Skip to main content
Mark a connection step as complete after Entri confirms success. Entriโ€™s onEntriClose callback with success: true means the DNS record was actually added to the providerโ€™s DNS. We trust this and update the database status immediately, without waiting for DNS propagation (which can take minutes).

โ€‹
Path Parameters

ParameterTypeRequiredDescription
org_idstringYesClerk organization slug (e.g., company-name-123456)

โ€‹
Request Body

FieldTypeRequiredDescription
stepintegerYesWhich step completed: 1 = SSL CNAME added, 2 = www CNAME switched

โ€‹
Example Request

# After Part 1 (SSL validation CNAME added)
curl -X POST https://searchcompany-main.up.railway.app/api/domain/mark-step-complete/my-company-123456 \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"step": 1}'

# After Part 2 (www CNAME switched to CloudFront)
curl -X POST https://searchcompany-main.up.railway.app/api/domain/mark-step-complete/my-company-123456 \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"step": 2}'

โ€‹
Example Responses

โ€‹
Step 1 Complete

{
  "status": "success",
  "proxy_status": "SSL_VALIDATING"
}

โ€‹
Step 2 Complete

{
  "status": "success",
  "proxy_status": "DEPLOYED"
}

โ€‹
Status Transitions

StepBeforeAfterWhat Happens
1PENDING_VALIDATIONSSL_VALIDATINGAWS starts validating SSL certificate
2SSL_VALIDATEDDEPLOYEDDomain fully connected + background tasks trigger

โ€‹
Step 2 Background Tasks

When step 2 completes, two background tasks run automatically (user doesnโ€™t wait for these):

โ€‹
1. ACM Certificate Upgrade (Auto-Renewal)

Upgrades from Letโ€™s Encrypt to ACM-native certificate:
  1. Waits 60 seconds for DNS propagation
  2. Requests ACM-native certificate (now works because www โ†’ CloudFront)
  3. ACM validates via DNS (follows CNAME chain)
  4. Swaps certificates on CloudFront (zero downtime)
  5. Deletes old imported certificate
Result: Auto-renewal forever with zero user action.

โ€‹
2. IndexNow Submission

Submits all AI site URLs to IndexNow (Bing, Yandex, etc.):
  1. Gathers all URLs from the AI site:
    • Core pages (/, /llms.txt, /sitemap.xml, /robots.txt, /data.json)
    • All Q&A pages from page_hashes
    • All boosted pages from boosted_pages table
  2. Submits to IndexNow using the customerโ€™s real domain (not AI site URL)
Why here? IndexNow verification requires the /search-company.txt key file to be accessible. This only works after the CloudFront proxy is connected, which routes that file to the AI site. The user never knows these happened - they just see โ€œDEPLOYEDโ€ and theyโ€™re done.

โ€‹
Why Trust Entri?

When Entriโ€™s onEntriClose fires with success: true, it means:
  1. User authenticated with their DNS provider
  2. Entri made the actual DNS API call to add the record
  3. The DNS provider confirmed the record was added
We donโ€™t need to verify via DNS lookup because:
  • DNS propagation can take 1-60 minutes
  • Entri already confirmed the record exists at the provider level
  • Users shouldnโ€™t have to wait for propagation to see UI feedback

โ€‹
Frontend Integration

// In onEntriClose handler
if (entriEvent.detail.success && pendingStep) {
  await markStepComplete(orgSlug, pendingStep, token);
  await fetchProxyInfo(); // Refresh UI
}