DANE Record Validator API
Overview
To use DANE Record Validator, you need an API key. You can get one by creating a free account and visiting your dashboard.
POST Endpoint
https://api.apiverve.com/v1/danevalidatorExample
How to call the DANE Record Validator API in different programming languages.
curl -X POST \
"https://api.apiverve.com/v1/danevalidator" \
-H "X-API-Key: your_api_key_here" \
-H "Content-Type: application/json" \
-d '{
"record": "_443._tcp.example.com. 86400 IN TLSA 3 1 1 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF"
}'const response = await fetch('https://api.apiverve.com/v1/danevalidator', {
method: 'POST',
headers: {
'X-API-Key': 'your_api_key_here',
'Content-Type': 'application/json'
},
body: JSON.stringify({
"record": "_443._tcp.example.com. 86400 IN TLSA 3 1 1 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF"
})
});
const data = await response.json();
console.log(data);import requests
headers = {
'X-API-Key': 'your_api_key_here',
'Content-Type': 'application/json'
}
payload = {
"record": "_443._tcp.example.com. 86400 IN TLSA 3 1 1 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF"
}
response = requests.post('https://api.apiverve.com/v1/danevalidator', headers=headers, json=payload)
data = response.json()
print(data)package main
import (
"fmt"
"io"
"net/http"
"bytes"
"encoding/json"
)
func main() {
payload := map[string]interface{}{
"record": "_443._tcp.example.com. 86400 IN TLSA 3 1 1 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF"
}
jsonPayload, _ := json.Marshal(payload)
req, _ := http.NewRequest("POST", "https://api.apiverve.com/v1/danevalidator", bytes.NewBuffer(jsonPayload))
req.Header.Set("X-API-Key", "your_api_key_here")
req.Header.Set("Content-Type", "application/json")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := io.ReadAll(resp.Body)
fmt.Println(string(body))
}{
"status": "ok",
"error": null,
"data": {
"raw_record": "_443._tcp.example.com. 86400 IN TLSA 3 1 1 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF",
"parsed": {
"name": "_443._tcp.example.com.",
"port": 443,
"protocol": "tcp",
"hostname": "example.com",
"ttl": 86400,
"class": "IN",
"usage": 3,
"selector": 1,
"matching": 1,
"certificate_data": "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF",
"certificate_data_length": 64
},
"interpretation": {
"usage": {
"name": "DANE-EE",
"description": "Domain-issued certificate",
"full_description": "Certificate must exactly match the provided association data (most common)"
},
"selector": {
"name": "SPKI",
"description": "SubjectPublicKeyInfo",
"full_description": "Match against the Subject Public Key Info (recommended)"
},
"matching": {
"name": "SHA-256",
"description": "SHA-256 hash",
"full_description": "SHA-256 hash of the selected content (recommended)"
},
"security_level": "Recommended",
"recommendation": "This is the recommended DANE configuration (DANE-EE + SPKI + SHA-256)"
},
"validation": {
"is_valid": true,
"certificate_data_format": "Valid hexadecimal",
"certificate_data_length_valid": true
}
}
}Authentication
The DANE Record Validator API requires authentication via API key. Include your API key in the request header:
X-API-Key: your_api_key_hereInteractive API Playground
Test the DANE Record Validator API directly in your browser with live requests and responses.
Parameters
The following parameters are available for the DANE Record Validator API:
Validate DANE Record
| Parameter | Type | Required | Description | Default | Example |
|---|---|---|---|---|---|
record | string | required | The DANE/TLSA record string to validate | - |
Response
The DANE Record Validator API returns responses in JSON, XML, YAML, and CSV formats. The JSON response is shown in the Example section above; alternative formats below.
Other Response Formats
<?xml version="1.0" encoding="UTF-8"?>
<response>
<status>ok</status>
<error xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
<data>
<raw_record>_443._tcp.example.com. 86400 IN TLSA 3 1 1 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF</raw_record>
<parsed>
<name>_443._tcp.example.com.</name>
<port>443</port>
<protocol>tcp</protocol>
<hostname>example.com</hostname>
<ttl>86400</ttl>
<class>IN</class>
<usage>3</usage>
<selector>1</selector>
<matching>1</matching>
<certificate_data>0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF</certificate_data>
<certificate_data_length>64</certificate_data_length>
</parsed>
<interpretation>
<usage>
<name>DANE-EE</name>
<description>Domain-issued certificate</description>
<full_description>Certificate must exactly match the provided association data (most common)</full_description>
</usage>
<selector>
<name>SPKI</name>
<description>SubjectPublicKeyInfo</description>
<full_description>Match against the Subject Public Key Info (recommended)</full_description>
</selector>
<matching>
<name>SHA-256</name>
<description>SHA-256 hash</description>
<full_description>SHA-256 hash of the selected content (recommended)</full_description>
</matching>
<security_level>Recommended</security_level>
<recommendation>This is the recommended DANE configuration (DANE-EE + SPKI + SHA-256)</recommendation>
</interpretation>
<validation>
<is_valid>true</is_valid>
<certificate_data_format>Valid hexadecimal</certificate_data_format>
<certificate_data_length_valid>true</certificate_data_length_valid>
</validation>
</data>
</response>
status: ok
error: null
data:
raw_record: >-
_443._tcp.example.com. 86400 IN TLSA 3 1 1
0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF
parsed:
name: _443._tcp.example.com.
