Linked Zone API

https://api.gandi.net/v5/linkedzone

Gandi Linked Zone Management API

Introduction ¶

This section of our documentation describe how you can link multiple domain names to a single zone at Gandi.net through our REST API. So making a change into that zone, will acually change the zones of all linked domain names.

For managing Gandi's LiveDNS via our REST API, please refer to our LiveDNS documentation at:
https://api.gandi.net/docs/livedns/

General information on Gandi's linked zones servives can be found in our public documentation at: https://docs.gandi.net/en/domain_names/advanced_users/linked_zones.html

Domains ¶

https://api.gandi.net/v5/linkedzone/domains

All domains link to a zone.

get List domains ¶

This route returns all domains link to a zone.

Request

Query String

Required
- limit ⁠integer
  Default: 50
  Minimum: 1
  Maximal number of resource to return.
- offset ⁠integer
  Default: 0
  Minimum: 0
  The number of resource to skip.
Optional
- name ⁠string
  To search for a domain pattern. This parameter can be used more than once. You can also use special characters ? and * for pattern matching filters. ? represents a single character search and * means at least one character. For example, fo?.com will find foo.com but not foobar.com and fo*.com will find foo.com and foobar.com.
- sharing_id ⁠string
  Sharing ID. Organization ID used as a filter or as a billing identifier. See the reference.
- sort_by ⁠string
  Default: "id"
- zone_id ⁠string
  The identifier of the zone resource.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Responses

200

Headers

- X-Filtered-Count ⁠integer
  Number of resources at one page.
- X-Total-Count ⁠integer
  Total number of resources after filtering.

Body

application/json
⁠array
Of items of type:
- object
  With the following properties:
  - deployed ⁠boolean
    Default: false
    Explain whether the DNS zone has been updated on the DNS server.
  - id ⁠string
    The identifier of the domain resource.
  - name ⁠string
    A Fully Qualified Domain Name (FQDN).
  - owner ⁠string
    Entity who or which owns the domain. This entity can be a user, an organization or the client of a reseller.
  - zone ⁠object
    With the following properties:
    id ⁠string
    The identifier of the zone resource.
    name ⁠string
    Name of the record.
    status ⁠string
    One of: "BEING_DEACTIVATED", "BEING_DEPLOYED", "DEPLOYED", "NOT_DEPLOYED"
    Default: "NOT_DEPLOYED"
    Monitor the changement progress of a DNS zone for a domain.
Example:
```
[
  {
    "id": "d6208438-1ebf-4727-9e8a-166568d35855",
    "deployed": false,
    "name": "example.com",
    "owner": "065efe68-2c84-495d-be9b-82f20360293f",
    "zone": {
      "id": "50a8e8fb-765c-4533-8ed3-f222d25bdb9a",
      "name": "www",
      "status": "BEING_DEPLOYED"
    }
  },
  {
    "id": "2422145a-25ee-4e39-9239-06ab48d78726",
    "deployed": true,
    "name": "hello-world.org",
    "owner": "065efe68-2c84-495d-be9b-82f20360293f",
    "zone": {
      "id": "50a8e8fb-765c-4533-8ed3-f222d25bdb9a",
      "name": "www",
      "status": "DEPLOYED"
    }
  }
]
```

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Domain ¶

https://api.gandi.net/v5/linkedzone/domains/{domain}

A domain link to a zone.

get Domain details ¶

This route is used to find and returns informations about a domain linked to a zone.

Request

URI Parameters

- domain ⁠string
  Domain name.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Responses

