# HeadlessDomains Registrar OT&E Evidence Template

Version: 0.1
Updated: 2026-06-11
Base URL: `https://partners.headlessdomains.com/api/v1/registrar/v1`

## Purpose

Copy-ready report format for registrar sandbox testing before production approval. This covers the HTTP registrar API and does not certify an EPP endpoint.

## Test Run

| Field | Value |
| --- | --- |
| Registrar |  |
| Registrar channel slug |  |
| Registrar channel id | From GET /status audit_provenance.registrar_channel_id. |
| Test namespace / TLD |  |
| Run date |  |
| Registrar technical contact |  |
| Registrar support escalation contact |  |
| HeadlessDomains reviewer |  |
| API client name and version |  |
| Base URL | https://partners.headlessdomains.com/api/v1/registrar/v1 |
| Token reference | Internal secret reference only; do not paste bearer token values. |

## Command Evidence

| Test | Endpoint | Idempotency Key | Domain | First Status | Retry Status | Audit ID | Registrar Channel ID | Poll Evidence | Pass/Fail | Notes |
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
| Status preflight | `GET /status` | `` |  |  |  |  |  |  |  |  |
| Sandbox reset | `POST /sandbox/reset` | `ote-reset-001` |  |  |  |  |  |  |  |  |
| Availability | `POST /domains/check` | `ote-check-001` |  |  |  |  |  |  |  |  |
| Create | `POST /domains` | `ote-create-001` |  |  |  |  |  |  |  |  |
| Create retry | `POST /domains` | `ote-create-001` |  |  |  |  |  |  |  |  |
| Info | `GET /domains/{domain}` | `` |  |  |  |  |  |  |  |  |
| Renew | `POST /domains/{domain}/renew` | `ote-renew-001` |  |  |  |  |  |  |  |  |
| Renew retry | `POST /domains/{domain}/renew` | `ote-renew-001` |  |  |  |  |  |  |  |  |
| Metadata update | `PATCH /domains/{domain}` | `ote-update-001` |  |  |  |  |  |  |  |  |
| Transfer | `POST /domains/{domain}/transfer` | `ote-transfer-001` |  |  |  |  |  |  |  |  |
| Transfer retry | `POST /domains/{domain}/transfer` | `ote-transfer-001` |  |  |  |  |  |  |  |  |
| Nameservers | `PUT /domains/{domain}/nameservers` | `ote-ns-001` |  |  |  |  |  |  |  |  |
| Delete / cancel | `DELETE /domains/{domain}` | `ote-delete-001` |  |  |  |  |  |  |  |  |
| Delete retry | `DELETE /domains/{domain}` | `ote-delete-001` |  |  |  |  |  |  |  |  |
| Audit poll | `GET /poll?idempotency_key=...` | `` |  |  |  |  |  |  |  |  |

## Rate Limit Evidence

- Observed 429 response, if tested: 
- Retry-After header: 
- X-RateLimit-Limit header: 
- X-RateLimit-Remaining header: 
- Registrar backoff behavior: 

## Security Confirmation

- [ ] No raw bearer token appears in screenshots, logs, tickets, browser storage, mobile clients, or public repositories.
- [ ] Registrar client calls HeadlessDomains from server-side infrastructure only.
- [ ] Command evidence uses request ids, audit ids, and idempotency keys instead of secrets.
- [ ] Customer or registrant data in evidence is redacted unless explicitly approved for review.

## Review Decision

| Gate | Result | Reviewer Notes |
| --- | --- | --- |
| Command coverage | pass / fail / blocked |  |
| Retry safety | pass / fail / blocked |  |
| Audit reconciliation | pass / fail / blocked |  |
| Rate-limit handling | pass / fail / blocked |  |
| Secret handling | pass / fail / blocked |  |
| Support escalation | pass / fail / blocked |  |
| Evidence archive | not exported / exported / archived |  |
| Production approval | not approved / approved with conditions / approved |  |

## Boundaries

- This evidence report is for OT&E review only.
- Passing the report does not create production registrar approval by itself.
- EPP compatibility requires a future EPP gateway and separate EPP evidence.
- Protected legacy/NB recovery records remain protected unless a recovery decision explicitly changes their state.