Skip to main content
POST
/
custom-domains
TypeScript
import { ManagementClient } from "auth0";

async function main() {
    const client = new ManagementClient({
        token: "<token>",
    });
    await client.customDomains.create({
        domain: "domain",
        type: "auth0_managed_certs",
    });
}
main();
{
  "custom_domain_id": "cd_0000000000000001",
  "domain": "login.mycompany.com",
  "primary": false,
  "status": "ready",
  "type": "self_managed_certs",
  "verification": {
    "methods": [
      {
        "name": "txt",
        "record": "auth0-domain-verification=...",
        "domain": "_cf-custom-hostname.login.mycompany.com"
      }
    ],
    "status": "verified",
    "error_msg": "<string>",
    "last_verified_at": "<string>"
  },
  "is_default": false,
  "custom_client_ip_header": "<string>",
  "tls_policy": "recommended",
  "domain_metadata": {},
  "certificate": {
    "status": "provisioning",
    "error_msg": "<string>",
    "certificate_authority": "letsencrypt",
    "renews_before": "<string>"
  },
  "relying_party_identifier": "<string>"
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

domain
string
required

Domain name.

Pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9])$
type
enum<string>
required

Custom domain provisioning type. Must be auth0_managed_certs or self_managed_certs.

Available options:
auth0_managed_certs,
self_managed_certs
verification_method
enum<string>
default:txt

Custom domain verification method. Must be txt.

Available options:
txt
tls_policy
enum<string>
default:recommended

Custom domain TLS policy. Must be recommended, includes TLS 1.2.

Available options:
recommended
custom_client_ip_header
enum<string> | null
default:true-client-ip

The HTTP header to fetch the client's IP address

Available options:
true-client-ip,
cf-connecting-ip,
x-forwarded-for,
x-azure-clientip,
domain_metadata
object

Domain metadata associated with the custom domain, in the form of an object with string values (max 255 chars). Maximum of 10 domain metadata properties allowed.

relying_party_identifier
string<hostname>

Relying Party ID (rpId) to be used for Passkeys on this custom domain. If not provided, the full domain will be used.

Maximum string length: 255

Response

Custom domain successfully created (verification is pending).

custom_domain_id
string
default:cd_0000000000000001
required

ID of the custom domain.

domain
string
default:login.mycompany.com
required

Domain name.

primary
boolean
default:false
required

Whether this is a primary domain (true) or not (false).

status
enum<string>
default:ready
required

Custom domain configuration status. Can be failed, pending_verification, or ready.

Available options:
pending_verification,
ready,
failed
type
enum<string>
default:self_managed_certs
required

Custom domain provisioning type. Can be auth0_managed_certs or self_managed_certs.

Available options:
auth0_managed_certs,
self_managed_certs
verification
object
required

Domain verification settings.

is_default
boolean
default:false

Whether this is the default custom domain (true) or not (false).

custom_client_ip_header
string | null

The HTTP header to fetch the client's IP address

tls_policy
string
default:recommended

The TLS version policy

domain_metadata
object

Domain metadata associated with the custom domain, in the form of an object with string values (max 255 chars). Maximum of 10 domain metadata properties allowed.

certificate
object

Certificate information. This object is relevant only for Custom Domains with Auth0-Managed Certificates.

relying_party_identifier
string<hostname>

Relying Party ID (rpId) to be used for Passkeys on this custom domain. If not present, the full domain will be used.