## PATCH /api/v2/domains/{id} **Update domain settings** Update writable settings for one domain and return the refreshed domain detail. Get `{id}` from `GET /api/v2/domains` `data[].id`. The route accepts only boolean `autoRenew`, `registrarLock`, `whoisPrivacyAutoEnable`, and `cancelPendingOrder`; unknown fields are rejected. `cancelPendingOrder: true` is only valid with `autoRenew: false` in the same request and additionally requires `write:billing`. For domains whose `registryLock.requiresManualUnlockFlow` is true, disabling registrar lock is not a simple PATCH; call the `registryLock.unlockAction.href` returned by `GET /api/v2/domains/{id}` or `GET /api/v2/domains/{id}/nameservers`. ### Related Endpoints - `GET /api/v2/domains/{id}`: Get domain details - `GET /api/v2/domains/{id}/renewal`: Get domain renewal state - `GET /api/v2/domains/{id}/billing-cycle`: Get domain billing-period options ### Headers - `Accept`: application/json - `Authorization`: Bearer YOUR_API_KEY - Required API scope: `write:domains` - `Content-Type`: application/json ### Parameters - `id` (path, string, required): Public domain ID from `GET /api/v2/domains` `data[].id`. Do not invent this value; use the exact ID returned by the referenced API response. Example: `dom_01hxa3b4c5d6e7f8g9h0j1k2m3` ### Request Body - `autoRenew` (boolean, optional): Enable or disable automatic renewal. Disabling always works; if a pending renewal order exists, first read `pendingRenewalOrder` and send `cancelPendingOrder: true` after user confirmation. Example: `false` - `cancelPendingOrder` (boolean, optional): Best-effort cancellation of the current pending renewal order. Valid only together with `autoRenew: false` and requires billing write permission. Example: `true` - `registrarLock` (boolean, optional): Enable or disable registry/registrar lock when the domain's action gates allow it. Example: `true` - `whoisPrivacyAutoEnable` (boolean, optional): Save whether supported WHOIS privacy should be auto-enabled for this domain. Example: `false` ### Request Examples #### Disable auto-renew and cancel pending renewal order ```bash curl -X PATCH "https://cloud.hostup.se/api/v2/domains/dom_01hxa3b4c5d6e7f8g9h0j1k2m3" \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -d '{ "autoRenew": false, "cancelPendingOrder": true }' ``` ```json { "autoRenew": false, "cancelPendingOrder": true } ``` #### Enable registrar lock ```bash curl -X PATCH "https://cloud.hostup.se/api/v2/domains/dom_01hxa3b4c5d6e7f8g9h0j1k2m3" \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -d '{ "registrarLock": true }' ``` ```json { "registrarLock": true } ``` #### Opt out of automatic WHOIS privacy enablement ```bash curl -X PATCH "https://cloud.hostup.se/api/v2/domains/dom_01hxa3b4c5d6e7f8g9h0j1k2m3" \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -d '{ "whoisPrivacyAutoEnable": false }' ``` ```json { "whoisPrivacyAutoEnable": false } ``` ### Response Schema - `id` (string, optional) Example: `dom_01hxa3b4c5d6e7f8g9h0j1k2m3` - `name` (string, optional) Example: `example.com` - `serviceStatus` (string, optional) Example: `active` Allowed values: active, suspended, terminated, pending, cancelled, expired, fraud, unknown - `orderId` (string, optional) Example: `ord_01hxa3b4c5d6e7f8g9h0j1k2m3` - `lifecycle` (object, optional) - `lifecycle.type` (string, required): Normalized lifecycle type. Common values are standard, registration, transfer, and renewal. Example: `standard` - `lifecycle.autoRenewEnabled` (boolean,null, required) Example: `true` - `lifecycle.registrarLockEnabled` (boolean,null, required) Example: `false` - `lifecycle.transferInProgress` (boolean, required) Example: `false` - `billing` (object, optional) - `billing.amount` (number, required) Example: `159` - `billing.currencyCode` (string, required) Example: `SEK` - `billing.billingCycle` (string,null, required): Canonical cycle slug for 1-3 year periods. Four- to nine-year domain periods return null and use periodYears. Example: `annually` Allowed values: annually, biennially, triennially, - `billing.periodYears` (integer,null, required) Example: `1` - `billing.initialAmount` (number, optional): First-period amount when it differs from the recurring amount. Example: `99` - `createdAt` (string,null, optional) Example: `2025-04-27T09:00:00.000Z` - `expiresAt` (string,null, optional) Example: `2027-04-27T21:59:59.000Z` - `nextDueAt` (string,null, optional) Example: `2027-03-28T00:00:00.000Z` - `tags` (array, optional) Example: `["production"]` - `pinned` (boolean, optional) Example: `false` - `hostingConnection` (object, optional) - `hostingConnection.type` (string, required) Example: `hosting` Allowed values: standalone, hosting, wordpress - `hostingConnection.hostingAccountId` (string,null, required) Example: `acct_01hxa3b4c5d6e7f8g9h0j1k2m3` - `hostingConnection.hostingAccountName` (string,null, required) Example: `Webbhotell Start` - `hostingConnection.hostingAccountDomain` (string,null, required) Example: `example.com` - `hostingConnection.ssl` (object,null, required) - `nameservers` (array, optional) Example: `["primary.ns.hostup.se","secondary.ns.hostup.se"]` - `transfer` (object, optional) - `transfer.eppCode` (string,null, required): Always null on detail reads. EPP/auth codes are reusable secrets and are only exposed by explicit EPP actions. Example: `null` - `notes` (string,null, optional) Example: `null` - `pendingRenewalOrder` (null, optional) Example: `null` - `pendingDomainOrder` (null, optional) Example: `null` - `registryLock` (object, optional) - `registryLock.enabled` (boolean,null, required) Example: `false` - `registryLock.requiresManualUnlockFlow` (boolean, required) Example: `false` - `registryLock.unlockAction` (object,null, required) - `whoisPrivacy` (object, optional) - `whoisPrivacy.enabled` (boolean,null, required): Best-effort live registry privacy state. Null means the upstream detail payload did not expose the live flag. Example: `null` - `whoisPrivacy.autoEnable` (boolean, required) Example: `true` - `whoisPrivacy.status` (string, required) Example: `auto_enable_allowed` Allowed values: auto_enable_allowed, auto_enable_opted_out - `whoisPrivacy.reason` (string,null, required) Example: `null` - `whoisPrivacy.updatedAt` (string,null, required) Example: `2026-04-20T09:30:00.000Z` - `actions` (object, optional) - `actions.canDelete` (object, required) - `actions.canDelete.allowed` (boolean, required) Example: `true` - `actions.canDelete.reason` (string,null, required) Example: `null` - `actions.canDelete.code` (string,null, optional): Machine-readable reason code when an action is blocked. Example: `pending_order` - `actions.canActivateRegistryLock` (object, required) - `actions.canActivateRegistryLock.allowed` (boolean, required) Example: `true` - `actions.canActivateRegistryLock.reason` (string,null, required) Example: `null` - `actions.canActivateRegistryLock.code` (string,null, optional) Example: `null` Allowed values: tld_not_supported, lock_already_active, domain_not_active, - `actions.canRequestRegistryUnlock` (object, required) - `actions.canRequestRegistryUnlock.allowed` (boolean, required) Example: `true` - `actions.canRequestRegistryUnlock.reason` (string,null, required) Example: `null` - `actions.canRequestRegistryUnlock.code` (string,null, optional): Machine-readable reason code when an action is blocked. Example: `pending_order` - `actions.canChangeBillingCycle` (object, required) - `actions.canChangeBillingCycle.allowed` (boolean, required) Example: `true` - `actions.canChangeBillingCycle.reason` (string,null, required) Example: `null` - `actions.canChangeBillingCycle.code` (string,null, optional) Example: `pending_domain_order` - `actions.canDisableAutoRenew` (object, required) - `actions.canDisableAutoRenew.allowed` (boolean, required) Example: `true` - `actions.canDisableAutoRenew.reason` (string,null, required) Example: `null` - `actions.canDisableAutoRenew.code` (string,null, optional): Machine-readable reason code when an action is blocked. Example: `pending_order` - `actions.canDisableAutoRenew.requiresConfirmation` (string,null, required) Example: `null` Allowed values: cancel_pending_order, - `updateOutcome` (object, optional) - `updateOutcome.pendingOrderCancelled` (boolean,null, required): True when `cancelPendingOrder: true` cancelled a pending renewal order; false when the cancel was attempted but no order was cancelled; null when no pending-order cancel was requested. Example: `true` - `updateOutcome.whoisPrivacyAutoEnableUpdated` (boolean,null, required): The saved WHOIS privacy auto-enable preference, or null when the PATCH did not update that preference. Example: `null` - `updateOutcome.syncTriggered` (boolean, required): True when the server had to refresh domain status before retrying the upstream write. Example: `false` - `updateOutcome.domainStatusChanged` (boolean, required): True when the refresh detected that the domain status changed during the update. Example: `false` ### Responses #### 200 - Updated domain details with mutation outcome metadata. ```json { "id": "dom_01hxa3b4c5d6e7f8g9h0j1k2m3", "name": "example.com", "serviceStatus": "active", "orderId": "ord_01hxa3b4c5d6e7f8g9h0j1k2m3", "lifecycle": { "type": "registration", "autoRenewEnabled": false, "registrarLockEnabled": false, "transferInProgress": false }, "billing": { "amount": 159, "currencyCode": "SEK", "billingCycle": "annually", "periodYears": 1 }, "createdAt": "2025-04-27T09:00:00.000Z", "expiresAt": "2027-04-27T21:59:59.000Z", "nextDueAt": "2027-03-28T00:00:00.000Z", "tags": [ "production" ], "pinned": false, "hostingConnection": { "type": "hosting", "hostingAccountId": "acct_01hxa3b4c5d6e7f8g9h0j1k2m3", "hostingAccountName": "Webbhotell Start", "hostingAccountDomain": "example.com", "ssl": { "status": "valid", "expiresAt": "2026-08-01T00:00:00.000Z", "issuer": "Let's Encrypt" } }, "nameservers": [ "primary.ns.hostup.se", "secondary.ns.hostup.se" ], "transfer": { "eppCode": null }, "notes": null, "pendingRenewalOrder": null, "pendingDomainOrder": null, "registryLock": { "enabled": false, "requiresManualUnlockFlow": false, "unlockAction": null }, "whoisPrivacy": { "enabled": null, "autoEnable": true, "status": "auto_enable_allowed", "reason": null, "updatedAt": "2026-04-20T09:30:00.000Z" }, "actions": { "canDelete": { "allowed": true, "reason": null }, "canActivateRegistryLock": { "allowed": false, "reason": "Registry lock activation is not available for this domain ending.", "code": "tld_not_supported" }, "canRequestRegistryUnlock": { "allowed": false, "reason": "Domain lock is not active." }, "canChangeBillingCycle": { "allowed": true, "reason": null }, "canDisableAutoRenew": { "allowed": true, "reason": null, "requiresConfirmation": null } }, "updateOutcome": { "pendingOrderCancelled": true, "whoisPrivacyAutoEnableUpdated": null, "syncTriggered": false, "domainStatusChanged": false } } ``` #### 400 - Invalid request. The response body is an RFC 7807 Problem Details document. ```json { "type": "https://developer.hostup.se/errors/invalid_request", "title": "Invalid request", "status": 400, "detail": "The request body failed validation.", "code": "invalid_request", "instance": "/api/v2/resource", "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3", "timestamp": "2026-04-27T12:34:56.000Z", "errors": [ { "pointer": "/items/0/domainName", "detail": "`domainName` is required.", "code": "invalid_request" } ] } ``` #### 401 - Unauthorized. Authentication is required. ```json { "type": "https://developer.hostup.se/errors/unauthorized", "title": "Unauthorized", "status": 401, "detail": "Authentication is required.", "code": "unauthorized", "instance": "/api/v2/resource", "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3", "timestamp": "2026-04-27T12:34:56.000Z" } ``` #### 403 - Forbidden. The caller lacks a required scope or does not own the resource. ```json { "type": "https://developer.hostup.se/errors/forbidden", "title": "Forbidden", "status": 403, "detail": "The caller lacks a required scope or does not own the resource.", "code": "forbidden", "instance": "/api/v2/resource", "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3", "timestamp": "2026-04-27T12:34:56.000Z" } ``` #### 404 - Not found. The resource does not exist or is not owned by the caller. ```json { "type": "https://developer.hostup.se/errors/not_found", "title": "Not found", "status": 404, "detail": "The requested resource could not be found.", "code": "not_found", "instance": "/api/v2/resource", "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3", "timestamp": "2026-04-27T12:34:56.000Z" } ``` #### 429 - Rate limited. Retry after the limit resets. 429 responses include `Retry-After` seconds plus `X-RateLimit-*` headers. ```json { "type": "https://developer.hostup.se/errors/rate_limit_exceeded", "title": "Too many requests", "status": 429, "detail": "Too many requests. Retry after the limit resets.", "code": "rate_limit_exceeded", "instance": "/api/v2/resource", "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3", "timestamp": "2026-04-27T12:34:56.000Z" } ``` #### 500 - Internal error. Retry later or contact support if the issue persists. ```json { "type": "https://developer.hostup.se/errors/internal_error", "title": "Internal server error", "status": 500, "detail": "An unexpected error occurred. Retry later or contact support if the issue persists.", "code": "internal_error", "instance": "/api/v2/resource", "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3", "timestamp": "2026-04-27T12:34:56.000Z" } ```