TLS & DNS

Custom domains for APIs and webhooks

Bring TLS, branded hostnames, and DNS you control to gateway routes—customer-facing APIs, stable webhook endpoints, and partner callbacks without leaking a generic vendor URL.

Last updated: 2026-06-28

Direct answer

Custom domains for APIs and webhooks. Bring custom domains in through the gateway layer so function routing and TLS termination stay coherent in one place.

When it fits

  • Customer-facing APIs
  • Webhook endpoints partners whitelist

Tradeoffs

  • Hard-coded vendor URLs complicate white-label and multi-tenant stories, because every customer integration inherits a hostname you cannot rebrand later.
  • Misconfigured TLS or stale CNAMEs create flaky auth cookie behavior that is painful to debug from the application side.

Why hostnames matter

A branded custom domain reduces phishing risk, keeps SDK defaults clean, and makes your API look like part of your product rather than a rented endpoint.

Some enterprise buyers also expect certificate and DNS control to be documented for their tenant before they sign.

What goes wrong without a plan

Hard-coded vendor URLs complicate white-label and multi-tenant stories, because every customer integration inherits a hostname you cannot rebrand later.

Misconfigured TLS or stale CNAMEs create flaky auth cookie behavior that is painful to debug from the application side.

How custom domains attach to the gateway

Bring custom domains in through the gateway layer so function routing and TLS termination stay coherent in one place.

Many webhook providers — Stripe, GitHub, Shopify, Slack — ask you to whitelist a specific hostname in their dashboard. A stable api.yourproduct.com is easier to maintain and audit than a rotating vendor-generated URL.

Combine custom domains with API keys or other per-route auth modes as your integrations require.

Custom domain setup for APIs and webhooks

DNS

Plan zone ownership and TTLs before your cutover window so the switch itself is boring.

Certificates

Automate certificate renewal wherever your DNS setup and issuance policies allow it.

Multi-tenant

See multi-tenant routing when you need a hostname per customer alongside shared certificates.

How to attach custom domains to the Inquir gateway

1

Verify domain

Prove control via DNS records the platform expects.

2

Map routes

Attach paths or wildcard patterns to target functions.

3

Monitor

Watch handshake errors and 4xx spikes after go-live.

DNS proof first, application routing second

Keep DNS ownership proof separate from application routing concerns—they fail in different ways and are debugged by different people.

routes sketch
{
  "host": "api.example.com",
  "routes": [{ "path": "/v1/ingest", "functionId": "ingest" }]
}

Use branded domains when…

When this works

  • Customer-facing APIs
  • Webhook endpoints partners whitelist

When to skip it

  • Purely internal tools where default hosts suffice

FAQ

Can I use wildcard subdomains for customer APIs?

Capability depends on deployment and certificate automation; confirm wildcard issuance and renewal in your environment before promising it in contracts.

What breaks when DNS or TLS is misconfigured?

Clients see handshake failures or wrong routes; monitor certificate expiry and CNAME health separately from application releases.

How do custom domains relate to webhook URLs?

Partners often whitelist your hostname; a stable api.yourproduct.com is easier to audit than a rotating vendor default.