N7 Docs
Go to Dashboard ↗

Security-Enabled Domains API

The Security-Enabled Domains API returns all domains within an account that have security (WAF) features enabled.

It is typically used as a discovery step before working with per-domain security APIs, such as the Target Groups API . Since target group operations are scoped to a single domain, you can use this endpoint to first list every security-enabled domain in your account and then iterate over the results.

Prerequisite#

  1. You must have at least one domain configured on Nitrogen with security (WAF) enabled.
  2. You must have a service account configured with at least Viewer access to the account. If not, you can refer this article for the same.

Endpoint#

List Security-Enabled Domains#

Retrieve a list of all domains in an account that have security (WAF) features enabled.

Request Details#

GET https://dash.n7.io/api/v2/security/account/{account}/domains
Authorization: Token <api-key-of-service-account>

If using Postman, set the Auth Type to No Auth. And then set the Authorization header in the Headers section.

Path Parameters#

  • account (required): The unique account identifier (a 6-character uppercase alphanumeric code, e.g., AB12CD).

Example Request#

curl -X GET "https://dash.n7.io/api/v2/security/account/AB12CD/domains" \
  -H "Authorization: Token <api-key-of-service-account>"

Response#

On success (HTTP 200), returns the list of security-enabled domain names.

response.json
{
  "domains": [
    "shop.example.com",
    "www.example.com"
  ]
}

If the account has no security-enabled domains, an empty list is returned:

response.json
{
  "domains": []
}

Behavior and Constraints#

  1. Security-Enabled Only: Only domains with security (WAF) features enabled are returned. Domains without WAF are omitted.
  2. Exclusions: Disabled domains domains are never included in the response.
  • Target Groups API — list and dynamically manage IP target groups for a specific security-enabled domain.

Error Responses#

When an error occurs, the API returns a non-200 HTTP status code with the following JSON payload:

error.json
{
  "code": <error_code>,
  "message": "<error_message>",
  "details": []
}