Scopes
API scopes control what actions a token can perform in the Domain Chief API. Scopes are assigned when creating an Access Token. For a general overview of how scopes work, see the scopes documentation page.
Available Scopes
Full Access
| Scope | Description |
|---|---|
domainchief | Full access to all Domain Chief API endpoints |
Broad Scopes
| Scope | Description |
|---|---|
domainchief:read | Read-only access to all resources |
domainchief:write | Read and write access to all resources (does not include register or transfer) |
Domain Scopes
| Scope | Description |
|---|---|
domainchief:domains | Full access to all domain operations |
domainchief:domains:read | List and view domains |
domainchief:domains:read:availability | Check domain availability only |
domainchief:domains:write | Update domain settings |
domainchief:domains:register | Register and transfer domains |
domainchief:domains:transfer | View and send auth codes, initiate push transfers |
domainchief:domains:register is separate from domainchief:domains:write because registration incurs charges. Use the parent scope domainchief:domains to grant both.
Contact Scopes
| Scope | Description |
|---|---|
domainchief:contacts:read | List and view contacts |
domainchief:contacts:write | Create, update, and delete contacts |
DNS Scopes
| Scope | Description |
|---|---|
domainchief:dns:read | List and view DNS records |
domainchief:dns:write | Create, update, delete, clear, and reset DNS records |
Redirect Scopes
| Scope | Description |
|---|---|
domainchief:redirects_web:read | List and view web redirects |
domainchief:redirects_web:write | Create, update, and delete web redirects |
domainchief:redirects_mail:read | List and view mail redirects |
domainchief:redirects_mail:write | Create, update, and delete mail redirects |
Other Scopes
| Scope | Description |
|---|---|
domainchief:tlds:read | List and view available TLDs and pricing |
domainchief:activity:read | View domain activity logs |
Each endpoint in the API playground shows its required scope in the security section.
Example Token Configurations
DNS-Only Automation
For a script that manages DNS records without access to other resources:
Code
This grants read and write access to DNS records only. The script cannot list domains, manage contacts, or perform any other operations.
Read-Only Monitoring
For a dashboard that displays domain and DNS information:
Code
This grants read access to all resources (domains, contacts, DNS records, TLDs, activity) but cannot make any changes.
Domain Availability Checker
For a tool that only checks domain availability:
Code
This is the narrowest scope — it can only check availability and cannot list or view existing domains.
Full Domain Management (Without Registration)
For an integration that manages existing domains but should not register new ones:
Code
This grants full management of existing domains, DNS, and contacts, but cannot register new domains or initiate transfers.