DANE Record Validator API
DANE Record Validator validates DANE/TLSA DNS records used for certificate authentication, providing security analysis and best practice recommendations.
The DANE Record Validator API provides reliable and fast access to dane record validator data through a simple REST interface. Built for developers who need consistent, high-quality results with minimal setup time.
To use DANE Record Validator, you need an API key. You can get one by creating a free account and visiting your dashboard.
POST Endpoint
https://api.apiverve.com/v1/danevalidatorCode Examples
Here are examples of how to call the DANE Record Validator API in different programming languages:
curl -X POST \
"https://api.apiverve.com/v1/danevalidator" \
-H "X-API-Key: your_api_key_here" \
-H "Content-Type: application/json" \
-d '{
"record": "_443._tcp.example.com. 86400 IN TLSA 3 1 1 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF"
}'const response = await fetch('https://api.apiverve.com/v1/danevalidator', {
method: 'POST',
headers: {
'X-API-Key': 'your_api_key_here',
'Content-Type': 'application/json'
},
body: JSON.stringify({
"record": "_443._tcp.example.com. 86400 IN TLSA 3 1 1 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF"
})
});
const data = await response.json();
console.log(data);import requests
headers = {
'X-API-Key': 'your_api_key_here',
'Content-Type': 'application/json'
}
payload = {
"record": "_443._tcp.example.com. 86400 IN TLSA 3 1 1 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF"
}
response = requests.post('https://api.apiverve.com/v1/danevalidator', headers=headers, json=payload)
data = response.json()
print(data)const https = require('https');
const url = require('url');
const options = {
method: 'POST',
headers: {
'X-API-Key': 'your_api_key_here',
'Content-Type': 'application/json'
}
};
const postData = JSON.stringify({
"record": "_443._tcp.example.com. 86400 IN TLSA 3 1 1 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF"
});
const req = https.request('https://api.apiverve.com/v1/danevalidator', options, (res) => {
let data = '';
res.on('data', (chunk) => data += chunk);
res.on('end', () => console.log(JSON.parse(data)));
});
req.write(postData);
req.end();<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://api.apiverve.com/v1/danevalidator');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'X-API-Key: your_api_key_here',
'Content-Type: application/json'
]);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode({
'record': '_443._tcp.example.com. 86400 IN TLSA 3 1 1 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF'
}));
$response = curl_exec($ch);
curl_close($ch);
$data = json_decode($response, true);
print_r($data);
?>package main
import (
"fmt"
"io"
"net/http"
"bytes"
"encoding/json"
)
func main() {
payload := map[string]interface{}{
"record": "_443._tcp.example.com. 86400 IN TLSA 3 1 1 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF"
}
jsonPayload, _ := json.Marshal(payload)
req, _ := http.NewRequest("POST", "https://api.apiverve.com/v1/danevalidator", bytes.NewBuffer(jsonPayload))
req.Header.Set("X-API-Key", "your_api_key_here")
req.Header.Set("Content-Type", "application/json")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := io.ReadAll(resp.Body)
fmt.Println(string(body))
}require 'net/http'
require 'json'
uri = URI('https://api.apiverve.com/v1/danevalidator')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
payload = {
"record": "_443._tcp.example.com. 86400 IN TLSA 3 1 1 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF"
}
request = Net::HTTP::Post.new(uri)
request['X-API-Key'] = 'your_api_key_here'
request['Content-Type'] = 'application/json'
request.body = payload.to_json
response = http.request(request)
puts JSON.pretty_generate(JSON.parse(response.body))using System;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
class Program
{
static async Task Main(string[] args)
{
using var client = new HttpClient();
client.DefaultRequestHeaders.Add("X-API-Key", "your_api_key_here");
var jsonContent = @"{
""record"": ""_443._tcp.example.com. 86400 IN TLSA 3 1 1 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF""
}";
var content = new StringContent(jsonContent, Encoding.UTF8, "application/json");
var response = await client.PostAsync("https://api.apiverve.com/v1/danevalidator", content);
response.EnsureSuccessStatusCode();
var responseBody = await response.Content.ReadAsStringAsync();
Console.WriteLine(responseBody);
}
}Authentication
The DANE Record Validator API requires authentication via API key. Include your API key in the request header:
X-API-Key: your_api_key_hereInteractive API Playground
Test the DANE Record Validator API directly in your browser with live requests and responses.
