Create and rotate API keys
Mint, scope, and revoke keys for scripts and CI.
API keys are durable bearer tokens. They never expire — kill them when you’re done.
Mint
Dashboard → API keys → New key.
Or via the API itself:
curl -X POST "https://api.domaingenius.com.au/api/v1/me/api-keys" \
-H "Authorization: Bearer dg_live_existingkey..." \
-H "Content-Type: application/json" \
-d '{
"name": "ci-deploy",
"scopes": ["domains:read", "dns:write"]
}'{
"id": "key_01HF82YV...",
"name": "ci-deploy",
"scopes": ["domains:read", "dns:write"],
"key": "dg_live_2k8n4j7s9..."
}key is the full secret — only returned in this response, never again. Save it to a secrets manager.
Scope tightly
A CI key that only updates DNS doesn’t need billing:write. The dashboard pre-fills sensible scope sets per use case (CI, monitoring, registrar tooling) — start there.
List
curl "https://api.domaingenius.com.au/api/v1/me/api-keys" \
-H "Authorization: Bearer $DG_KEY"Responses show the prefix (dg_live_2k8n…) and metadata, never the secret.
Rotate
There’s no rotate endpoint. Mint a new key, deploy, delete the old one:
curl -X DELETE "https://api.domaingenius.com.au/api/v1/me/api-keys/$KEY_ID" \
-H "Authorization: Bearer $DG_KEY"Deletion is immediate. Requests with the deleted key get HTTP 401 within seconds.
Test mode
dg_test_ keys hit the same routes but never call the registrar. Use them in CI fixtures so a passing test never accidentally registers dxnghhg-test-1234.com. Test keys can register, renew, transfer, and edit DNS — all returning synthetic confirmations.
Mint a test key from the dashboard with the Test mode toggle on.
Leak protection
We scan public GitHub for dg_live_ keys. If we find a match we revoke and email you. There’s no way to opt out — leaked keys are leaked keys.