> ## Documentation Index > Fetch the complete documentation index at: https://docs.adcontextprotocol.org/llms.txt > Use this file to discover all available pages before exploring further. # Claim a domain for bind-on-verify > Issue a pending domain claim for the caller's organization and return a claim-specific `authoritative_location` URL (`…/adagents.json?adcp_claim=`). The caller places that single pointer at their own origin `/.well-known/adagents.json`; a subsequent verify-origin reads the token and binds the domain to the caller's org. The token is the per-account artifact that proves WHICH account owns the domain — a plain domain-keyed pointer proves only that the origin endorses AAO hosting, not who the owner is. The community write surface stays open; this does not gate writes — it establishes ownership on successful verification. Refused with 409 only when the domain is already verified and locked to a different owner. ## OpenAPI ````yaml /static/openapi/registry.yaml post /api/properties/hosted/{domain}/claim openapi: 3.1.0 info: title: AgenticAdvertising.org Registry API description: >- REST API for the AgenticAdvertising.org registry. Resolve brands, discover properties, look up agents, and validate authorization in the AdCP ecosystem. Most endpoints are public and require no authentication. Endpoints marked with a lock icon accept either an organization API key or a user JWT obtained via the OAuth 2.1 flow — see [Authentication](https://agenticadvertising.org/docs/registry/index#authentication). **Base URL:** `https://agenticadvertising.org` version: 1.0.0 contact: name: AgenticAdvertising.org url: https://agenticadvertising.org servers: - url: https://agenticadvertising.org description: Production security: [] tags: - name: Onboarding description: >- Explicitly bootstrap a third-party integration into the AAO registry. Most callers don't need this tag — `POST /api/me/agents` auto-creates the org (for fresh users) and the member profile (for first-time agent registration) without a separate round trip. Use `POST /api/organizations` only when you need to override the auto-derived org name / company_type / revenue_tier. Tier transitions happen via the billing flow only; the Stripe webhook is the sole writer of `organizations.membership_tier`. - name: Member Agents description: >- Register, list, update, and remove agents on the caller's organization member profile. Authenticated programmatic surface for CI / scripts that don't want to round-trip the full member profile. - name: Brand Resolution description: Resolve advertiser domains to canonical brand identities. - name: Property Resolution description: >- Resolve publisher domains to their property configurations and authorized agents. - name: Agent Discovery description: >- Browse the federated agent network, search agent inventory profiles, publisher index, and registry statistics. - name: Change Feed description: Poll cursor-based registry change events for local sync. - name: Lookups & Authorization description: >- Look up agents by domain or property, and validate ad-serving authorization. - name: Validation Tools description: >- Validate publisher adagents.json files and generate compliant configurations. - name: Community Mirrors description: >- Publish, fetch, list, and retire catalog-only adagents.json mirrors for platforms that have not adopted AdCP. - name: Search description: Cross-entity search across brands, publishers, agents, and properties. - name: Agent Probing description: >- Connect to live agents and inspect their capabilities, formats, and inventory. - name: Brand Discovery description: Discover and crawl brand.json files across domains. - name: Agent Compliance description: Agent compliance status, storyboard test results, and compliance history. - name: Policy Registry description: >- Browse, resolve, and contribute governance policies for campaign compliance. paths: /api/properties/hosted/{domain}/claim: post: tags: - Property Resolution summary: Claim a domain for bind-on-verify description: >- Issue a pending domain claim for the caller's organization and return a claim-specific `authoritative_location` URL (`…/adagents.json?adcp_claim=`). The caller places that single pointer at their own origin `/.well-known/adagents.json`; a subsequent verify-origin reads the token and binds the domain to the caller's org. The token is the per-account artifact that proves WHICH account owns the domain — a plain domain-keyed pointer proves only that the origin endorses AAO hosting, not who the owner is. The community write surface stays open; this does not gate writes — it establishes ownership on successful verification. Refused with 409 only when the domain is already verified and locked to a different owner. operationId: claimHostedPropertyDomain parameters: - schema: type: string example: examplepub.com required: true name: domain in: path responses: '200': description: Claim issued content: application/json: schema: type: object properties: success: type: boolean enum: - true domain: type: string authoritative_location: type: string instructions: type: string required: - success - domain - authoritative_location - instructions '400': description: Invalid domain content: application/json: schema: $ref: '#/components/schemas/Error' '401': description: Authentication required content: application/json: schema: $ref: '#/components/schemas/Error' '403': description: Caller is not a member of any organization content: application/json: schema: $ref: '#/components/schemas/Error' '409': description: Domain already verified and locked to another owner content: application/json: schema: $ref: '#/components/schemas/Error' security: - bearerAuth: [] - oauth2: [] components: schemas: Error: type: object properties: error: type: string required: - error securitySchemes: bearerAuth: type: http scheme: bearer description: >- Bearer token in the `Authorization` header. Two token types are accepted: - **Organization API key** (`sk_...`) issued via the dashboard. Org-scoped, long-lived, for server-to-server use. - **User JWT** obtained via the OAuth 2.1 authorization code flow with PKCE. User-scoped, short-lived. Discover the authorization server at `/.well-known/oauth-authorization-server` and the protected-resource metadata at `/.well-known/oauth-protected-resource/api`. oauth2: type: oauth2 description: >- OAuth 2.1 authorization code flow with PKCE. Users authenticate via AuthKit and clients receive a Bearer JWT that authorizes both the MCP endpoint and this REST API. Dynamic client registration is supported at `/register`. flows: authorizationCode: authorizationUrl: https://agenticadvertising.org/authorize tokenUrl: https://agenticadvertising.org/token refreshUrl: https://agenticadvertising.org/token scopes: openid: User identifier profile: User profile information email: User email address ````