# Domain
> API reference for Domains (core.apoxy.dev/v1alpha3)
**API Group:** `core.apoxy.dev/v1alpha3`
## Operations
### List Domains
List Domain
**Response**
- `200`: OK
---
### Create Domain
Create a Domain
**Request Body**
Spec fields (`DomainSpec`):
| Field | Type | Description |
| --- | --- | --- |
| `customDomains` | string[] | The list of custom domain names to also route to the target, which may be under another domain. Routing may require additional verification steps. |
| `filters` | [LocalObjectReference](#localobjectreference)[] | EdgeFunction filters applied for the domain. |
| `forwarding` | [DomainForwardingSpec](#domainforwardingspec) | Used to specify routing non-HTTP/S forwarding rules. For example, forwarding tcp:10000-20000 to a specified port of a target (e.g. an EdgeFunction or a TunnelEndpoint). This is a Pro feature only. |
| `target` | [DomainTargetSpec](#domaintargetspec) | Target of the domain. **(required)** |
| `tls` | [DomainTLSSpec](#domaintlsspec) | TLS configuration for the domain. |
| `zone` | string | The zone this domain is managed under. |
**Response**
- `200`: OK
- `201`: Created
- `202`: Accepted
---
### Delete All Domains
Delete collection of Domain
**Response**
- `200`: OK
---
### Get Domain
Get the specified Domain
**Response**
- `200`: OK
---
### Replace Domain
Replace the specified Domain
**Request Body**
Spec fields (`DomainSpec`):
| Field | Type | Description |
| --- | --- | --- |
| `customDomains` | string[] | The list of custom domain names to also route to the target, which may be under another domain. Routing may require additional verification steps. |
| `filters` | [LocalObjectReference](#localobjectreference)[] | EdgeFunction filters applied for the domain. |
| `forwarding` | [DomainForwardingSpec](#domainforwardingspec) | Used to specify routing non-HTTP/S forwarding rules. For example, forwarding tcp:10000-20000 to a specified port of a target (e.g. an EdgeFunction or a TunnelEndpoint). This is a Pro feature only. |
| `target` | [DomainTargetSpec](#domaintargetspec) | Target of the domain. **(required)** |
| `tls` | [DomainTLSSpec](#domaintlsspec) | TLS configuration for the domain. |
| `zone` | string | The zone this domain is managed under. |
**Response**
- `200`: OK
- `201`: Created
---
### Update Domain
Partially update the specified Domain
**Response**
- `200`: OK
- `201`: Created
---
### Delete Domain
Delete a Domain
**Response**
- `200`: OK
- `202`: Accepted
---
## Schema Reference
### LocalObjectReference
| Field | Type | Description |
| --- | --- | --- |
| `group` | string | Group is the API Group of the referenced object. **(required)** |
| `name` | string | Name is the name of the referenced object. **(required)** |
### DomainForwardingSpec
| Field | Type | Description |
| --- | --- | --- |
| `forwardingRules` | [ForwardingRule](#forwardingrule)[] | ForwardingRules is the list of forwarding rules. |
### DomainTargetSpec
| Field | Type | Description |
| --- | --- | --- |
| `dns` | [DomainTargetDNS](#domaintargetdns) | Represents targets specified via DNS. |
| `ref` | [LocalObjectReference](#localobjectreference) | Represent a target specified via a reference to another object within Apoxy (e.g. Proxy, EdgeFunction (type=backend), TunnelEndpoint). |
### DomainTargetDNS
| Field | Type | Description |
| --- | --- | --- |
| `caa` | [DNSCAARecords](#dnscaarecords) | CAA holds Certification Authority Authorization record values. |
| `dkim` | [DNSDKIMRecords](#dnsdkimrecords) | DKIM holds DKIM (DomainKeys Identified Mail) values. Stored as TXT records under <selector>._domainkey.<domain>. Values should be DKIM public key records (e.g. "v=DKIM1; k=rsa; p=..."). |
| `dmarc` | [DNSDMARCRecords](#dnsdmarcrecords) | DMARC holds DMARC (Domain-based Message Authentication, Reporting & Conformance) values. Stored as TXT records under _dmarc.<domain>. Values should follow DMARC syntax (e.g. "v=DMARC1; p=reject; rua=mailto:..."). |
