API reference

The dmarced API gives you programmatic access to everything the product can do. The app itself is built on this API, so anything you see in the interface — domain management, DMARC reports, DNS monitoring — is available for automation. You can use it to run your own checks, pull data into internal tools, or monitor large domains at scale.

Specification

The API is defined using the OpenAPI Specification. It's a structured format that lists every endpoint, the data it accepts, the data it returns, and how to authenticate. Most modern API tools understand this format, so you can explore or generate client code without any setup.

• View human-readable API specification
• View JSON API specification

Endpoint

The production API is available at: https://api.dmarced.eu

A sandbox environment is also available for testing or pre-production work. Reach out if you’d like access.

Authentication

The dmarced API uses Bearer tokens. Every request to a protected endpoint needs an Authorization header with a valid token.

A token has two parts:

• a token ID, starting with pk_ (e.g., pk_zmh6pwusw1iw)
• a token secret, starting with sk_ (e.g., sk_nrAm8vY14wKiJsn9…)

They’re joined with a period (.) to form the full credentials string.

Treat your token like a password. Anyone with it can act on behalf of your team.