CAA Record Analyzer API — Certificate Authority Authorization Check

Description

Inspect CAA DNS records that control which Certificate Authorities can issue SSL/TLS certificates for a domain. Identify misconfigurations, missing CAA records, and potential security gaps in certificate issuance policies.

Use Cases

Audit which CAs are authorized to issue certificates
Verify CAA records before requesting new certificates
Detect missing CAA records (security best practice)
Validate iodef reporting configuration

Parameters

Name	Type	Required	Description
`domain`	string	Yes	Domain name to analyze
`format`	string	No	Response format: json or markdown

Example Request

bash

curl -H 'X-API-Key: YOUR_KEY' \
  'https://api.example.com/dns/caa?domain=example.com'

python

import httpx

resp = httpx.get(
    "https://api.example.com/dns/caa?domain=example.com",
    headers={"X-API-Key": "YOUR_KEY"},
)
print(resp.json())

javascript

const resp = await fetch("https://api.example.com/dns/caa?domain=example.com", {
  headers: { "X-API-Key": "YOUR_KEY" },
});
const data = await resp.json();
console.log(data);

Example Response

json

{
  "domain": "example.com",
  "records": [
    {"flag": 0, "tag": "issue", "value": "letsencrypt.org"},
    {"flag": 0, "tag": "issuewild", "value": ";"}
  ],
  "has_caa": true
}

CAA Record Analyzer

Description

Use Cases

Parameters

Related Tools in DNS

DNS Propagation Checker

DNS Lookup

DNS Lookup All

Bulk DNS Lookup

Compare DNS Resolvers

DNS-over-HTTPS Test