| `dnskey` | [DNSDNSKEYRecords](#dnsdnskeyrecords) | DNSKEY holds DNSKEY records for DNSSEC. Values should be DNSKEY record data (e.g. "257 3 8 <base64-encoded-key>"). |
| `ds` | [DNSDSRecords](#dnsdsrecords) | DS holds DS (Delegation Signer) records for DNSSEC chain of trust. Values should be DS record data (e.g. "12345 8 2 <digest>"). |
| `fqdn` | [DNSCNAMERecord](#dnscnamerecord) | FQDN holds a CNAME record target. Cannot be set with IPs. |
| `ips` | [DNSAddressRecords](#dnsaddressrecords) | IPs holds A/AAAA record addresses. Cannot be set with FQDN. |
| `mx` | [DNSMXRecords](#dnsmxrecords) | MX holds Mail Exchange record values. |
| `ns` | [DNSNSRecords](#dnsnsrecords) | NS holds Name Server record values. |
| `spf` | [DNSSPFRecords](#dnsspfrecords) | SPF holds SPF (Sender Policy Framework) values. Stored as TXT records. Values should follow SPF syntax (e.g. "v=spf1 include:_spf.google.com ~all"). |
| `srv` | [DNSSRVRecords](#dnssrvrecords) | SRV holds Service Locator record values. |
| `txt` | [DNSTXTRecords](#dnstxtrecords) | TXT holds TXT record values. |
### DNSCAARecords
| Field | Type | Description |
| --- | --- | --- |
| `ttl` | integer (int32) | TTL is the time-to-live for this record type. |
| `values` | string[] | Values is the list of CAA record values. **(required)** |
### DNSDKIMRecords
| Field | Type | Description |
| --- | --- | --- |
| `ttl` | integer (int32) | TTL is the time-to-live for this record type. |
| `values` | string[] | Values is the list of DKIM record values. **(required)** |
### DNSDMARCRecords
| Field | Type | Description |
| --- | --- | --- |
| `ttl` | integer (int32) | TTL is the time-to-live for this record type. |
| `values` | string[] | Values is the list of DMARC record values. **(required)** |
### DNSDNSKEYRecords
| Field | Type | Description |
| --- | --- | --- |
| `ttl` | integer (int32) | TTL is the time-to-live for this record type. |
| `values` | string[] | Values is the list of DNSKEY record values. **(required)** |
### DNSDSRecords
| Field | Type | Description |
| --- | --- | --- |
| `ttl` | integer (int32) | TTL is the time-to-live for this record type. |
| `values` | string[] | Values is the list of DS record values. **(required)** |
### DNSCNAMERecord
| Field | Type | Description |
| --- | --- | --- |
| `name` | string | Name is the fully qualified domain name of the CNAME target. **(required)** |
| `ttl` | integer (int32) | TTL is the time-to-live for this record type. |
### DNSAddressRecords
| Field | Type | Description |
| --- | --- | --- |
| `addresses` | string[] | Addresses is the list of IP addresses. **(required)** |
| `ttl` | integer (int32) | TTL is the time-to-live for this record type. |
### DNSMXRecords
| Field | Type | Description |
| --- | --- | --- |
| `ttl` | integer (int32) | TTL is the time-to-live for this record type. |
| `values` | string[] | Values is the list of MX record values (e.g. "10 mail.example.com"). **(required)** |
### DNSNSRecords
| Field | Type | Description |
| --- | --- | --- |
| `nameservers` | string[] | Nameservers is the list of nameserver values. **(required)** |
| `ttl` | integer (int32) | TTL is the time-to-live for this record type. |
### DNSSPFRecords
| Field | Type | Description |
| --- | --- | --- |
| `ttl` | integer (int32) | TTL is the time-to-live for this record type. |
| `values` | string[] | Values is the list of SPF record values. **(required)** |
### DNSSRVRecords
| Field | Type | Description |
| --- | --- | --- |
| `ttl` | integer (int32) | TTL is the time-to-live for this record type. |
| `values` | string[] | Values is the list of SRV record values. **(required)** |
### DNSTXTRecords
| Field | Type | Description |
| --- | --- | --- |
| `ttl` | integer (int32) | TTL is the time-to-live for this record type. |
| `values` | string[] | Values is the list of TXT record values. **(required)** |
### DomainTLSSpec
| Field | Type | Description |
| --- | --- | --- |
| `certificateAuthority` | string | The Certificate Authority used to issue the TLS certificate. Currently supports "letsencrypt". |