## PATCH /api/v2/domains/{id}/email-forwarding

**Toggle domain email forwarding**

Enable or disable domain-level email forwarding and return the refreshed state. Get `{id}` from `GET /api/v2/domains` `data[].id`. Use this only for the domain-level forwarding integration. If the domain is attached to a shared-hosting account, prefer shared-hosting email forwarders; forcing domain-level routing can replace existing MX records and stop hosting mailboxes from receiving mail. Body accepts only `enabled` and optional `force`. `force` is valid only when enabling and tells the server to remove existing non-forwarding MX records before enabling routing.

### Related Endpoints

- `GET /api/v2/domains/{id}/email-forwarding`: Get domain email forwarding
- `POST /api/v2/domains/{id}/email-forwarding`: Create domain email forwarding rule
- `PUT /api/v2/domains/{id}/email-forwarding`: Update domain email catch-all

### Headers

- `Accept`: application/json
- `Authorization`: Bearer YOUR_API_KEY
- Required API scopes: `write:email`, `write:domains`
- `Content-Type`: application/json

### Parameters

- `id` (path, string, required): Public domain ID from `GET /api/v2/domains` `data[].id`. Do not invent this value; use the exact ID returned by the referenced API response. Example: `dom_01hxa3b4c5d6e7f8g9h0j1k2m3`

### Request Body

- `enabled` (boolean, required) Example: `true`
- `force` (boolean, optional): Only valid when `enabled` is true. Removes existing non-forwarding MX records before enabling routing. Example: `false`

### Request Examples

#### Enable forwarding

```bash
curl -X PATCH "https://cloud.hostup.se/api/v2/domains/dom_01hxa3b4c5d6e7f8g9h0j1k2m3/email-forwarding" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d '{
    "enabled": true
  }'
```

```json
{
  "enabled": true
}
```

#### Enable and replace existing MX records

```bash
curl -X PATCH "https://cloud.hostup.se/api/v2/domains/dom_01hxa3b4c5d6e7f8g9h0j1k2m3/email-forwarding" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d '{
    "enabled": true,
    "force": true
  }'
```

```json
{
  "enabled": true,
  "force": true
}
```

#### Disable forwarding

```bash
curl -X PATCH "https://cloud.hostup.se/api/v2/domains/dom_01hxa3b4c5d6e7f8g9h0j1k2m3/email-forwarding" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d '{
    "enabled": false
  }'
```

```json
{
  "enabled": false
}
```

### Response Schema

- `enabled` (boolean, optional) Example: `true`
- `integrationStatus` (string, optional) Example: `enabled`
  Allowed values: enabled, disabled, unavailable
- `reason` (string,null, optional) Example: `null`
- `maxRules` (integer, optional) Example: `200`
- `ruleCount` (integer, optional) Example: `1`
- `rules` (array<object>, optional)
- `rules[].id` (string, required) Example: `ef_01hxa3b4c5d6e7f8g9h0j1k2m3`
- `rules[].email` (string, required) Example: `hello@example.com`
- `rules[].destination` (string, required) Example: `owner@example.net`
- `rules[].isEnabled` (boolean, required) Example: `true`
- `rules[].name` (string,null, required) Example: `null`
- `rules[].priority` (integer, required) Example: `0`
- `destinations` (array<object>, optional)
- `destinations[].id` (string, required) Example: `efd_01hxa3b4c5d6e7f8g9h0j1k2m3`
- `destinations[].email` (string, required) Example: `owner@example.net`
- `destinations[].verificationStatus` (string, required) Example: `verified`
  Allowed values: verified, pending, unverified
- `destinations[].createdAt` (string,null, required) Example: `2026-04-27T12:00:00.000Z`
- `destinations[].verifiedAt` (string,null, required) Example: `2026-04-27T12:05:00.000Z`
- `catchAll` (object | null, optional) Example: `{"action":"disabled","destination":null}`
- `catchAll.action` (string, required) Example: `disabled`
  Allowed values: forward, drop, disabled
- `catchAll.destination` (string,null, required) Example: `null`
- `existingMxRecords` (array<object>, optional)
- `existingMxRecords[].type` (string, required) Example: `MX`
  Allowed values: MX
- `existingMxRecords[].value` (string, required) Example: `mail.example.com`
- `existingMxRecords[].priority` (integer,null, required) Example: `10`
- `actions` (object, optional)
- `actions.canCreateNewRule` (object, required)
- `actions.canCreateNewRule.allowed` (boolean, required) Example: `true`
- `actions.canCreateNewRule.reason` (string,null, required) Example: `null`
- `actions.canCreateNewRule.code` (string,null, optional): Machine-readable reason code when an action is blocked. Example: `pending_order`
- `actions.canSetCatchAll` (object, required)
- `actions.canSetCatchAll.allowed` (boolean, required) Example: `true`
- `actions.canSetCatchAll.reason` (string,null, required) Example: `null`
- `actions.canSetCatchAll.code` (string,null, optional): Machine-readable reason code when an action is blocked. Example: `pending_order`

