Summary
The public API endpoint for email domains is being removed due to a security vulnerability. This endpoint allows a caller to search for a domain name (using domainId as the domain name string value) and returns associated CNAME and DKIM settings. However, it may return data for domains that do not belong to the organization making the request, creating a cross-organizational data exposure risk.
Effective Date
Monday, September 8, 2025
Details
This endpoint presents a potential security vulnerability by exposing data from other organizations. To mitigate this risk, the endpoint will be removed.
Customer Impact
The removal of this endpoint strengthens API security. An alternate API that poses no security risk is already available:
• GET /api/v2/routing/email/outbound/domains/{domainId}
Impacted Resources
GET /api/v2/routing/email/outbound/domains/{domainId}/search
Issue References
POSTINO-3622
Contacts
@Greg Boston Please reply to this announcement with any questions. This helps the wider developer community benefit from the discussion. We encourage you to use this thread before contacting the designated person directly. Thank you for your understanding.