200

Body

application/json
⁠object
With the following properties:
- deployed ⁠boolean
  Default: false
  Explain whether the DNS zone has been updated on the DNS server.
- id ⁠string
  The identifier of the domain resource.
- name ⁠string
  A Fully Qualified Domain Name (FQDN).
- owner ⁠string
  Entity who or which owns the domain. This entity can be a user, an organization or the client of a reseller.
- zone ⁠object
  With the following properties:
  - id ⁠string
    The identifier of the zone resource.
  - name ⁠string
    Name of the record.
  - status ⁠string
    One of: "BEING_DEACTIVATED", "BEING_DEPLOYED", "DEPLOYED", "NOT_DEPLOYED"
    Default: "NOT_DEPLOYED"
    Monitor the changement progress of a DNS zone for a domain.
Example:
```
{
  "id": "d6208438-1ebf-4727-9e8a-166568d35855",
  "deployed": false,
  "name": "example.com",
  "owner": "065efe68-2c84-495d-be9b-82f20360293f",
  "zone": {
    "id": "50a8e8fb-765c-4533-8ed3-f222d25bdb9a",
    "name": "www",
    "status": "BEING_DEPLOYED"
  }
}
```

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

404

The requested resource can not be find.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Tasks ¶

https://api.gandi.net/v5/linkedzone/tasks

All asynchronous task launched to deploy or undeploy a zone.

get List tasks ¶

This route returns tasks. A task represents the state of a zone deployment or undeployment.

Request

Query String

Required
- limit ⁠integer
  Default: 50
  Minimum: 1
  Maximal number of resource to return.
- offset ⁠integer
  Default: 0
  Minimum: 0
  The number of resource to skip.
Optional
- sort_by ⁠string
  Default: "id"

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Responses

200

Headers

- X-Filtered-Count ⁠integer
  Number of resources at one page.
- X-Total-Count ⁠integer
  Total number of resources after filtering.

Body

application/json
⁠array
Of items of type:
- object
  With the following properties:
  - created_at ⁠datetime
    The date and hour when the task has been launched.
  - id ⁠string
    The identifier of the task resource.
  - result ⁠object
    With the following properties:
    errored ⁠array
    Of items of type:
    object
    With the following properties:
    domain ⁠string
    An error occurred during the task.
    message ⁠string
    Explain the error.
    type ⁠string
    One of: "DATABASE_ERROR", "DOMAIN_EXISTS", "DOMAIN_NOT_EXIST", "DOMAIN_PERMISSION", "DOMAIN_STATUS_ERROR", "DNS_PERMISSION", "NOT_LIVEDNS", "ZONE_BEING_DEPLOYED"
    Possible errors which could occurred.
    succeeded ⁠array[ string ]
    The task which changed the DNS zone of these domains succeeded.
  - status ⁠string
    One of: "FINISHED", "PENDING"
    State of the task.
  - type ⁠string
    One of: "DEACTIVATE_ZONE", "DEPLOY_ZONE"
    Name of the task type.
  - zone_id ⁠string
    The identifier of the zone resource.
  Optional
  - ending_at ⁠datetime
    The date and hour when the task ended.
  - updated_at ⁠datetime
    The date and hour when occurred the last state task update.
Example:
```
[
  {
    "id": "055152cc-a258-48d4-b395-ddad6517d0b5",
    "zone_id": "50a8e8fb-765c-4533-8ed3-f222d25bdb9a",
    "type": "DEACTIVATE_ZONE",
    "status": "PENDING",
    "created_at": "2025-04-01T08:01:47.589312+00:00",
    "updated_at": "2025-04-01T08:03:04.474962+00:00",
    "result": {
      "succeeded": [],
      "errored": [
        {
          "domain": "example.com",
          "type": "ZONE_BEING_DEPLOYED",
          "message": "You cannot remove a domain on a zone under deployment"
        }
      ]
    }
  }
]
```

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Task ¶

https://api.gandi.net/v5/linkedzone/tasks/{task_id}

An asynchronous task launched to deploy or undeploy a zone.

get Task details ¶

This route returns a task. A task represents the state of a zone deployment or undeployment.