port: 443
protocol: tcp
hostname: example.com
ttl: 86400
class: IN
usage: 3
selector: 1
matching: 1
certificate_data: 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF
certificate_data_length: 64
interpretation:
usage:
name: DANE-EE
description: Domain-issued certificate
full_description: >-
Certificate must exactly match the provided association data (most
common)
selector:
name: SPKI
description: SubjectPublicKeyInfo
full_description: Match against the Subject Public Key Info (recommended)
matching:
name: SHA-256
description: SHA-256 hash
full_description: SHA-256 hash of the selected content (recommended)
security_level: Recommended
recommendation: This is the recommended DANE configuration (DANE-EE + SPKI + SHA-256)
validation:
is_valid: true
certificate_data_format: Valid hexadecimal
certificate_data_length_valid: true
| key | value |
|---|---|
| raw_record | _443._tcp.example.com. 86400 IN TLSA 3 1 1 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF |
| parsed | {name:_443._tcp.example.com.,port:443,protocol:tcp,hostname:example.com,ttl:86400,class:IN,usage:3,selector:1,matching:1,certificate_data:0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF,certificate_data_length:64} |
| interpretation | {usage:{name:DANE-EE,description:Domain-issued certificate,full_description:Certificate must exactly match the provided association data (most common)},selector:{name:SPKI,description:SubjectPublicKeyInfo,full_description:Match against the Subject Public Key Info (recommended)},matching:{name:SHA-256,description:SHA-256 hash,full_description:SHA-256 hash of the selected content (recommended)},security_level:Recommended,recommendation:This is the recommended DANE configuration (DANE-EE + SPKI + SHA-256)} |
| validation | {is_valid:true,certificate_data_format:Valid hexadecimal,certificate_data_length_valid:true} |
Response Structure
All API responses follow a consistent structure with the following fields:
| Field | Type | Description | Example |
|---|---|---|---|
status | string | Indicates whether the request was successful ("ok") or failed ("error") | ok |
error | string | null | Contains error message if status is "error", otherwise null | null |
data | object | null | Contains the API response data if successful, otherwise null | {...} |
Learn more about response formats →
Response Data Fields
When the request is successful, the data object contains the following fields:
| Field | Type | Sample Value | Description |
|---|---|---|---|
raw_record | string | - | |
parsed | object | - | |
â”” name | string | - | |
â”” port | number | - | |
â”” protocol | string | - | |
â”” hostname | string | - | |
â”” ttl | number | - | |
â”” class | string | - | |
â”” usage | number | - | |
â”” selector | number | - | |
â”” matching | number | - | |
â”” certificate_data | string | - | |
â”” certificate_data_length | number | - | |
interpretation | object | - | |
â”” usage | object | - | |
â”” name | string | - | |
â”” description | string | - | |
â”” full_description | string | - | |
â”” selector | object | - | |
â”” name | string | - |
Headers
Only X-API-Key is required. Optional headers include Accept for response format negotiation (JSON, XML, or YAML), User-Agent, and X-Request-ID for request tracing. See all request headers →
GraphQL AccessALPHA
Access DANE Record Validator through GraphQL to combine it with other API calls in a single request. Query only the dane record validator data you need with precise field selection, and orchestrate complex data fetching workflows.
Credit Cost: Each API called in your GraphQL query consumes its standard credit cost.
POST https://api.apiverve.com/v1/graphqlquery {
danevalidator(
input: {
record: "_443._tcp.example.com. 86400 IN TLSA 3 1 1 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF"
}
) {
raw_record
parsed {
name
port
protocol
hostname
ttl
class
usage
selector
matching
certificate_data
certificate_data_length
}
interpretation {
usage {
name
description
full_description
}
selector {
name
description
full_description
}
matching {
name
description
full_description
}
security_level
recommendation
}
validation {
is_valid
certificate_data_format
certificate_data_length_valid
}
}
}Note: Authentication is handled via the x-api-key header in your GraphQL request, not as a query parameter.
CORS Support
The DANE Record Validator API accepts cross-origin requests from any origin, so it can be called directly from browser-based applications without a proxy. See CORS support →
Rate Limiting
DANE Record Validator requests are throttled per minute on the Free plan and unthrottled on paid plans. Exceeding the limit returns 429 Too Many Requests; rate-limit usage is reported in the X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset response headers. See per-plan limits and best practices →
Error Codes
The DANE Record Validator API uses standard HTTP status codes — 200 on success, 400 for invalid parameters, 401 for missing or invalid keys, 403 for insufficient credits, 429 for rate-limit exhaustion, and 500/503 for server-side issues. Each error response includes an X-Request-ID header you can quote when contacting support. See full error handling guide →
SDKs for DANE Record Validator
Official DANE Record Validator packages on npm, PyPI, NuGet, and JitPack — plus a Postman collection and an OpenAPI spec. See the SDK guide →
No-Code Integrations
DANE Record Validator works with Zapier, Make, Pipedream, n8n, and Power Automate using the same API key. See setup guides →
Frequently Asked Questions
How do I get an API key for DANE Record Validator?
How many credits does DANE Record Validator cost?
Each successful DANE Record Validator API call consumes credits based on plan tier. Check the pricing section above for the exact credit cost. Failed requests and errors don't consume credits, so you only pay for successful dane record validator lookups.
Can I use DANE Record Validator in production?
The free plan is for testing and development only. For production use of DANE Record Validator, upgrade to a paid plan (Starter, Pro, or Mega) which includes commercial use rights, no attribution requirements, and guaranteed uptime SLAs. All paid plans are production-ready.
Can I use DANE Record Validator from a browser?
What happens if I exceed my DANE Record Validator credit limit?
When you reach your monthly credit limit, DANE Record Validator API requests will return an error until you upgrade your plan or wait for the next billing cycle. You'll receive notifications at 80% and 95% usage to give you time to upgrade if needed.
People who used this also used...
Based on your interest in DANE Record Validator, you might also like these APIs:
