_records_per_zone`	`integer`	yes
`included_monthly_queries`	`integer <int64>`	yes
`gslb_enabled`	`boolean`	yes
`sso_enabled`	`boolean`	yes
`audit_export_enabled`	`boolean`	yes
`byok_enabled`	`boolean`	yes
`is_enterprise`	`boolean`	yes

Policy

Field	Type	Required
`kind`	`string (hijack_monitor \| query_firewall)`	yes
`enabled`	`boolean`	yes
`config`	`object`	yes

PolicyUpdate

Field	Type	Required
`enabled`	`boolean`	no
`config`	`object`	no

Pool

Field	Type	Required
`id`	`string <uuid>`	yes
`name`	`string`	yes
`selection_method`	`string (weighted \| active-passive \| round-robin)`	yes
`members`	`PoolMember[]`	no
`created_at`	`string <date-time>`	no
`updated_at`	`string <date-time>`	no

PoolCreate

Field	Type	Required
`name`	`string`	yes
`selection_method`	`string (weighted \| active-passive \| round-robin)`	yes

PoolMember

Field	Type	Required
`id`	`string <uuid>`	yes
`pool_id`	`string <uuid>`	yes
`endpoint_id`	`string <uuid>`	yes
`weight`	`integer`	no
`priority`	`integer`	no
`enabled`	`boolean`	no

PoolPage

Field	Type	Required
`items`	`Pool[]`	yes
`next_cursor`	`string`	yes

Problem

Field	Type	Required
`type`	`string <uri>`	yes
`title`	`string`	yes
`status`	`integer`	yes
`detail`	`string`	no
`instance`	`string`	no
`code`	`string`	no
`errors`	`object`	no

ReadinessCheck

Field	Type	Required
`hostname`	`string`	yes
`score`	`integer`	yes
`latency_ms`	`number`	no
`findings`	`object[]`	no

Record

Field	Type	Required
`id`	`string <uuid>`	yes
`zone_id`	`string <uuid>`	yes
`name`	`string`	yes
`type`	`RecordType`	yes
`ttl`	`integer`	yes
`data`	`object`	yes
`created_at`	`string <date-time>`	yes
`updated_at`	`string <date-time>`	yes

RecordCreate

Field	Type	Required
`name`	`string`	yes
`type`	`RecordType`	yes
`ttl`	`integer`	yes
`data`	`object`	yes

RecordPage

Field	Type	Required
`items`	`Record[]`	yes
`next_cursor`	`string`	yes

RecordType

RecordUpdate

Field	Type	Required
`ttl`	`integer`	no
`data`	`object`	no

RefusedQuery

Field	Type	Required
`tenant_id`	`string <uuid>`	yes
`zone_id`	`string <uuid>`	yes
`qname`	`string`	yes
`qtype`	`string`	yes
`source_ip`	`string`	yes
`country`	`string`	no
`reason`	`string (qtype-refused \| ip-not-allowed \| ip-denied \| country-not-allowed \| country-denied \| rate-limited)`	yes
`checked_at_ms`	`integer <int64>`	yes

Setting

Field	Type	Required
`key`	`string`	yes
`value`		no
`masked_value`	`string`	no
`is_secret`	`boolean`	yes
`description`	`string`	yes
`updated_by`	`string <uuid>`	no
`updated_at`	`string <date-time>`	yes

SettingUpsert

Field	Type	Required
`value`		no
`secret`	`string`	no
`is_secret`	`boolean`	yes
`description`	`string`	no

Zone

Field	Type	Required
`id`	`string <uuid>`	yes
`name`	`string`	yes
`active`	`boolean`	yes
`created_at`	`string <date-time>`	yes
`updated_at`	`string <date-time>`	yes

ZoneCreate

Field	Type	Required
`name`	`string`	yes

ZoneHealth

Field	Type	Required
`score`	`integer`	yes
`sub_scores`	`object`	no

ZonePage

Field	Type	Required
`items`	`Zone[]`	yes
`next_cursor`	`string`	yes