Registrar certification evidence
HeadlessDomains Registrar OT&E Evidence Template
Copy-ready report format for registrar sandbox testing before production approval. This covers the HTTP registrar API and does not certify an EPP endpoint.
Run Details
- Registrar
- To be completed
- Registrar channel slug
- To be completed
- Registrar channel id
- From GET /status audit_provenance.registrar_channel_id.
- Test namespace / TLD
- To be completed
- Run date
- To be completed
- Registrar technical contact
- To be completed
- Registrar support escalation contact
- To be completed
- HeadlessDomains reviewer
- To be completed
- API client name and version
- To be completed
- Base URL
- https://partners.headlessdomains.com/api/v1/registrar/v1
- Token reference
- Internal secret reference only; do not paste bearer token values.
Command Evidence Table
| Test | Endpoint | Idempotency Key | Evidence Needed |
|---|---|---|---|
| Status preflight | GET /status |
N/A | HTTP status, response body, audit id, registrar_channel_id, poll output, pass/fail, notes. |
| Sandbox reset | POST /sandbox/reset |
ote-reset-001 |
HTTP status, response body, audit id, registrar_channel_id, poll output, pass/fail, notes. |
| Availability | POST /domains/check |
ote-check-001 |
HTTP status, response body, audit id, registrar_channel_id, poll output, pass/fail, notes. |
| Create | POST /domains |
ote-create-001 |
HTTP status, response body, audit id, registrar_channel_id, poll output, pass/fail, notes. |
| Create retry | POST /domains |
ote-create-001 |
HTTP status, response body, audit id, registrar_channel_id, poll output, pass/fail, notes. |
| Info | GET /domains/{domain} |
N/A | HTTP status, response body, audit id, registrar_channel_id, poll output, pass/fail, notes. |
| Renew | POST /domains/{domain}/renew |
ote-renew-001 |
HTTP status, response body, audit id, registrar_channel_id, poll output, pass/fail, notes. |
| Renew retry | POST /domains/{domain}/renew |
ote-renew-001 |
HTTP status, response body, audit id, registrar_channel_id, poll output, pass/fail, notes. |
| Metadata update | PATCH /domains/{domain} |
ote-update-001 |
HTTP status, response body, audit id, registrar_channel_id, poll output, pass/fail, notes. |
| Transfer | POST /domains/{domain}/transfer |
ote-transfer-001 |
HTTP status, response body, audit id, registrar_channel_id, poll output, pass/fail, notes. |
| Transfer retry | POST /domains/{domain}/transfer |
ote-transfer-001 |
HTTP status, response body, audit id, registrar_channel_id, poll output, pass/fail, notes. |
| Nameservers | PUT /domains/{domain}/nameservers |
ote-ns-001 |
HTTP status, response body, audit id, registrar_channel_id, poll output, pass/fail, notes. |
| Delete / cancel | DELETE /domains/{domain} |
ote-delete-001 |
HTTP status, response body, audit id, registrar_channel_id, poll output, pass/fail, notes. |
| Delete retry | DELETE /domains/{domain} |
ote-delete-001 |
HTTP status, response body, audit id, registrar_channel_id, poll output, pass/fail, notes. |
| Audit poll | GET /poll?idempotency_key=... |
N/A | HTTP status, response body, audit id, registrar_channel_id, poll output, pass/fail, notes. |
Rate Limit Evidence
1.Observed 429 response, if tested
2.Retry-After header
3.X-RateLimit-Limit header
4.X-RateLimit-Remaining header
5.Registrar backoff behavior
Security Confirmation
1.No raw bearer token appears in screenshots, logs, tickets, browser storage, mobile clients, or public repositories.
2.Registrar client calls HeadlessDomains from server-side infrastructure only.
3.Command evidence uses request ids, audit ids, and idempotency keys instead of secrets.
4.Customer or registrant data in evidence is redacted unless explicitly approved for review.
Review Decision
| Gate | Expected Result | Reviewer Notes |
|---|---|---|
| Command coverage | pass / fail / blocked | To be completed |
| Retry safety | pass / fail / blocked | To be completed |
| Audit reconciliation | pass / fail / blocked | To be completed |
| Rate-limit handling | pass / fail / blocked | To be completed |
| Secret handling | pass / fail / blocked | To be completed |
| Support escalation | pass / fail / blocked | To be completed |
| Evidence archive | not exported / exported / archived | To be completed |
| Production approval | not approved / approved with conditions / approved | To be completed |
Archive Output
After review, create or update the named run in /admin/interop, then export Archive MD from /admin/registrar-ote-runs/<run_id>/evidence-archive.md. The archive includes a SHA-256 fingerprint and safe command-audit evidence for the registrar record.
Boundaries
1.This evidence report is for OT&E review only.
2.Passing the report does not create production registrar approval by itself.
3.EPP compatibility requires a future EPP gateway and separate EPP evidence.
4.Protected legacy/NB recovery records remain protected unless a recovery decision explicitly changes their state.