Registrar certification

Registrar OT&E checklist

Operational Test and Evaluation for registrar integrations before production access.

Registrar API docs Handoff packet Evidence template OpenAPI JSON

Prerequisites

Registrar API keyUse a Partner API key with the registrar API profile or equivalent lifecycle scopes, bound to an approved registrar channel.

Approved test namespaceThe registrar must have access to a namespace approved for OT&E testing.

Server-side clientThe bearer token stays on registrar servers only. Do not ship it to browser code or mobile clients.

Command log accessUse GET /poll to compare registrar-side events with HeadlessDomains command audits.

Environment

REGISTRY_BASE=https://partners.headlessdomains.com/api/v1/registrar/v1
REGISTRY_TOKEN=hdpart_...
TEST_TLD=defiwallet

Reset Fixtures

Start every certification run by recording GET /status, then resetting OT&E fixtures. The status response captures channel approval, namespace listings, production state, rate limits, command capabilities, and the internal registry service contract. The reset creates predictable ote_sandbox domains and refuses to overwrite real names.

curl -sS "$REGISTRY_BASE/status" \
  -H "Authorization: Bearer $REGISTRY_TOKEN"

curl -sS "$REGISTRY_BASE/sandbox/reset" \
  -H "Authorization: Bearer $REGISTRY_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"tld":"defiwallet","sandbox":true,"idempotency_key":"ote-reset-001"}'

Required Command Sequence

1. Status preflightGET /status. Archive the response and confirm channel/listing approval, command capabilities, rate limits, and registry service contract.

2. AvailabilityPOST /domains/check for ote-available.$TEST_TLD. Expect available true.

3. CreatePOST /domains using a unique idempotency key. Retry the same request and confirm the retry is safe.

4. InfoGET /domains/{domain} for the created domain and fixture domains.

5. RenewPOST /domains/ote-renew.$TEST_TLD/renew. Retry with the same key and confirm no duplicate debit or expiry jump.

6. Metadata UpdatePATCH /domains/ote-update.$TEST_TLD with registrant metadata and a stable idempotency key.

7. TransferPOST /domains/ote-transfer.$TEST_TLD/transfer with gaining registrar metadata. Retry with the same key and confirm transfer intent is auditable.

8. NameserversPUT /domains/ote-ns.$TEST_TLD/nameservers with two valid hosts. Expect pending backend apply.

9. Delete / CancelDELETE /domains/ote-delete.$TEST_TLD. Retry with the same key and confirm it does not fail as already deleted.

10. PollGET /poll?idempotency_key=... and confirm every command appears with the expected status, domain, and idempotency key.

Sample Create

curl -sS "$REGISTRY_BASE/domains" \
  -H "Authorization: Bearer $REGISTRY_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "domain": "ote-livecheck.defiwallet",
    "years": 1,
    "registrant_email": "ote-customer@example.invalid",
    "registrant_external_id": "registrar-ote-customer-001",
    "idempotency_key": "ote-create-001"
  }'

Sample Audit Poll

curl -sS "$REGISTRY_BASE/poll?idempotency_key=ote-create-001&command=create_domain&status=success&domain=ote-livecheck.defiwallet&limit=1" \
  -H "Authorization: Bearer $REGISTRY_TOKEN"

Pass Criteria

Command coverageAvailability, create, info, renew, update, transfer, nameserver update, delete/cancel, and poll all complete.

Retry safetyRetries with the same idempotency key replay safely. Conflicting key reuse returns 409 duplicate_idempotency_key_conflict.

Rate-limit handlingThe registrar backs off on 429 registrar_rate_limit_exceeded using the Retry-After and X-RateLimit response headers.

Audit matchThe registrar can provide request ids, idempotency keys, response timestamps, and poll output for every command.

Evidence reportUse the OT&E evidence template to record each command, retry, poll result, rate-limit behavior, and reviewer decision.

No secret exposureThe registrar confirms the bearer token is never exposed client-side or in public logs.

Support pathThe registrar has a support contact and escalation path for failed provisioning or customer ownership disputes.

Archive The Run

After command evidence is reviewed, an operator records a named OT&E run in /admin/interop and exports Archive MD from /admin/registrar-ote-runs/<run_id>/evidence-archive.md. Attach that Markdown archive and its SHA-256 fingerprint to the registrar ticket before production review.

Not A Production Approval

Passing OT&E proves command compatibility only. Production access still requires commercial approval, namespace-owner approval, registrar support readiness, rate-limit agreement, and launch signoff.