Available Starting at the Premium Tier

To notify your backend about the status of a domain connected or sold, Entri uses webhooks. You can enter a URL into the Entri dashboard that webhooks will be sent to.

Here’s an example of the webhook data Entri sends when a domain has just been added by a user:

  "id": "1234567890-abcdefg-1234567890",
  "user_id": "your-provided-user-id",
  "domain": "example.com",
  "subdomain": "shop",
  "type": "domain.added", // domain.purchased | domain.added | domain.propagation.timeout
  "propagation_status": "pending", //pending | success | failure
  "dkim_status": "success", //pending | success | failure
  "redirection_status": "exempt", //pending | success | failure
  "setup_type": "automatic", // automatic | manual
  "secure_status": "success", //pending | success | failure //Only for Entri Secure usage
  "power_status" : "success", //pending | success | failure //Only for Entri Power usage
  "dmarc_updated": "exempt", //true | false | exempt //Related to the validateDmarc feature
  "cname_target": "my.saascompany.com", //Only for Entri Power and Secure usage
  "purchased_domains": ["domain1.com","domain2.com","domainN.com"], //Only for Entri Sell usage
  "free_domain": true, // true | false //  Only for Entri Sell free domain flows
  "data": {
    "records_propagated": [
        "type": "A",
        "host": "smallbusiness.com",
        "value": "",
        "applicationUrl": "www.example.com", // Optional Entri power only
        "powerRootPathAccess" : ["path1",...,"pathN"] //Optional Entri power only
        "type": "CNAME",
        "host": "www",
        "value": "smallbusiness.com"
    "records_non_propagated": []

For full documentation on the data in a webhook, see the API Reference.

Other Notes:

  • Subsequent webhook updates that contain any updates will include what objects were updated. For example:
  "id": "1234567890-abcdefg-1234567890",
  "propagation_status": "success",
  "updated_objects": ["propagation_status"],
  • If the records are not fully propagated upon the first check, Entri checks again in 1 minute, then 2 minutes, then 4 minutes, etc (exponential backoff). If after 72 hours the records are not fully propagated, then a webhook will be sent with "type": "domain.timeout".
  • dkim_status will be set to exempt if the user does not use Google or Microsoft email providers and/or if the Enable support for DKIM setting is turned off for your applicationId

Webhook Signatures

This is an optional security measure that we highly suggest all our customers take to ensure secure communication.

Payload id signature (recommended)

Entri will concatenate the Id value and the secret token registered in the dashboard, and then hash the resulting concatenated string using the well-known hashing algorithm SHA-256. We include this hashed value in the Entri-Signature header of the webhook request. For example:


To verify the authenticity of the request, you can hash the received Id with the SHA-256 algorithm and sign with the same secret provided in the dashboard.

Afterward, you can compare the calculated hash with the incoming hash in the Entri-Signature request header. If the two hashes match, that ensures that the payload hasn’t been tampered with. Otherwise, you should reject the incoming payload.