### Responses

#### 200 - Refreshed email forwarding state.
```json
{
  "enabled": true,
  "integrationStatus": "enabled",
  "reason": null,
  "maxRules": 200,
  "ruleCount": 0,
  "rules": [],
  "destinations": [],
  "catchAll": {
    "action": "disabled",
    "destination": null
  },
  "existingMxRecords": [],
  "actions": {
    "canCreateNewRule": {
      "allowed": true,
      "reason": null
    },
    "canSetCatchAll": {
      "allowed": true,
      "reason": null
    }
  }
}
```

#### 400 - Invalid request. The response body is an RFC 7807 Problem Details document.
```json
{
  "type": "https://developer.hostup.se/errors/invalid_request",
  "title": "Invalid request",
  "status": 400,
  "detail": "The request body failed validation.",
  "code": "invalid_request",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z",
  "errors": [
    {
      "pointer": "/items/0/domainName",
      "detail": "`domainName` is required.",
      "code": "invalid_request"
    }
  ]
}
```

#### 401 - Unauthorized. Authentication is required.
```json
{
  "type": "https://developer.hostup.se/errors/unauthorized",
  "title": "Unauthorized",
  "status": 401,
  "detail": "Authentication is required.",
  "code": "unauthorized",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 403 - Forbidden. The caller lacks a required scope or does not own the resource.
```json
{
  "type": "https://developer.hostup.se/errors/forbidden",
  "title": "Forbidden",
  "status": 403,
  "detail": "The caller lacks a required scope or does not own the resource.",
  "code": "forbidden",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 404 - Not found. The resource does not exist or is not owned by the caller.
```json
{
  "type": "https://developer.hostup.se/errors/not_found",
  "title": "Not found",
  "status": 404,
  "detail": "The requested resource could not be found.",
  "code": "not_found",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 409 - Conflict. See the Problem Details `code` for the route-specific blocker and recovery fields.
```json
{
  "status": 409,
  "instance": "/api/v2/domains/dom_01hxa3b4c5d6e7f8g9h0j1k2m3/email-forwarding",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z",
  "type": "https://developer.hostup.se/errors/mx_record_blocked_email_forwarding",
  "title": "Email forwarding blocked by MX records",
  "detail": "Email forwarding cannot be enabled while the domain has custom MX records.",
  "code": "mx_record_blocked_email_forwarding",
  "actions": {
    "canCreateNewRule": {
      "allowed": false,
      "reason": "Email forwarding cannot be enabled while the domain has custom MX records."
    }
  }
}
```

#### 429 - Rate limited. Retry after the limit resets. 429 responses include `Retry-After` seconds plus `X-RateLimit-*` headers.
```json
{
  "type": "https://developer.hostup.se/errors/rate_limit_exceeded",
  "title": "Too many requests",
  "status": 429,
  "detail": "Too many requests. Retry after the limit resets.",
  "code": "rate_limit_exceeded",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 500 - Internal error. Retry later or contact support if the issue persists.
```json
{
  "type": "https://developer.hostup.se/errors/internal_error",
  "title": "Internal server error",
  "status": 500,
  "detail": "An unexpected error occurred. Retry later or contact support if the issue persists.",
  "code": "internal_error",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```