Skip to main content
POST
/
registrar
/
v1
/
domains
/
{domain_name}
/
dnssec
/
enable
Enable DNSSEC
curl --request POST \
  --url https://www.atom.com/api/registrar/v1/domains/{domain_name}/dnssec/enable \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "flags": 256,
  "algorithm": 13,
  "protocol": 3,
  "public_key": "AwEAAaz/tAm8yeTHkmTpF84YtQQKDE2S...",
  "digest_type": 2
}
'
import requests

url = "https://www.atom.com/api/registrar/v1/domains/{domain_name}/dnssec/enable"

payload = {
"flags": 256,
"algorithm": 13,
"protocol": 3,
"public_key": "AwEAAaz/tAm8yeTHkmTpF84YtQQKDE2S...",
"digest_type": 2
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)

print(response.text)
const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
flags: 256,
algorithm: 13,
protocol: 3,
public_key: 'AwEAAaz/tAm8yeTHkmTpF84YtQQKDE2S...',
digest_type: 2
})
};

fetch('https://www.atom.com/api/registrar/v1/domains/{domain_name}/dnssec/enable', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_URL => "https://www.atom.com/api/registrar/v1/domains/{domain_name}/dnssec/enable",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'flags' => 256,
'algorithm' => 13,
'protocol' => 3,
'public_key' => 'AwEAAaz/tAm8yeTHkmTpF84YtQQKDE2S...',
'digest_type' => 2
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
package main

import (
"fmt"
"strings"
"net/http"
"io"
)

func main() {

url := "https://www.atom.com/api/registrar/v1/domains/{domain_name}/dnssec/enable"

payload := strings.NewReader("{\n \"flags\": 256,\n \"algorithm\": 13,\n \"protocol\": 3,\n \"public_key\": \"AwEAAaz/tAm8yeTHkmTpF84YtQQKDE2S...\",\n \"digest_type\": 2\n}")

req, _ := http.NewRequest("POST", url, payload)

req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := io.ReadAll(res.Body)

fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.post("https://www.atom.com/api/registrar/v1/domains/{domain_name}/dnssec/enable")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"flags\": 256,\n \"algorithm\": 13,\n \"protocol\": 3,\n \"public_key\": \"AwEAAaz/tAm8yeTHkmTpF84YtQQKDE2S...\",\n \"digest_type\": 2\n}")
.asString();
require 'uri'
require 'net/http'

url = URI("https://www.atom.com/api/registrar/v1/domains/{domain_name}/dnssec/enable")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"flags\": 256,\n \"algorithm\": 13,\n \"protocol\": 3,\n \"public_key\": \"AwEAAaz/tAm8yeTHkmTpF84YtQQKDE2S...\",\n \"digest_type\": 2\n}"

response = http.request(request)
puts response.read_body
{
  "success": true,
  "message": "DNSSEC enabled successfully",
  "data": {
    "domain_name": "example.com",
    "dnssec_enabled": true,
    "auto_managed": true,
    "key_data": [
      {
        "flags": 256,
        "algorithm": 13,
        "protocol": 3,
        "publicKey": "AwEAAaz/tAm8yeTHkmTp..."
      }
    ],
    "ds_record": {
      "keyTag": 40741,
      "algorithm": 13,
      "digestType": 2,
      "digest": "49FD46E6C4B45C55D4AC69CBD3CD34AC1AFC42F7E79AC26D0986B31EF3AD27A7"
    }
  }
}
{
"success": false,
"error": "Bad Request",
"message": "Invalid input provided"
}
{
"success": false,
"error": "Unauthorized",
"message": "Invalid registrar API token or access has been revoked. Please request registrar API access from your dashboard."
}
{
"success": false,
"error": "Bad Request",
"message": "Invalid input provided"
}
{
"success": false,
"error": "Bad Request",
"message": "Invalid input provided"
}
{
"success": false,
"error": "Bad Request",
"message": "Invalid input provided"
}

Authorizations

Authorization
string
header
required

Registrar API Bearer token. Obtain from dashboard at /dashboard/seller/api-access after requesting Registrar API access.

Path Parameters

domain_name
string
required

Domain name (e.g. example.com)

Body

application/json

DNSSEC key fields for enabling DNSSEC.

Atom / Parking nameservers: All fields are optional and will be ignored — DNSSEC is auto-managed.

Custom nameservers: flags, algorithm, protocol, and public_key are required. digest_type is optional (defaults to 2 / SHA-256).

flags
enum<integer>

DNSKEY flags. 256 = ZSK (Zone Signing Key), 257 = KSK (Key Signing Key). Ignored for Atom/Parking nameservers.

Available options:
256,
257
Example:

256

algorithm
enum<integer>

DNSKEY algorithm number. Ignored for Atom/Parking nameservers.

ValueAlgorithm
3DSA/SHA-1
5RSA/SHA-1
6DSA-NSEC3-SHA1
7RSASHA1-NSEC3-SHA1
8RSA/SHA-256
10RSA/SHA-512
12GOST R 34.10-2001
13ECDSA P-256/SHA-256
14ECDSA P-384/SHA-384
15Ed25519
16Ed448
17SM2/SM3
23GOST R 34.10-2012
Available options:
3,
5,
6,
7,
8,
10,
12,
13,
14,
15,
16,
17,
23
Example:

13

protocol
enum<integer>

DNSKEY protocol. Must be 3 (the only valid value per RFC 4034). Ignored for Atom/Parking nameservers.

Available options:
3
Example:

3

public_key
string

Base64-encoded public key material from your DNS provider. Ignored for Atom/Parking nameservers.

Example:

"AwEAAaz/tAm8yeTHkmTpF84YtQQKDE2S..."

digest_type
enum<integer>
default:2

Digest algorithm used to compute the DS record returned in the response. Defaults to 2 (SHA-256). Ignored for Atom/Parking nameservers.

ValueAlgorithmNotes
1SHA-1Legacy; avoid for new deployments
2SHA-256Recommended (default)
3GOST R 34.11-94Requires server-side GOST engine
4SHA-384High-security deployments
Available options:
1,
2,
3,
4
Example:

2

Response

DNSSEC enabled successfully

success
boolean
Example:

true

message
string
Example:

"DNSSEC enabled successfully"

data
object