Request

URI Parameters

- task_id ⁠string

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Responses

200

Body

application/json
⁠object
With the following properties:
- created_at ⁠datetime
  The date and hour when the task has been launched.
- id ⁠string
  The identifier of the task resource.
- result ⁠object
  With the following properties:
  - errored ⁠array
    Of items of type:
    object
    With the following properties:
    domain ⁠string
    An error occurred during the task.
    message ⁠string
    Explain the error.
    type ⁠string
    One of: "DATABASE_ERROR", "DOMAIN_EXISTS", "DOMAIN_NOT_EXIST", "DOMAIN_PERMISSION", "DOMAIN_STATUS_ERROR", "DNS_PERMISSION", "NOT_LIVEDNS", "ZONE_BEING_DEPLOYED"
    Possible errors which could occurred.
  - succeeded ⁠array[ string ]
    The task which changed the DNS zone of these domains succeeded.
- status ⁠string
  One of: "FINISHED", "PENDING"
  State of the task.
- type ⁠string
  One of: "DEACTIVATE_ZONE", "DEPLOY_ZONE"
  Name of the task type.
- zone_id ⁠string
  The identifier of the zone resource.
Optional
- ending_at ⁠datetime
  The date and hour when the task ended.
- updated_at ⁠datetime
  The date and hour when occurred the last state task update.
Example:
```
{
  "id": "055152cc-a258-48d4-b395-ddad6517d0b5",
  "zone_id": "50a8e8fb-765c-4533-8ed3-f222d25bdb9a",
  "type": "DEACTIVATE_ZONE",
  "status": "PENDING",
  "created_at": "2025-04-01T08:01:47.589312+00:00",
  "updated_at": "2025-04-01T08:03:04.474962+00:00",
  "result": {
    "succeeded": [],
    "errored": [
      {
        "domain": "example.com",
        "type": "ZONE_BEING_DEPLOYED",
        "message": "You cannot remove a domain on a zone under deployment"
      }
    ]
  }
}
```

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

404

The requested resource can not be find.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Unlink domains ¶

https://api.gandi.net/v5/linkedzone/unlink/domains

patch Unlink domains from a linked zone ¶

This route is used to unlink domains from a linked zone. Then it returns a list of the domains successfully unlinked, and a second list of domains that could not be unlinked.

Request

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Body

application/json
⁠object
With the following properties:
Required
- domains ⁠array[ string ]
Example:
```
{
  "domains": [
    "hello-world.org",
    "example.com"
  ]
}
```

Responses

200

Body

application/json
⁠object
With the following properties:
- errored ⁠array
  Of items of type:
  - object
    With the following properties:
    domain ⁠string
    An error occurred during the task.
    message ⁠string
    Explain the error.
    type ⁠string
    One of: "DATABASE_ERROR", "DOMAIN_NOT_EXIST", "DOMAIN_PERMISSION", "DOMAIN_STATUS_ERROR", "DNS_PERMISSION", "ZONE_BEING_DEPLOYED"
    Possible errors which could occurred.
- succeeded ⁠array[ string ]
  Domains which has been correctly detached from a zone.
Example:
```
{
  "succeeded": [
    "hello-world.org"
  ],
  "errored": [
    {
      "domain": "example.com",
      "type": "ZONE_BEING_DEPLOYED",
      "message": "You cannot remove a domain on a zone under deployment"
    }
  ]
}
```

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Linked zones managament ¶

https://api.gandi.net/v5/linkedzone/zones

List or create linked zones.

get List linked zones ¶

This route returns all zones already linked or not yet linked.

Request

Query String

Required
- limit ⁠integer
  Default: 50
  Minimum: 1
  Maximal number of resource to return.
- offset ⁠integer
  Default: 0
  Minimum: 0
  The number of resource to skip.
Optional
- sharing_id ⁠string
  Sharing ID. Organization ID used as a filter or as a billing identifier. See the reference.
- sort_by ⁠string
  Default: "id"

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Responses

200

Headers

- X-Filtered-Count ⁠integer
  Number of resources at one page.
- X-Total-Count ⁠integer
  Total number of resources after filtering.

