## GET /api/v2/domains/{id}/dnssec-auto

**Get automatic DNSSEC status**

Return the automatic DNSSEC enrollment state for a domain. For domains delegated to HostUp-managed nameservers (`primary.ns.hostup.se`, `secondary.ns.hostup.se`, or accepted managed aliases), automatic DNSSEC periodically verifies the hosted DNSSEC material and publishes the DS record at the registry without the caller adding manual DS/KEY records. Status values: `active` means automation is enabled and healthy, `pending` means the platform is waiting for DNSSEC material/checks, `blocked` means automation is paused, `excluded` means the domain is opted out, `inactive` means it is not active for this domain, and `error` means the last automatic attempt failed. Nameserver changes can trigger a 72-hour cooldown; when blocked, use `blockedUntil`, `blockReason`, and `nameserversChangedAt` to tell the user when automation resumes. Before changing nameservers, read `GET /api/v2/domains/{id}/nameservers`; `dnssecAutoWillBeBlocked: true` means that update will pause automatic DNSSEC for the cooldown window.

### Related Endpoints

- `POST /api/v2/domains/{id}/dnssec-auto`: Enable or disable automatic DNSSEC
- `GET /api/v2/domains/{id}`: Get domain details
- `PATCH /api/v2/domains/{id}`: Update domain settings

### Headers

- `Accept`: application/json
- `Authorization`: Bearer YOUR_API_KEY
- Required API scope: `read:domains`

### Parameters

- `id` (path, string, required): Public domain ID. Get it from GET /api/v2/domains `data[].id`. Do not invent this value; use the exact ID returned by the referenced API response. Example: `dom_01hxa3b4c5d6e7f8g9h0j1k2m3`

### Request Example

```bash
curl -X GET "https://cloud.hostup.se/api/v2/domains/dom_01hxa3b4c5d6e7f8g9h0j1k2m3/dnssec-auto" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Accept: application/json"
```

### Response Schema

- `domainName` (string | null, required) Example: `example.se`
- `status` (string, required) Example: `blocked`
  Allowed values: active, inactive, excluded, pending, error, blocked
- `reason` (string | null, required) Example: `Automatic DNSSEC is paused after a nameserver change.`
- `isEnabled` (boolean, required) Example: `true`
- `isBlocked` (boolean, required) Example: `true`
- `blockedUntil` (string | null, required) Example: `2026-04-30T12:00:00.000Z`
- `blockReason` (string | null, required) Example: `Automatic DNSSEC is paused after a nameserver change.`
- `lastCheckedAt` (string | null, required) Example: `2026-04-27T12:00:00.000Z`
- `lastError` (string | null, required)
- `nameserversChangedAt` (string | null, required) Example: `2026-04-26T09:30:00.000Z`

### Responses

#### 200 - Automatic DNSSEC state.
```json
{
  "domainName": "example.se",
  "status": "blocked",
  "reason": "Automatic DNSSEC is paused after a nameserver change.",
  "isEnabled": true,
  "isBlocked": true,
  "blockedUntil": "2026-04-30T12:00:00.000Z",
  "blockReason": "Automatic DNSSEC is paused after a nameserver change.",
  "lastCheckedAt": "2026-04-27T12:00:00.000Z",
  "lastError": null,
  "nameserversChangedAt": "2026-04-26T09:30:00.000Z"
}
```

#### 400 - Invalid request. The response body is an RFC 7807 Problem Details document.
```json
{
  "type": "https://developer.hostup.se/errors/invalid_request",
  "title": "Invalid request",
  "status": 400,
  "detail": "The request body failed validation.",
  "code": "invalid_request",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z",
  "errors": [
    {
      "pointer": "/items/0/domainName",
      "detail": "`domainName` is required.",
      "code": "invalid_request"
    }
  ]
}
```

#### 401 - Unauthorized. Authentication is required.
```json
{
  "type": "https://developer.hostup.se/errors/unauthorized",
  "title": "Unauthorized",
  "status": 401,
  "detail": "Authentication is required.",
  "code": "unauthorized",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 403 - Forbidden. The caller lacks a required scope or does not own the resource.
```json
{
  "type": "https://developer.hostup.se/errors/forbidden",
  "title": "Forbidden",
  "status": 403,
  "detail": "The caller lacks a required scope or does not own the resource.",
  "code": "forbidden",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 404 - Not found. The resource does not exist or is not owned by the caller.
```json
{
  "type": "https://developer.hostup.se/errors/not_found",
  "title": "Not found",
  "status": 404,
  "detail": "The requested resource could not be found.",
  "code": "not_found",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 429 - Rate limited. Retry after the limit resets. 429 responses include `Retry-After` seconds plus `X-RateLimit-*` headers.
```json
{
  "type": "https://developer.hostup.se/errors/rate_limit_exceeded",
  "title": "Too many requests",
  "status": 429,
  "detail": "Too many requests. Retry after the limit resets.",
  "code": "rate_limit_exceeded",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 500 - Internal error. Retry later or contact support if the issue persists.
```json
{
  "type": "https://developer.hostup.se/errors/internal_error",
  "title": "Internal server error",
  "status": 500,
  "detail": "An unexpected error occurred. Retry later or contact support if the issue persists.",
  "code": "internal_error",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```