Skip to main content
POST
/
registrar
/
v1
/
domains
/
{domain_name}
/
dnssec
/
enable
Enable DNSSEC
curl --request POST \
  --url https://www.atom.com/api/registrar/v1/domains/{domain_name}/dnssec/enable \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "flags": 256,
  "algorithm": 13,
  "protocol": 3,
  "public_key": "AwEAAaz/tAm8yeTHkmTpF84YtQQKDE2S...",
  "digest_type": 2
}
'
{
  "success": true,
  "message": "DNSSEC enabled successfully",
  "data": {
    "domain_name": "example.com",
    "dnssec_enabled": true,
    "auto_managed": true,
    "key_data": [
      {
        "flags": 256,
        "algorithm": 13,
        "protocol": 3,
        "publicKey": "AwEAAaz/tAm8yeTHkmTp..."
      }
    ],
    "ds_record": {
      "keyTag": 40741,
      "algorithm": 13,
      "digestType": 2,
      "digest": "49FD46E6C4B45C55D4AC69CBD3CD34AC1AFC42F7E79AC26D0986B31EF3AD27A7"
    }
  }
}

Authorizations

Authorization
string
header
required

Registrar API Bearer token. Obtain from dashboard at /dashboard/seller/api-access after requesting Registrar API access.

Path Parameters

domain_name
string
required

Domain name (e.g. example.com)

Body

application/json

DNSSEC key fields for enabling DNSSEC.

Atom / Parking nameservers: All fields are optional and will be ignored — DNSSEC is auto-managed.

Custom nameservers: flags, algorithm, protocol, and public_key are required. digest_type is optional (defaults to 2 / SHA-256).

flags
enum<integer>

DNSKEY flags. 256 = ZSK (Zone Signing Key), 257 = KSK (Key Signing Key). Ignored for Atom/Parking nameservers.

Available options:
256,
257
Example:

256

algorithm
enum<integer>

DNSKEY algorithm number. Ignored for Atom/Parking nameservers.

ValueAlgorithm
3DSA/SHA-1
5RSA/SHA-1
6DSA-NSEC3-SHA1
7RSASHA1-NSEC3-SHA1
8RSA/SHA-256
10RSA/SHA-512
12GOST R 34.10-2001
13ECDSA P-256/SHA-256
14ECDSA P-384/SHA-384
15Ed25519
16Ed448
17SM2/SM3
23GOST R 34.10-2012
Available options:
3,
5,
6,
7,
8,
10,
12,
13,
14,
15,
16,
17,
23
Example:

13

protocol
enum<integer>

DNSKEY protocol. Must be 3 (the only valid value per RFC 4034). Ignored for Atom/Parking nameservers.

Available options:
3
Example:

3

public_key
string

Base64-encoded public key material from your DNS provider. Ignored for Atom/Parking nameservers.

Example:

"AwEAAaz/tAm8yeTHkmTpF84YtQQKDE2S..."

digest_type
enum<integer>
default:2

Digest algorithm used to compute the DS record returned in the response. Defaults to 2 (SHA-256). Ignored for Atom/Parking nameservers.

ValueAlgorithmNotes
1SHA-1Legacy; avoid for new deployments
2SHA-256Recommended (default)
3GOST R 34.11-94Requires server-side GOST engine
4SHA-384High-security deployments
Available options:
1,
2,
3,
4
Example:

2

Response

DNSSEC enabled successfully

success
boolean
Example:

true

message
string
Example:

"DNSSEC enabled successfully"

data
object