Body

application/json
⁠array
Of items of type:
- object
  With the following properties:
  - created_at ⁠datetime
    The date and hour when the zone resource has been created.
  - default_records ⁠boolean
    Apply default values for DNS settings. This default records are applied when a new zone is created.
  - domain_count ⁠integer
    The number of domains linked to the zone.
  - id ⁠string
    The identifier of the zone resource.
  - name ⁠string
    Name of the record.
  - sharing_space ⁠object
    With the following properties:
    id ⁠string
    Identifier of the linked-zone entity resource.
    name ⁠string
    Name of the linked-zone entity resource.
  - status ⁠string
    One of: "BEING_DEACTIVATED", "BEING_DEPLOYED", "DEPLOYED", "NOT_DEPLOYED"
    Default: "NOT_DEPLOYED"
    Monitor the changement progress of a DNS zone for a domain.
  Optional
  - record_text ⁠string
    A text representation of the DNS zone file described in the RFC 1035.
  - records ⁠array
    Of items of type:
    object
    With the following properties:
    name ⁠string
    Name of the record
    ttl ⁠integer
    Minimum: 300
    Maximum: 2592000
    The time in seconds that DNS resolvers should cache this record.
    type ⁠string
    One of: "A", "AAAA", "ALIAS", "CAA", "CDS", "CNAME", "DNAME", "DS", "HTTPS", "KEY", "LOC", "MX", "NAPTR", "NS", "OPENPGPKEY", "PTR", "RP", "SOA", "SPF", "SRV", "SSHFP", "SVCB", "TLSA", "TXT", "WKS"
    Type of the record
    values ⁠array
    Resource record set values of a DNS zone.
    Of items of type:
    string
    Maximum length: 16384
    Pattern: ^[\x20-\x7E]+$
  - updated_at ⁠datetime
    The date and hour when occurred the last resource zone update.
Example:
```
[
  {
    "id": "50a8e8fb-765c-4533-8ed3-f222d25bdb9a",
    "name": "www",
    "status": "DEPLOYED",
    "default_records": false,
    "created_at": "2025-04-04T14:35:57.525313+00:00",
    "domain_count": 2,
    "sharing_space": {
      "id": "dff4caf7-c319-42fd-a055-3932933f662f",
      "name": "Front desk zone"
    },
    "record_text": "abc 3600 IN A 1.2.3.5\ndef 3600 IN A 1.2.3.5\nghi 300 IN TXT tutu"
  }
]
```

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

post Create a zone ¶

This route creates a zone.

Request

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Body

application/json
⁠object
With the following properties:
Required
- name ⁠string
  Name of a zone.
Optional
- default_records ⁠boolean
  Default: false
- record_list ⁠array
  Of items of type:
  - object
    With the following properties:
    Required
    name ⁠string
    Name of the record
    ttl ⁠integer
    Minimum: 300
    Maximum: 2592000
    The time in seconds that DNS resolvers should cache this record.
    type ⁠string
    One of: "A", "AAAA", "ALIAS", "CAA", "CDS", "CNAME", "DNAME", "DS", "HTTPS", "KEY", "LOC", "MX", "NAPTR", "NS", "OPENPGPKEY", "PTR", "RP", "SOA", "SPF", "SRV", "SSHFP", "SVCB", "TLSA", "TXT", "WKS"
    Type of the record
    values ⁠array
    Resource record set values of a DNS zone.
    Of items of type:
    string
    Maximum length: 16384
    Pattern: ^[\x20-\x7E]+$
- record_text ⁠string
  A text representation of the DNS zone file described in the RFC 1035.
Example:
```
{
  "name": "Dead Zone",
  "default_records": false,
  "record_text": "abc 3600 IN A 1.2.3.5\ndef 3600 IN A 1.2.3.5\nghi 300 IN TXT tutu"
}
```

Responses

201

Headers

- Location ⁠string
  URI of the created zone resource.

Body

application/json
⁠object
With the following properties:
- message ⁠string
  A success message sent after creating a zone.
Example:
```
{
  "message": "Zone created"
}
```

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Linked zone actions ¶

https://api.gandi.net/v5/linkedzone/zones/{zone_id}

Manage existing linked zones.

get Linked zone details ¶

This route returns a zone already linked or not yet linked.

