curl --request POST \
--url https://agenticadvertising.org/api/properties/hosted/{domain}/claim \
--header 'Authorization: Bearer <token>'{
"success": true,
"domain": "<string>",
"authoritative_location": "<string>",
"instructions": "<string>"
}Claim a domain for bind-on-verify
Issue a pending domain claim for the caller’s organization and return a claim-specific authoritative_location URL (…/adagents.json?adcp_claim=<token>). The caller places that single pointer at their own origin /.well-known/adagents.json; a subsequent verify-origin reads the token and binds the domain to the caller’s org. The token is the per-account artifact that proves WHICH account owns the domain — a plain domain-keyed pointer proves only that the origin endorses AAO hosting, not who the owner is.
The community write surface stays open; this does not gate writes — it establishes ownership on successful verification. Refused with 409 only when the domain is already verified and locked to a different owner.
curl --request POST \
--url https://agenticadvertising.org/api/properties/hosted/{domain}/claim \
--header 'Authorization: Bearer <token>'{
"success": true,
"domain": "<string>",
"authoritative_location": "<string>",
"instructions": "<string>"
}Authorizations
Bearer token in the Authorization header. Two token types are accepted:
- Organization API key (
sk_...) issued via the dashboard. Org-scoped, long-lived, for server-to-server use. - User JWT obtained via the OAuth 2.1 authorization code flow with PKCE. User-scoped, short-lived. Discover the authorization server at
/.well-known/oauth-authorization-serverand the protected-resource metadata at/.well-known/oauth-protected-resource/api.
Path Parameters
"examplepub.com"
Was this page helpful?