Parameters
The following parameters are available for the DANE Record Validator API:
Validate DANE Record
| Parameter | Type | Required | Description | Default | Example |
|---|---|---|---|---|---|
record | string | required | The DANE/TLSA record string to validate | - |
Response
The DANE Record Validator API returns responses in JSON, XML, YAML, and CSV formats:
Example Responses
{
"status": "ok",
"error": null,
"data": {
"raw_record": "_443._tcp.example.com. 86400 IN TLSA 3 1 1 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF",
"parsed": {
"name": "_443._tcp.example.com.",
"port": 443,
"protocol": "tcp",
"hostname": "example.com",
"ttl": 86400,
"class": "IN",
"usage": 3,
"selector": 1,
"matching": 1,
"certificate_data": "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF",
"certificate_data_length": 64
},
"interpretation": {
"usage": {
"name": "DANE-EE",
"description": "Domain-issued certificate",
"full_description": "Certificate must exactly match the provided association data (most common)"
},
"selector": {
"name": "SPKI",
"description": "SubjectPublicKeyInfo",
"full_description": "Match against the Subject Public Key Info (recommended)"
},
"matching": {
"name": "SHA-256",
"description": "SHA-256 hash",
"full_description": "SHA-256 hash of the selected content (recommended)"
},
"security_level": "Recommended",
"recommendation": "This is the recommended DANE configuration (DANE-EE + SPKI + SHA-256)"
},
"validation": {
"is_valid": true,
"certificate_data_format": "Valid hexadecimal",
"certificate_data_length_valid": true
}
}
}<?xml version="1.0" encoding="UTF-8"?>
<response>
<status>ok</status>
<error xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
<data>
<raw_record>_443._tcp.example.com. 86400 IN TLSA 3 1 1 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF</raw_record>
<parsed>
<name>_443._tcp.example.com.</name>
<port>443</port>
<protocol>tcp</protocol>
<hostname>example.com</hostname>
<ttl>86400</ttl>
<class>IN</class>
<usage>3</usage>
<selector>1</selector>
<matching>1</matching>
<certificate_data>0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF</certificate_data>
<certificate_data_length>64</certificate_data_length>
</parsed>
<interpretation>
<usage>
<name>DANE-EE</name>
<description>Domain-issued certificate</description>
<full_description>Certificate must exactly match the provided association data (most common)</full_description>
</usage>
<selector>
<name>SPKI</name>
<description>SubjectPublicKeyInfo</description>
<full_description>Match against the Subject Public Key Info (recommended)</full_description>
</selector>
<matching>
<name>SHA-256</name>
<description>SHA-256 hash</description>
<full_description>SHA-256 hash of the selected content (recommended)</full_description>
</matching>
<security_level>Recommended</security_level>
<recommendation>This is the recommended DANE configuration (DANE-EE + SPKI + SHA-256)</recommendation>
</interpretation>
<validation>
<is_valid>true</is_valid>
<certificate_data_format>Valid hexadecimal</certificate_data_format>
<certificate_data_length_valid>true</certificate_data_length_valid>
</validation>
</data>
</response>
status: ok
error: null
data:
raw_record: >-
_443._tcp.example.com. 86400 IN TLSA 3 1 1
0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF
parsed:
name: _443._tcp.example.com.
