Multiple Domains: Token Management

Servus Community,

I want to add a second subdomain in my account and need to create a new access token for it. Will the existing subdomain still work with its old token? I have not seen any possibility to assign a token to a specific subdomain.

The question interests me academically also the other way, would multiple subdomains work with only one access token?

Thx & Bye CD

Not sure what you mean here? Are you adding a second domain (not a subdomain) to the account? Or is this an account for a dedyn.io subdomain you are talking about? In any case accounts contain domains, not subdomains.

AFAIK tokens by default allow access to any domain of the account. For example, lets say you have two domains configured in your account:
domain1.com and domain2.com
You have a token with value: XXXXXXXXXX
You can get all RRs of domain1.com using e.g.:
curl --url 'https://desec.io/api/v1/domains/domain1.com/rrsets/' --header 'Authorization: Token XXXXXXXXXX'
and similar with the same token for domain2.com:
curl --url 'https://desec.io/api/v1/domains/domain2.com/rrsets/' --header 'Authorization: Token XXXXXXXXXX'

But you might be able to limit ┬┤the scope of individual tokens. See Token Scoping: Domain Policies. If you limit the scope of one token, other tokens should not be affected.

HTH
fiwswe

Servus fiwswe,

you almost describe the issue as I meant it. Only for me it is about the subdomains or hostnames of the dedyn.io domain. So I have two dedyn addresses in my account (example1.dedyn.io and example2.dedyn.io) and for the first one, which has been exist for a while, I forgot the token and for the second one I had to create a new token. Now I wanted to know if I can use the new token for both addresses or if the already existing token is still valid when I create a new one? However, from your answer I can understand that both work.

CD

  • You can have more than one token for any purpose.
  • By default tokens are not limited to a single domain. They are limited to an account. So any valid (non-expired) token can be used on any domain in the account.
  • Using manually set Token Scoping you can limit what a particular token can access.

Yes, unless you intentionally limited them.

BTW: You could have easily found this answer by just trying the token you still know :wink:

fiwswe