Available Starting at the Premium Tier

To notify your backend about the status of a domain connected or sold, Entri uses webhooks. You can enter a URL into the Entri dashboard that webhooks will be sent to.

Here's an example of the webhook data Entri sends when a domain has just been added by a user:

  "id": "1234567890-abcdefg-1234567890",
  "user_id": "your-provided-user-id",
  "domain": "example.com",
  "type": "domain.added",
  "propagation_status": "pending",
  "dkim_status": "success",
  "redirection_status": "exempt",
  "ssl_status": "success",
  "data": {
    "records_propagated": [
        "type": "A",
        "host": "smallbusiness.com",
        "value": ""
        "type": "CNAME",
        "host": "www",
        "value": "smallbusiness.com"
    "records_non_propagated": []

For full documentation on the data in a webhook, see the API Reference.

Other Notes:

  • Subsequent webhook updates that contain any updates will include what objects were updated. For example:
  "id": "1234567890-abcdefg-1234567890",
  "propagation_status": "success",
  "updated_objects": ["propagation_status"],
  • If the records are not fully propagated upon the first check, Entri checks again in 1 minute, then 2 minutes, then 4 minutes, etc (exponential backoff). If after 72 hours the records are not fully propagated, then a webhook will be sent with "type": "domain.timeout".
  • dkim_status will be set to exempt if the user does not use Google or Microsoft email providers and/or if the Enable support for DKIM setting is turned off for your applicationId

Webhook Signatures

This is an optional security measure that we highly suggest all our customers take to ensure secure communication.

Entri will hash the webhook payload with the well-known hashing algorithm SHA-256. The secret token registered in the dashboard is going to be used to sign the calculated hash. We include the payload hash in the header of the webhook request.

For example:

To verify the authenticity of the request, you can hash the received payload with the SHA-256 algorithm and sign with the same secret provided in the dashboard.

Afterward, you can compare the calculated hash with the incoming hash in the request header. If the two hashes match, that ensures that the payload hasn't been tampered with. Otherwise, you should reject the incoming payload.