port: 443
protocol: tcp
hostname: example.com
ttl: 86400
class: IN
usage: 3
selector: 1
matching: 1
certificate_data: 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF
certificate_data_length: 64
interpretation:
usage:
name: DANE-EE
description: Domain-issued certificate
full_description: >-
Certificate must exactly match the provided association data (most
common)
selector:
name: SPKI
description: SubjectPublicKeyInfo
full_description: Match against the Subject Public Key Info (recommended)
matching:
name: SHA-256
description: SHA-256 hash
full_description: SHA-256 hash of the selected content (recommended)
security_level: Recommended
recommendation: This is the recommended DANE configuration (DANE-EE + SPKI + SHA-256)
validation:
is_valid: true
certificate_data_format: Valid hexadecimal
certificate_data_length_valid: true
| key | value |
|---|---|
| raw_record | _443._tcp.example.com. 86400 IN TLSA 3 1 1 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF |
| parsed | {name:_443._tcp.example.com.,port:443,protocol:tcp,hostname:example.com,ttl:86400,class:IN,usage:3,selector:1,matching:1,certificate_data:0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF,certificate_data_length:64} |
| interpretation | {usage:{name:DANE-EE,description:Domain-issued certificate,full_description:Certificate must exactly match the provided association data (most common)},selector:{name:SPKI,description:SubjectPublicKeyInfo,full_description:Match against the Subject Public Key Info (recommended)},matching:{name:SHA-256,description:SHA-256 hash,full_description:SHA-256 hash of the selected content (recommended)},security_level:Recommended,recommendation:This is the recommended DANE configuration (DANE-EE + SPKI + SHA-256)} |
| validation | {is_valid:true,certificate_data_format:Valid hexadecimal,certificate_data_length_valid:true} |
Response Structure
All API responses follow a consistent structure with the following fields:
| Field | Type | Description | Example |
|---|---|---|---|
status | string | Indicates whether the request was successful ("ok") or failed ("error") | ok |
error | string | null | Contains error message if status is "error", otherwise null | null |
data | object | null | Contains the API response data if successful, otherwise null | {...} |
Learn more about response formats →
Response Data Fields
When the request is successful, the data object contains the following fields:
| Field | Type | Sample Value | Description |
|---|---|---|---|
raw_record | string | - | |
parsed | object | - | |
â”” name | string | - | |
â”” port | number | - | |
â”” protocol | string | - | |
â”” hostname | string | - | |
â”” ttl | number | - | |
â”” class | string | - | |
â”” usage | number | - | |
â”” selector | number | - | |
â”” matching | number | - | |
â”” certificate_data | string | - | |
â”” certificate_data_length | number | - | |
interpretation | object | - | |
â”” usage | object | - | |
â”” name | string | - | |
â”” description | string | - | |
â”” full_description | string | - | |
â”” selector | object | - | |
â”” name | string | - |
Headers
Required and optional headers for DANE Record Validator API requests:
| Header Name | Required | Example Value | Description |
|---|---|---|---|
X-API-Key | required | your_api_key_here | Your APIVerve API key. Found in your dashboard under API Keys. |
Accept | optional | application/json | Specify response format: application/json (default), application/xml, or application/yaml |
User-Agent | optional | MyApp/1.0 | Identifies your application for analytics and debugging purposes |
X-Request-ID | optional | req_123456789 | Custom request identifier for tracking and debugging requests |
Cache-Control | optional | no-cache | Control caching behavior for the request and response |
GraphQL AccessALPHA
Access DANE Record Validator through GraphQL to combine it with other API calls in a single request. Query only the dane record validator data you need with precise field selection, and orchestrate complex data fetching workflows.
Credit Cost: Each API called in your GraphQL query consumes its standard credit cost.
POST https://api.apiverve.com/v1/graphqlquery {
danevalidator(
input: {
record: "_443._tcp.example.com. 86400 IN TLSA 3 1 1 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF"
}
) {
raw_record
parsed {
name
port
protocol
hostname
ttl
class
usage
selector
matching
certificate_data
certificate_data_length
}
interpretation {
usage {
name
description
full_description
}
selector {
name
description
full_description
}
matching {
name
description
full_description
}
security_level
recommendation
}
validation {
is_valid
certificate_data_format
certificate_data_length_valid
}
}
}Note: Authentication is handled via the x-api-key header in your GraphQL request, not as a query parameter.
CORS Support
The DANE Record Validator API supports Cross-Origin Resource Sharing (CORS) with wildcard configuration, allowing you to call DANE Record Validator directly from browser-based applications without proxy servers.
| CORS Header | Value | Description |
|---|---|---|
Access-Control-Allow-Origin | * | Accepts requests from any origin |
Access-Control-Allow-Methods | * | Accepts any HTTP method |
Access-Control-Allow-Headers | * | Accepts any request headers |
Browser Usage: You can call DANE Record Validator directly from JavaScript running in the browser without encountering CORS errors. No proxy server or additional configuration needed.