Request

URI Parameters

- zone_id ⁠string

Query String

Optional
- sharing_id ⁠string
  Sharing ID. Organization ID used as a filter or as a billing identifier. See the reference.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Responses

200

Body

application/json
⁠object
With the following properties:
- created_at ⁠datetime
  The date and hour when the zone resource has been created.
- default_records ⁠boolean
  Apply default values for DNS settings. This default records are applied when a new zone is created.
- domain_count ⁠integer
  The number of domains linked to the zone.
- id ⁠string
  The identifier of the zone resource.
- name ⁠string
  Name of the record.
- sharing_space ⁠object
  With the following properties:
  - id ⁠string
    Identifier of the linked-zone entity resource.
  - name ⁠string
    Name of the linked-zone entity resource.
- status ⁠string
  One of: "BEING_DEACTIVATED", "BEING_DEPLOYED", "DEPLOYED", "NOT_DEPLOYED"
  Default: "NOT_DEPLOYED"
  Monitor the changement progress of a DNS zone for a domain.
Optional
- record_text ⁠string
  A text representation of the DNS zone file described in the RFC 1035.
- records ⁠array
  Of items of type:
  - object
    With the following properties:
    name ⁠string
    Name of the record
    ttl ⁠integer
    Minimum: 300
    Maximum: 2592000
    The time in seconds that DNS resolvers should cache this record.
    type ⁠string
    One of: "A", "AAAA", "ALIAS", "CAA", "CDS", "CNAME", "DNAME", "DS", "HTTPS", "KEY", "LOC", "MX", "NAPTR", "NS", "OPENPGPKEY", "PTR", "RP", "SOA", "SPF", "SRV", "SSHFP", "SVCB", "TLSA", "TXT", "WKS"
    Type of the record
    values ⁠array
    Resource record set values of a DNS zone.
    Of items of type:
    string
    Maximum length: 16384
    Pattern: ^[\x20-\x7E]+$
- updated_at ⁠datetime
  The date and hour when occurred the last resource zone update.
Example:
```
{
  "id": "50a8e8fb-765c-4533-8ed3-f222d25bdb9a",
  "name": "www",
  "status": "DEPLOYED",
  "default_records": false,
  "created_at": "2025-04-04T14:35:57.525313+00:00",
  "domain_count": 2,
  "sharing_space": {
    "id": "dff4caf7-c319-42fd-a055-3932933f662f",
    "name": "Front desk zone"
  },
  "record_text": "abc 3600 IN A 1.2.3.5\ndef 3600 IN A 1.2.3.5\nghi 300 IN TXT tutu"
}
```

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

404

The requested resource can not be find.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

post Deploy or undeploy a zone ¶

This route deploy or undeploy a linked zone.

Request

URI Parameters

- zone_id ⁠string

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Body

application/json
⁠object
With the following properties:
Required
- deploy ⁠boolean
  Deploy or deactivate the specified zone.
Example:
```
{
  "deploy": true
}
```

Responses

202

Headers

- Location ⁠string
  URI of the task resource.

Body

application/json
⁠object
With the following properties:
- message ⁠string
  A success message sent after deploying or deactivating a zone.
Example:
```
{
  "message": "Zone deployment is in progress"
}
```

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

404

The requested resource can not be find.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

409

The specified zone is already deployed.
The specified zone is not deplyed.
The zone has no domain to deploy.
A deployment or a deactivation is already in progress.

Body

application/json
⁠object
With the following properties:
- message ⁠string
Example:
```
{
  "message": "zone Dead Zone is already deployed."
}
```

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

patch Update a linked zone ¶

This route update a linked zone.

Request

URI Parameters

- zone_id ⁠string

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Body

application/json
⁠object
With the following properties:
Optional
- default_records ⁠boolean
  Apply default values for DNS settings. This default records are applied when a new zone is created.
- name ⁠string
  Name of a zone.
- record_list ⁠array
  Of items of type:
  - object
    With the following properties:
    Required
    name ⁠string
    Name of the record
    ttl ⁠integer
    Minimum: 300
    Maximum: 2592000
    The time in seconds that DNS resolvers should cache this record.
    type ⁠string
    One of: "A", "AAAA", "ALIAS", "CAA", "CDS", "CNAME", "DNAME", "DS", "HTTPS", "KEY", "LOC", "MX", "NAPTR", "NS", "OPENPGPKEY", "PTR", "RP", "SOA", "SPF", "SRV", "SSHFP", "SVCB", "TLSA", "TXT", "WKS"
    Type of the record
    values ⁠array
    Resource record set values of a DNS zone.
    Of items of type:
    string
    Maximum length: 16384
    Pattern: ^[\x20-\x7E]+$
- record_text ⁠string
  A text representation of the DNS zone file described in the RFC 1035.
Example:
```
{
  "name": "Quarantine Zone"
}
```

