Skip to main content
Mark a connection step as complete after Entri confirms success. Entri’s onEntriClose callback with success: true means the DNS record was actually added to the provider’s DNS. We trust this and update the database status immediately, without waiting for DNS propagation (which can take minutes).

​
Path Parameters

ParameterTypeRequiredDescription
org_idstringYesClerk organization slug (e.g., company-name-123456)

​
Request Body

FieldTypeRequiredDescription
stepintegerYesWhich step completed: 1 = SSL CNAME added, 2 = www CNAME switched

​
Example Request

# After Part 1 (SSL validation CNAME added)
curl -X POST https://searchcompany-main.up.railway.app/api/domain/mark-step-complete/my-company-123456 \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"step": 1}'

# After Part 2 (www CNAME switched to CloudFront)
curl -X POST https://searchcompany-main.up.railway.app/api/domain/mark-step-complete/my-company-123456 \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"step": 2}'

​
Example Responses

​
Step 1 Complete

{
  "status": "success",
  "proxy_status": "SSL_VALIDATING"
}

​
Step 2 Complete

{
  "status": "success",
  "proxy_status": "DEPLOYED"
}

​
Status Transitions

StepBeforeAfterWhat Happens
1PENDING_VALIDATIONSSL_VALIDATINGAWS starts validating SSL certificate
2SSL_VALIDATEDDEPLOYEDDomain fully connected + background tasks trigger

​
Step 2 Background Tasks

When step 2 completes, two background tasks run automatically (user doesn’t wait for these):

​
1. ACM Certificate Upgrade (Auto-Renewal)

Upgrades from Let’s Encrypt to ACM-native certificate:
  1. Waits 60 seconds for DNS propagation
  2. Requests ACM-native certificate (now works because www β†’ CloudFront)
  3. ACM validates via DNS (follows CNAME chain)
  4. Swaps certificates on CloudFront (zero downtime)
  5. Deletes old imported certificate
Result: Auto-renewal forever with zero user action.

​
2. IndexNow Submission

Submits all AI site URLs to IndexNow (Bing, Yandex, etc.):
  1. Gathers all URLs from the AI site:
    • Core pages (/, /llms.txt, /sitemap.xml, /robots.txt, /data.json)
    • All Q&A pages from page_hashes
    • All boosted pages from boosted_pages table
  2. Submits to IndexNow using the customer’s real domain (not AI site URL)
Why here? IndexNow verification requires the /search-company.txt key file to be accessible. This only works after the CloudFront proxy is connected, which routes that file to the AI site. The user never knows these happened - they just see β€œDEPLOYED” and they’re done.

​
Why Trust Entri?

When Entri’s onEntriClose fires with success: true, it means:
  1. User authenticated with their DNS provider
  2. Entri made the actual DNS API call to add the record
  3. The DNS provider confirmed the record was added
We don’t need to verify via DNS lookup because:
  • DNS propagation can take 1-60 minutes
  • Entri already confirmed the record exists at the provider level
  • Users shouldn’t have to wait for propagation to see UI feedback

​
Frontend Integration

// In onEntriClose handler
if (entriEvent.detail.success && pendingStep) {
  await markStepComplete(orgSlug, pendingStep, token);
  await fetchProxyInfo(); // Refresh UI
}