## POST /api/v2/domains/{id}/contacts **Update domain contacts** Update one or more contact roles on a domain. This is an update endpoint, not a contact creation endpoint: send at least one of `registrant`, `admin`, `tech`, or `billing`, and only the documented camelCase v2 contact fields. Unknown fields and legacy internal contact aliases are rejected on this per-domain route. For .se, .nu, and .test domains, changing the registrant personal or organisation number requires identity verification; when the identifier is preserved instead of applied, the response reports this in `updateOutcome.registrantRegistrationIdentifierApplied: false` and `updateOutcome.registrantRegistrationIdentifierBlockedReason: "identity_verification_required"`. Successful responses echo the full contacts payload with current action gates. ### Related Endpoints - `GET /api/v2/domains/{id}/contacts`: Get domain contacts - `GET /api/v2/domains/{id}`: Get domain details - `PATCH /api/v2/domains/{id}`: Update domain settings ### Headers - `Accept`: application/json - `Authorization`: Bearer YOUR_API_KEY - Required API scope: `write:domains` - `Content-Type`: application/json ### Parameters - `id` (path, string, required): Public domain ID. Get it from GET /api/v2/domains `data[].id`. Do not invent this value; use the exact ID returned by the referenced API response. Example: `dom_01hxa3b4c5d6e7f8g9h0j1k2m3` ### Request Body - `registrant` (null, optional) - `admin` (null, optional) - `tech` (null, optional) - `billing` (null, optional) ### Request Examples #### Update registrant contact fields ```bash curl -X POST "https://cloud.hostup.se/api/v2/domains/dom_01hxa3b4c5d6e7f8g9h0j1k2m3/contacts" \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -d '{ "registrant": { "firstName": "Anna", "lastName": "Svensson", "companyName": "Example AB", "email": "anna@example.se", "phoneNumber": "+46700000000", "street": "Examplegatan 1", "city": "Stockholm", "postalCode": "12345", "countryCode": "SE" } }' ``` ```json { "registrant": { "firstName": "Anna", "lastName": "Svensson", "companyName": "Example AB", "email": "anna@example.se", "phoneNumber": "+46700000000", "street": "Examplegatan 1", "city": "Stockholm", "postalCode": "12345", "countryCode": "SE" } } ``` #### Update multiple contact roles ```bash curl -X POST "https://cloud.hostup.se/api/v2/domains/dom_01hxa3b4c5d6e7f8g9h0j1k2m3/contacts" \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -d '{ "registrant": { "email": "owner@example.se", "phoneNumber": "+46700000000" }, "tech": { "email": "tech@example.se", "phoneNumber": "+46700000001", "countryCode": "SE" } }' ``` ```json { "registrant": { "email": "owner@example.se", "phoneNumber": "+46700000000" }, "tech": { "email": "tech@example.se", "phoneNumber": "+46700000001", "countryCode": "SE" } } ``` ### Response Schema - `registrant` (null, optional) - `admin` (null, optional) - `tech` (null, optional) - `billing` (null, optional) - `draft` (boolean, optional): True for pending-registration Swedish TLD drafts where registrant contact data can still be edited before payment or registry sync. Example: `false` - `serviceStatus` (string, optional): Canonical v2 service lifecycle status for the domain contact resource. Example: `active` Allowed values: active, suspended, expired, pending, cancelled, terminated, unknown - `actions` (object, optional) - `actions.canEditContacts` (object, required): False while contact changes are locked, for example during an in-progress transfer. - `actions.canEditContacts.allowed` (boolean, required) Example: `true` - `actions.canEditContacts.reason` (string,null, required) Example: `null` - `actions.canEditContacts.code` (string,null, optional): Machine-readable reason code when an action is blocked. Example: `pending_order` - `actions.requiresIdentityVerification` (object, required): `allowed: true` means identity verification, currently BankID for .se/.nu/.test registrant identifier changes, is required before the registrant personal or organisation number can be updated. - `actions.requiresIdentityVerification.allowed` (boolean, required) Example: `true` - `actions.requiresIdentityVerification.reason` (string,null, required) Example: `null` - `actions.requiresIdentityVerification.code` (string,null, optional): Machine-readable reason code when an action is blocked. Example: `pending_order` - `updateOutcome` (null, optional) ### Responses #### 200 - Contacts updated. Wrapperless v2 response. ```json { "registrant": { "firstName": "Anna", "lastName": "Svensson", "companyName": "Example AB", "email": "anna@example.se", "phoneNumber": "+46700000000", "street": "Examplegatan 1", "address2": "5", "city": "Goteborg", "postalCode": "413 04", "state": "Vastra Gotaland", "countryCode": "SE", "registrationIdentifier": { "value": "559290-1325", "countryCode": "SE", "type": "organization_number" } }, "admin": null, "tech": null, "billing": null, "draft": false, "serviceStatus": "active", "actions": { "canEditContacts": { "allowed": true, "reason": null }, "requiresIdentityVerification": { "allowed": true, "reason": "BankID verification is required before updating the registrant's personal or organisation number." } }, "updateOutcome": { "syncTriggered": false, "orderActivation": null, "registrantRegistrationIdentifierApplied": false, "registrantRegistrationIdentifierBlockedReason": "identity_verification_required" } } ``` #### 400 - Invalid request. The response body is an RFC 7807 Problem Details document. ```json { "type": "https://developer.hostup.se/errors/invalid_request", "title": "Invalid request", "status": 400, "detail": "The request body failed validation.", "code": "invalid_request", "instance": "/api/v2/resource", "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3", "timestamp": "2026-04-27T12:34:56.000Z", "errors": [ { "pointer": "/items/0/domainName", "detail": "`domainName` is required.", "code": "invalid_request" } ] } ``` #### 401 - Unauthorized. Authentication is required. ```json { "type": "https://developer.hostup.se/errors/unauthorized", "title": "Unauthorized", "status": 401, "detail": "Authentication is required.", "code": "unauthorized", "instance": "/api/v2/resource", "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3", "timestamp": "2026-04-27T12:34:56.000Z" } ``` #### 403 - Forbidden. The caller lacks a required scope or does not own the resource. ```json { "type": "https://developer.hostup.se/errors/forbidden", "title": "Forbidden", "status": 403, "detail": "The caller lacks a required scope or does not own the resource.", "code": "forbidden", "instance": "/api/v2/resource", "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3", "timestamp": "2026-04-27T12:34:56.000Z" } ``` #### 404 - Not found. The resource does not exist or is not owned by the caller. ```json { "type": "https://developer.hostup.se/errors/not_found", "title": "Not found", "status": 404, "detail": "The requested resource could not be found.", "code": "not_found", "instance": "/api/v2/resource", "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3", "timestamp": "2026-04-27T12:34:56.000Z" } ``` #### 429 - Rate limited. Retry after the limit resets. 429 responses include `Retry-After` seconds plus `X-RateLimit-*` headers. ```json { "type": "https://developer.hostup.se/errors/rate_limit_exceeded", "title": "Too many requests", "status": 429, "detail": "Too many requests. Retry after the limit resets.", "code": "rate_limit_exceeded", "instance": "/api/v2/resource", "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3", "timestamp": "2026-04-27T12:34:56.000Z" } ``` #### 500 - Internal error. Retry later or contact support if the issue persists. ```json { "type": "https://developer.hostup.se/errors/internal_error", "title": "Internal server error", "status": 500, "detail": "An unexpected error occurred. Retry later or contact support if the issue persists.", "code": "internal_error", "instance": "/api/v2/resource", "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3", "timestamp": "2026-04-27T12:34:56.000Z" } ```