Rate Limiting
DANE Record Validator API requests are subject to rate limiting based on your subscription plan. These limits ensure fair usage and maintain service quality for all DANE Record Validator users.
| Plan | Rate Limit | Description |
|---|---|---|
| Free | 5 requests/min | Hard rate limit enforced - exceeding will return 429 errors |
| Starter | No Limit | Production ready - standard traffic priority |
| Pro | No Limit | Production ready - preferred traffic priority |
| Mega | No Limit | Production ready - highest traffic priority |
Learn more about rate limiting →
Rate Limit Headers
When rate limits apply, each DANE Record Validator response includes headers to help you track your usage:
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum number of requests allowed per time window |
X-RateLimit-Remaining | Number of requests remaining in the current window |
X-RateLimit-Reset | Unix timestamp when the rate limit window resets |
Handling Rate Limits
Free Plan: When you exceed your rate limit, DANE Record Validator returns a 429 Too Many Requests status code. Your application should implement appropriate backoff logic to handle this gracefully.
Paid Plans: No rate limiting or throttling applied. All paid plans (Starter, Pro, Mega) are production-ready.
Best Practices for DANE Record Validator:
- Monitor the rate limit headers to track your DANE Record Validator usage (Free plan only)
- Cache dane record validator responses where appropriate to reduce API calls
- Upgrade to Pro or Mega for guaranteed no-throttle DANE Record Validator performance
Note: DANE Record Validator rate limits are separate from credit consumption. You may have credits remaining but still hit rate limits when using DANE Record Validator on Free tier.
Error Codes
The DANE Record Validator API uses standard HTTP status codes to indicate success or failure:
| Code | Message | Description | Solution |
|---|---|---|---|
200 | OK | Request successful, data returned | No action needed - request was successful |
400 | Bad Request | Invalid request parameters or malformed request | Check required parameters and ensure values match expected formats |
401 | Unauthorized | Missing or invalid API key | Include x-api-key header with valid API key from dashboard |
403 | Forbidden | API key lacks permission or insufficient credits | Check credit balance in dashboard or upgrade plan |
429 | Too Many Requests | Rate limit exceeded (Free: 5 req/min) | Implement request throttling or upgrade to paid plan |
500 | Internal Server Error | Server error occurred | Retry request after a few seconds, contact support if persists |
503 | Service Unavailable | API temporarily unavailable | Wait and retry, check status page for maintenance updates |
Learn more about error handling →
Need help? Contact support with your X-Request-ID for assistance.
Integrate DANE Record Validator with SDKs
Get started quickly with official DANE Record Validator SDKs for your preferred language. Each library handles authentication, request formatting, and error handling automatically.
Available for Node.js, Python, C#/.NET, and Android/Java. All SDKs are open source and regularly updated.
Integrate DANE Record Validator with No-Code API Tools
Connect the DANE Record Validator API to your favorite automation platform without writing code. Build workflows that leverage dane record validator data across thousands of apps.
All platforms use your same API key to access DANE Record Validator. Visit our integrations hub for step-by-step setup guides.
Frequently Asked Questions
How do I get an API key for DANE Record Validator?
How many credits does DANE Record Validator cost?
Each successful DANE Record Validator API call consumes credits based on plan tier. Check the pricing section above for the exact credit cost. Failed requests and errors don't consume credits, so you only pay for successful dane record validator lookups.
Can I use DANE Record Validator in production?
The free plan is for testing and development only. For production use of DANE Record Validator, upgrade to a paid plan (Starter, Pro, or Mega) which includes commercial use rights, no attribution requirements, and guaranteed uptime SLAs. All paid plans are production-ready.
Can I use DANE Record Validator from a browser?
What happens if I exceed my DANE Record Validator credit limit?
When you reach your monthly credit limit, DANE Record Validator API requests will return an error until you upgrade your plan or wait for the next billing cycle. You'll receive notifications at 80% and 95% usage to give you time to upgrade if needed.
People who used this also used...
Based on your interest in DANE Record Validator, you might also like these APIs:
