With Entri Power, you can enable support for custom domains in just minutes.
Users care about a fully customizable product experience. That’s where custom domains come in.
Domain-connected users become fully integrated with your product, resulting in better retention, and a better customer experience for their end users.
Before you can use Entri Power, you’ll need to provide some basic information on the Entri dashboard and set up your DNS records accordingly.
Log into the Entri Dashboard, navigate to the configure section, and enter your company’s desired cname_target
.
The cname_target
is the CNAME record that your end-users will eventually need to add. For example: domains.saascompany.com
After inputting the cname_target
on the Entri dashboard, you’ll need to create a CNAME record that points your cname_target
to power.goentri.com
on your domain’s DNS.
For example, if you run saascompany.com
and your cname_target
is domains.saascompany.com
, then you would add this record to the DNS for saascompany.com
:
After this DNS record is added, you are ready to offer custom domains to your customers!
After you’ve configured your account, there are two methods of adding a new custom domain: utilizing the Entri modal, or making a direct API request.
Please note that you’ll need an active subscription to Entri Connect to use the Entri modal method. For questions about this, contact your account manager.
For more information about configuring the Entri modal, see: Create the configuration object.
To power a custom domain via the Entri Modal, you will need to make 2 additions to the standard configuration object for the Entri Modal.
power
and set it to true
.applicationUrl
. The applicationUrl
is the URL of your application that you would like to render on the customer’s domain. This will likely change for every user. For example, the applicationUrl
for a calendar booking app might look something like this: https://calenderapp.com/meetings/user-name
For powering a root domain, you just need to add an A record to the dnsRecords
array, and the value
as the {ENTRI_SERVERS}
placeholder. Make sure to also add your target application destination as the applicationUrl
key value. Entri will take care of the rest.
If you are prompting users to enter a domain in the Entri modal, make sure that you use dynamic configuration variables.
Sample configuration:
When powering a subdomain, you just need to add a CNAME record to the dnsRecords
array. Be sure that the value
is set to {CNAME_TARGET}
. If you are prompting users to enter a domain in the Entri modal, make sure that you use dynamic configuration variables.
Sample configuration:
SSL Provisioned by Default Entri Power will automatically provision an SSL certificate so there is no need to also set up Entri Secure when using Power
You can also add a custom domain without using the Entri modal in just 2 steps:
To power a domain without displaying the Entri modal, you first need to make a GET
request to our API which confirms that the domain you want to power contains a CNAME record pointing to your cname_target
.
Use the following information for the GET
Request:
<https://api.goentri.com/power
>Authorization
header: The authorization JWT. You can Fetch your JWT using your Client Secret set in the configure section of the Entri Dashboard.applicationId
header: Your applicationId
can be found in the configure section of the Entri Dashboard.domain
in the GET
request body. domain
can be a root domain or a subdomain such as **www.**domain.com or site.domain.com.curl
:If the domain contains the required cname_target
, then our API will return "eligible": true
. If it does not contain cname_target
, then our API will return "eligible": false
. If it does not contain cname_target
and/or it already is an Entri-powered domain, then our API will return “eligible”: false
The rootDomain=true
parameter is used for whenever you are trying get the root domain’s Power status (not the subdomain).
Domain is eligible for Power:
Domain has been already Powered:
Domain is ineligible for Power because CNAME record not been set up:
If your GET
request returned "eligible": true
then you can proceed to the next step below.
Important Warning Do NOT proceed with making a POST
request in Step 2
(below) unless the domain returned "eligible": true
in theGET
request from
Step 1. Otherwise, the POST
request will be denied.
After you have confirmed that your customer has added your cname_target
and therefore is eligible for Power, you can proceed with enabling the domain via a POST
request to our endpoint as detailed below:
<https://api.goentri.com/power
>Authorization
header: The authorization JWT. You can Fetch your JWT using your Client Secret set in the configure section of the Entri Dashboard.applicationId
header: Your applicationId
can be found in the configure section of the Entri Dashboard.domain
and the applicationUrl
in the POST
body. domain
must contain a subdomain such as **www.**domain.com or site.domain.comExample using curl
:
Entri Power provides a method for granting access to the root of the Application URL for specific paths. This feature is particularly beneficial for applications that need to share static files like JS, CSS, or image files among their customers. By utilizing the RPA functionality, the URLs of these files are automatically excluded from being rewritten.
To enable RPA, you simply need to add an array of paths (strings) assigned to the powerRootPathAccess
key in the Entri Power configuration. Below, you’ll find a sample configuration for each use case, modal, and API setup:
As part of the SSL provisioning process, all incoming traffic will have specific headers appended to each request. These headers provide additional context about the original request, including information about the host and IP address. The following headers will be added automatically to every incoming request:
X-Forwarded-Host: This header contains the original Host
value of the incoming request before any proxy or load balancer has modified it. It helps in identifying the initial destination for the request.
x-entri-forwarded-host: Similar to X-Forwarded-Host
, this is a custom header used by Entri to track the original host at the time the request was forwarded through Entri’s system.
X-Forwarded-IP: This header contains the original IP address of the client making the request. It is useful for understanding where the request originated from, even if it passed through proxies or load balancers.
These headers ensure that downstream services can access critical metadata about the request, facilitating better logging, security, and handling of the requests in your system.
To update a domain’s applicationUrl
, make a PUT
request to our API using the following information:
<https://api.goentri.com/power
>Authorization
header: The authorization JWT. You can Fetch your JWT using your Client Secret set in the configure section of the Entri Dashboard.applicationId
header: Your applicationId
can be found in the configure section of the Entri Dashboard.domain
, the new applicationUrl
, and optionally the in the new powerRootPathAccess
whitelisted paths on the PUT
request body. domain
must contain a subdomain such as **www.**domain.com or site.domain.comExample using curl
To remove a domain, make a DELETE
request to our API using the following information:
<https://api.goentri.com/power
>Authorization
header: The authorization JWT. You can Fetch your JWT using your Client Secret set in the configure section of the Entri Dashboard.applicationId
header: Your applicationId
can be found in the configure section of the Entri Dashboard.domain
in the DELETE
request body. domain
must contain a subdomain such as **www.**domain.com or site.domain.comExample using curl
How does Entri Power work?
Entri uses a reverse proxy with SSL termination. To illustrate the flow of data:
applicationUrl
Why should you trust Entri as a reverse proxy?
Entri Secure uses Amazon Web Services with multi-region architecture to avoid single points of failure and minimize latency. We also leverage advanced distributed denial of service (DDOS) protection.
You can view Entri’s uptime history on our status page.
What certificate authority does Entri use?
Entri is proud to use Let’s Encrypt SSL certificates.
How long on average does it take for an SSL certificate to go live?
On average, between 3-7 seconds.
Can I use Entri Power with Cloudflare?
Yes you can.
How many times can I provision the same domain?
You can re-power the same domain a maximum amount of 5 times during a 24 hours period.
With Entri Power, you can enable support for custom domains in just minutes.
Users care about a fully customizable product experience. That’s where custom domains come in.
Domain-connected users become fully integrated with your product, resulting in better retention, and a better customer experience for their end users.
Before you can use Entri Power, you’ll need to provide some basic information on the Entri dashboard and set up your DNS records accordingly.
Log into the Entri Dashboard, navigate to the configure section, and enter your company’s desired cname_target
.
The cname_target
is the CNAME record that your end-users will eventually need to add. For example: domains.saascompany.com
After inputting the cname_target
on the Entri dashboard, you’ll need to create a CNAME record that points your cname_target
to power.goentri.com
on your domain’s DNS.
For example, if you run saascompany.com
and your cname_target
is domains.saascompany.com
, then you would add this record to the DNS for saascompany.com
:
After this DNS record is added, you are ready to offer custom domains to your customers!
After you’ve configured your account, there are two methods of adding a new custom domain: utilizing the Entri modal, or making a direct API request.
Please note that you’ll need an active subscription to Entri Connect to use the Entri modal method. For questions about this, contact your account manager.
For more information about configuring the Entri modal, see: Create the configuration object.
To power a custom domain via the Entri Modal, you will need to make 2 additions to the standard configuration object for the Entri Modal.
power
and set it to true
.applicationUrl
. The applicationUrl
is the URL of your application that you would like to render on the customer’s domain. This will likely change for every user. For example, the applicationUrl
for a calendar booking app might look something like this: https://calenderapp.com/meetings/user-name
For powering a root domain, you just need to add an A record to the dnsRecords
array, and the value
as the {ENTRI_SERVERS}
placeholder. Make sure to also add your target application destination as the applicationUrl
key value. Entri will take care of the rest.
If you are prompting users to enter a domain in the Entri modal, make sure that you use dynamic configuration variables.
Sample configuration:
When powering a subdomain, you just need to add a CNAME record to the dnsRecords
array. Be sure that the value
is set to {CNAME_TARGET}
. If you are prompting users to enter a domain in the Entri modal, make sure that you use dynamic configuration variables.
Sample configuration:
SSL Provisioned by Default Entri Power will automatically provision an SSL certificate so there is no need to also set up Entri Secure when using Power
You can also add a custom domain without using the Entri modal in just 2 steps:
To power a domain without displaying the Entri modal, you first need to make a GET
request to our API which confirms that the domain you want to power contains a CNAME record pointing to your cname_target
.
Use the following information for the GET
Request:
<https://api.goentri.com/power
>Authorization
header: The authorization JWT. You can Fetch your JWT using your Client Secret set in the configure section of the Entri Dashboard.applicationId
header: Your applicationId
can be found in the configure section of the Entri Dashboard.domain
in the GET
request body. domain
can be a root domain or a subdomain such as **www.**domain.com or site.domain.com.curl
:If the domain contains the required cname_target
, then our API will return "eligible": true
. If it does not contain cname_target
, then our API will return "eligible": false
. If it does not contain cname_target
and/or it already is an Entri-powered domain, then our API will return “eligible”: false
The rootDomain=true
parameter is used for whenever you are trying get the root domain’s Power status (not the subdomain).
Domain is eligible for Power:
Domain has been already Powered:
Domain is ineligible for Power because CNAME record not been set up:
If your GET
request returned "eligible": true
then you can proceed to the next step below.
Important Warning Do NOT proceed with making a POST
request in Step 2
(below) unless the domain returned "eligible": true
in theGET
request from
Step 1. Otherwise, the POST
request will be denied.
After you have confirmed that your customer has added your cname_target
and therefore is eligible for Power, you can proceed with enabling the domain via a POST
request to our endpoint as detailed below:
<https://api.goentri.com/power
>Authorization
header: The authorization JWT. You can Fetch your JWT using your Client Secret set in the configure section of the Entri Dashboard.applicationId
header: Your applicationId
can be found in the configure section of the Entri Dashboard.domain
and the applicationUrl
in the POST
body. domain
must contain a subdomain such as **www.**domain.com or site.domain.comExample using curl
:
Entri Power provides a method for granting access to the root of the Application URL for specific paths. This feature is particularly beneficial for applications that need to share static files like JS, CSS, or image files among their customers. By utilizing the RPA functionality, the URLs of these files are automatically excluded from being rewritten.
To enable RPA, you simply need to add an array of paths (strings) assigned to the powerRootPathAccess
key in the Entri Power configuration. Below, you’ll find a sample configuration for each use case, modal, and API setup:
As part of the SSL provisioning process, all incoming traffic will have specific headers appended to each request. These headers provide additional context about the original request, including information about the host and IP address. The following headers will be added automatically to every incoming request:
X-Forwarded-Host: This header contains the original Host
value of the incoming request before any proxy or load balancer has modified it. It helps in identifying the initial destination for the request.
x-entri-forwarded-host: Similar to X-Forwarded-Host
, this is a custom header used by Entri to track the original host at the time the request was forwarded through Entri’s system.
X-Forwarded-IP: This header contains the original IP address of the client making the request. It is useful for understanding where the request originated from, even if it passed through proxies or load balancers.
These headers ensure that downstream services can access critical metadata about the request, facilitating better logging, security, and handling of the requests in your system.
To update a domain’s applicationUrl
, make a PUT
request to our API using the following information:
<https://api.goentri.com/power
>Authorization
header: The authorization JWT. You can Fetch your JWT using your Client Secret set in the configure section of the Entri Dashboard.applicationId
header: Your applicationId
can be found in the configure section of the Entri Dashboard.domain
, the new applicationUrl
, and optionally the in the new powerRootPathAccess
whitelisted paths on the PUT
request body. domain
must contain a subdomain such as **www.**domain.com or site.domain.comExample using curl
To remove a domain, make a DELETE
request to our API using the following information:
<https://api.goentri.com/power
>Authorization
header: The authorization JWT. You can Fetch your JWT using your Client Secret set in the configure section of the Entri Dashboard.applicationId
header: Your applicationId
can be found in the configure section of the Entri Dashboard.domain
in the DELETE
request body. domain
must contain a subdomain such as **www.**domain.com or site.domain.comExample using curl
How does Entri Power work?
Entri uses a reverse proxy with SSL termination. To illustrate the flow of data:
applicationUrl
Why should you trust Entri as a reverse proxy?
Entri Secure uses Amazon Web Services with multi-region architecture to avoid single points of failure and minimize latency. We also leverage advanced distributed denial of service (DDOS) protection.
You can view Entri’s uptime history on our status page.
What certificate authority does Entri use?
Entri is proud to use Let’s Encrypt SSL certificates.
How long on average does it take for an SSL certificate to go live?
On average, between 3-7 seconds.
Can I use Entri Power with Cloudflare?
Yes you can.
How many times can I provision the same domain?
You can re-power the same domain a maximum amount of 5 times during a 24 hours period.