Responses

200

Body

application/json
⁠object
With the following properties:
- message ⁠string
  A success message sent after updating a zone.
Example:
```
{
  "message": "Zone updated"
}
```

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

404

The requested resource can not be find.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

delete Delete a linked zone ¶

This route delete a linked zone.

Request

URI Parameters

- zone_id ⁠string

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Responses

204

The request has succeeded but does not need to return a response.

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

404

The requested resource can not be find.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Link domains to a zone ¶

https://api.gandi.net/v5/linkedzone/zones/{zone_id}/link/domains

Link domains to the specified zone.

patch Link domains to a specific zone ¶

This route links the provided domains to a specified linked zone, and returns the list of domains successfully linked and a second list of domains that could not be linked.

Request

URI Parameters

- zone_id ⁠string

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Body

application/json
⁠object
With the following properties:
Required
- domains ⁠array[ string ]
Example:
```
{
  "domains": [
    "hello-world.org",
    "example.com"
  ]
}
```

Responses

200

Body

application/json
⁠object
With the following properties:
- errored ⁠array
  Of items of type:
  - object
    With the following properties:
    domain ⁠string
    An error occurred during the task.
    message ⁠string
    Explain the error.
    type ⁠string
    One of: "DATABASE_ERROR", "DNS_PERMISSION", "DOMAIN_EXISTS", "DOMAIN_NOT_EXIST", "DOMAIN_PERMISSION", "DOMAIN_STATUS_ERROR", "NOT_LIVEDNS", "ZONE_BEING_DEPLOYED"
    Possible errors which could occurred.
- succeeded ⁠array[ string ]
  Domains which has been correctly attached to a zone.
Example:
```
{
  "succeeded": [
    "hello-world.org"
  ],
  "errored": [
    {
      "domain": "example.com",
      "type": "ZONE_BEING_DEPLOYED",
      "message": "You cannot remove a domain on a zone under deployment"
    }
  ]
}
```

403

Access to the resource is denied. Mainly due to a lack of permissions to access it.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

404

The requested resource can not be find.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

401

Bad authentication attempt because of a wrong API Key.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

403

In case the bearer token has expired, does not have enought permission or does not exists.

Body

application/json
⁠object
With the following properties:
- cause ⁠string
- code ⁠integer
- message ⁠string
- object ⁠string

Secured by

Http Authorization Scheme

This authentication scheme allows you to pass your Personal Access Token and be granted access to permissions and resources scoped by this token.

Tokens are created in the Organization Tab of the Gandi Admin application, choose the organization the token will have access too. Then go to the sharing tab, and click on "Create a token" button.

The authentication scheme Apikey allows also you to pass your Gandi API Key, but has been deprecated.

Headers

Required
- Authorization ⁠string
  The Authorization header must start with Bearer for access token, or Apikey depending of the authentication scheme. Apikey is deprecated and be replaced by personal access token.
  Example: Bearer pat_abc-123
  Example: Apikey your-api-key

Linked Zone API

Introduction ¶

Domains ¶

get List domains ¶

Request

Query String

Required

Optional

Headers

Required

Responses

200

Headers

Body

application/json

403

Body

application/json

401

Body

application/json

403

Body

application/json

Secured by

Http Authorization Scheme

Headers

Required

Examples

Domain ¶

get Domain details ¶

Request

URI Parameters

Headers

Required

Responses

200

Body

application/json

403

Body

application/json

404

Body

application/json

401

Body

application/json

403

Body

application/json

Secured by

Http Authorization Scheme

Headers

Required

Examples

Tasks ¶

get List tasks ¶

Request

Query String

Required

Optional

Headers

Required

Responses

200

Headers

Body

application/json

Optional

403

Body

application/json

401

Body

application/json

403

Body

application/json

Secured by