API "custom_domain" field validation

jokuja · October 14, 2020, 12:00pm

Hello,
could you please provide validation rules for API field “custom_domain” ?
We need to be sure that endpoint doesn’t fail because of that.
Cannot find it in your API documentation.

One thing is regex (we can guess some proper one).
Second thing is if domain is used by other account. How can we detect this in easy way?

When making a request with invalid domain, your API just returns

JSONHTTPError: Unprocessable Entity
json: { errors: { domain_aliases: [Array] } } }
{ errors: { domain_aliases: [ 'is owned by another account' ] }

so if there are hundreds of domains we even cannot know which one is wrong…

P.S.
I see that I can block out any other domain without owning it. Is this intended behaviour?

jen · October 7, 2020, 9:50pm

Hey @jokuja,
We’re in the process of improving our API docs and happy to help out here as that work continues!

It’s true that if you make a request with an array of domain_aliases, and there is one domain_alias in the array that is owned by another account, we won’t tell you which domain_alias is the problematic one. If this is something you’re running into regularly, I’d recommend setting each domain alias in its own separate request. Would that work for you?

And yes, you can technically set a domain_alias for a domain you don’t own. But it will never be active as a domain alias for your site since DNS will never resolve that domain alias to your site if you don’t actually own the domain.

Please let us know if this helps or if you have other questions.

jokuja · October 7, 2020, 10:00pm

Thanks for this response!

Could you give me a hint how to set one alias in a separate request?
I only see endpoint to update site, which I assume will override existing aliases:

Many thanks!

jen · October 7, 2020, 10:01pm

Hey @jokuja, can you tell me what method you’re using to update- the js-client or curl or something else?

jokuja · October 7, 2020, 10:02pm

Using npm package in node.

jen · October 7, 2020, 11:06pm

You were right Can’t set domain aliases by making separate requests that way, though you can imagine a terrible “guess and check” flow that would append a new domain_alias to the array, make a new call with that array, etc. until you’ve confirmed that every one does not return an error. Hopefully you won’t have to go that route.

Let’s try something else: if you call https://app.netlify.com/.netlify/functions/verify?domain=YOURDOMAIN, that should tell you if the domain is already served by Netlify ("result": true), in which case you won’t be able to use it on your own site. Here’s an example of a call with a domain that is currently assigned to a site: https://app.netlify.com/.netlify/functions/verify?domain=examples.netlify.horse

If you try this with one of your domains and get false, but still see an error when updating the domain_aliases with that domain, could you please share it so we can dig in further?

Other validators:

we check a regex like this: /\A[a-zA-Z0-9\-\.]+\z/
we rely on the public suffix list: https://publicsuffix.org/list/public_suffix_list.dat

Let us know if this helps or if you have other questions!

jokuja · October 8, 2020, 7:29am

thanks for this idea!

but its easy to get domains which have “false” as a result but cannot be added:

https://app.netlify.com/.netlify/functions/verify?domain=google.com

https://app.netlify.com/.netlify/functions/verify?domain=booking.com

jen · October 8, 2020, 5:15pm

Hey @jokuja,
Correct! The suggestion was more geared around avoiding the [ 'is owned by another account' ] error you mentioned in the original post. There is no validation that will prevent you from adding a domain alias like google.com. As you can see in your site dashboard, doing that doesn’t throw an error other than that we can’t get you an SSL certificate (since we’re not serving the domain).

jokuja · October 9, 2020, 12:34pm

thank you, we managed to add more validations on our side so its OK

but another huge problem, your API limits it to 100 custom domains, we have now around 300 and we will need thousands

what do you suggest to do?

jokuja · October 12, 2020, 5:50pm

any ideas for issue with limit of domains count?

other solution which would work for me is to not require CNAME alias for domain which make requests but allow it based on A record (IP address)

would this be possible?

Pie · October 14, 2020, 12:00pm

Hey @jokuja,

I’ve replied to your Helpdesk ticket regarding this matter. TL:DR; we should steer clear of domain aliases when there’s going to be so many and look to make use of our wildcard subdomain feature (available on paid plans).

Further instructions and info is contained in the ticket!