## POST /api/v2/domains/{id}/actions/request-unlock

**Request domain unlock**

Request registry-lock unlock for an active .se or .nu domain. Use `id` from `GET /api/v2/domains` `data[].id`; do not pass the raw hostname. Call this endpoint only when a domain or nameserver response exposes `unlockAction.href`. For other TLDs, manage the normal registrar-lock boolean with `PATCH /api/v2/domains/{id}` `registrarLock` instead. The optional `forceRequest` flag is only for retrying after the API returned `status: "verification_failed"` with `requiresConfirmation: true` and the user has confirmed they still want staff review.

### Related Endpoints

- `POST /api/v2/domains/{id}/actions/renew`: Renew a domain
- `POST /api/v2/domains/{id}/actions/update-epp`: Save EPP code for transfer
- `POST /api/v2/domains/{id}/actions/request-epp`: Request an EPP code

### Headers

- `Accept`: application/json
- `Authorization`: Bearer YOUR_API_KEY
- Required API scope: `write:domains`
- `Content-Type`: application/json

### Parameters

- `id` (path, string, required): Public domain ID. Get it from GET /api/v2/domains `data[].id`. Do not invent this value; use the exact ID returned by the referenced API response. Example: `dom_01hxa3b4c5d6e7f8g9h0j1k2m3`

### Request Body

- `forceRequest` (boolean, optional): For .se/.nu only. Set true after a previous response required explicit confirmation to bypass automated company authorization and queue staff review. Example: `false`

### Request Examples

#### Normal unlock request

```bash
curl -X POST "https://cloud.hostup.se/api/v2/domains/dom_01hxa3b4c5d6e7f8g9h0j1k2m3/actions/request-unlock" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Accept: application/json"
```

#### Queue staff review after confirmation

```bash
curl -X POST "https://cloud.hostup.se/api/v2/domains/dom_01hxa3b4c5d6e7f8g9h0j1k2m3/actions/request-unlock" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d '{
    "forceRequest": true
  }'
```

```json
{
  "forceRequest": true
}
```

### Response Schema

- `domainId` (string, required): Public domain ID from `GET /api/v2/domains` `data[].id`. Example: `dom_01hxa3b4c5d6e7f8g9h0j1k2m3`
- `status` (string, required): Machine-readable outcome. Branch on this field instead of parsing explanatory text. Example: `submitted`
  Allowed values: already_unlocked, already_requested, bankid_required, verification_failed, submitted
- `domainName` (string,null, required) Example: `example.se`
- `domainExtension` (string,null, required) Example: `se`
- `ticVerified` (boolean,null, required): Whether the automated company authorization check succeeded when applicable. Example: `true`
- `verifiedAs` (string,null, required) Example: `account_owner`
- `companyName` (string,null, required) Example: `Example AB`
- `daysSinceRequest` (number,null, required): Days since an existing pending unlock request was submitted, when the API detected one. Example: `null`
- `verificationReason` (string,null, required): Human-readable reason when the unlock cannot be submitted automatically. Example: `null`
- `domainOrgno` (string,null, required): Organisation number on the domain record when relevant to verification. Example: `5566778899`
- `yourOrgno` (string,null, required): Organisation number on the authenticated account when relevant to verification. Example: `5566778899`
- `requiresConfirmation` (boolean, required): True when the caller may retry with `forceRequest: true` after user confirmation. Example: `false`

### Responses

#### 200 - Registry-lock unlock request result.
```json
{
  "domainId": "dom_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "status": "submitted",
  "domainName": "example.se",
  "domainExtension": "se",
  "ticVerified": true,
  "verifiedAs": "account_owner",
  "companyName": "Example AB",
  "daysSinceRequest": null,
  "verificationReason": null,
  "domainOrgno": "5566778899",
  "yourOrgno": "5566778899",
  "requiresConfirmation": false
}
```

#### 400 - Invalid request body.
```json
{
  "type": "https://developer.hostup.se/errors/invalid_request",
  "title": "Invalid request",
  "status": 400,
  "detail": "`forceRequest` must be a boolean.",
  "instance": "/api/v2/domains/dom_01hxa3b4c5d6e7f8g9h0j1k2m3/actions/request-unlock",
  "code": "invalid_request",
  "errors": [
    {
      "pointer": "/forceRequest",
      "detail": "`forceRequest` must be a boolean.",
      "code": "invalid_request"
    }
  ]
}
```

#### 401 - Unauthorized. Authentication is required.
```json
{
  "type": "https://developer.hostup.se/errors/unauthorized",
  "title": "Unauthorized",
  "status": 401,
  "detail": "Authentication is required.",
  "code": "unauthorized",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 403 - Forbidden. The caller lacks a required scope or does not own the resource.
```json
{
  "type": "https://developer.hostup.se/errors/forbidden",
  "title": "Forbidden",
  "status": 403,
  "detail": "The caller lacks a required scope or does not own the resource.",
  "code": "forbidden",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 404 - Domain was not found for the caller.
```json
{
  "type": "https://developer.hostup.se/errors/domain_not_found",
  "title": "Domain not found",
  "status": 404,
  "detail": "The requested domain could not be found.",
  "instance": "/api/v2/domains/dom_01hxa3b4c5d6e7f8g9h0j1k2m3/actions/request-unlock",
  "code": "domain_not_found"
}
```

#### 409 - Unlock request could not be accepted in the current state.
```json
{
  "type": "https://developer.hostup.se/errors/upstream_failed",
  "title": "Conflict",
  "status": 409,
  "detail": "Registry-lock unlock request could not be submitted.",
  "instance": "/api/v2/domains/dom_01hxa3b4c5d6e7f8g9h0j1k2m3/actions/request-unlock",
  "code": "upstream_failed"
}
```

#### 429 - Rate limited. Retry after the limit resets. 429 responses include `Retry-After` seconds plus `X-RateLimit-*` headers.
```json
{
  "type": "https://developer.hostup.se/errors/rate_limit_exceeded",
  "title": "Too many requests",
  "status": 429,
  "detail": "Too many requests. Retry after the limit resets.",
  "code": "rate_limit_exceeded",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 500 - Internal error. Retry later or contact support if the issue persists.
```json
{
  "type": "https://developer.hostup.se/errors/internal_error",
  "title": "Internal server error",
  "status": 500,
  "detail": "An unexpected error occurred. Retry later or contact support if the issue persists.",
  "code": "internal_error",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```