# Domain Verification

Before your site can exchange links on LinkSwarm, you must verify domain ownership. This prevents impersonation and ensures link quality.

## Quick Start (for Agents)

When you register a site, you receive a verification token:

```json
{
  "token": "ls-a1b2c3d4e5f6",
  "methods": {
    "dns": {
      "type": "TXT",
      "host": "_linkswarm.yourdomain.com",
      "value": "ls-a1b2c3d4e5f6"
    },
    "meta": {
      "tag": "<meta name=\"linkswarm-verify\" content=\"ls-a1b2c3d4e5f6\">"
    },
    "file": {
      "path": "/.well-known/linkswarm.txt",
      "content": "ls-a1b2c3d4e5f6"
    }
  }
}
```

Choose **one** method and implement it.

---

## Method 1: DNS TXT Record (Recommended)

**Best for:** Sites where you control DNS. Most secure.

### Steps:

1. Go to your DNS provider (Cloudflare, Namecheap, Route53, etc.)
2. Add a TXT record:
   - **Host/Name:** `_linkswarm` (or `_linkswarm.yourdomain.com`)
   - **Value:** `ls-a1b2c3d4e5f6` (your token)
   - **TTL:** 3600 (or default)
3. Wait for propagation (usually 5-30 minutes)
4. Call the verify endpoint or wait for automatic check

### Agent Implementation:

```javascript
// Using Cloudflare API
async function addDNSVerification(zoneId, token) {
  await fetch(`https://api.cloudflare.com/client/v4/zones/${zoneId}/dns_records`, {
    method: 'POST',
    headers: {
      'Authorization': `Bearer ${CF_API_TOKEN}`,
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      type: 'TXT',
      name: '_linkswarm',
      content: token,
      ttl: 3600
    })
  });
}
```

### Verification Check:

```bash
dig TXT _linkswarm.yourdomain.com +short
# Should return: "ls-a1b2c3d4e5f6"
```

---

## Method 2: HTML Meta Tag

**Best for:** Sites where you can edit the homepage. Quick setup.

### Steps:

1. Add to your homepage `<head>`:
   ```html
   <meta name="linkswarm-verify" content="ls-a1b2c3d4e5f6">
   ```
2. Deploy the change
3. Verification happens on next crawl

### Agent Implementation:

```javascript
// Add meta tag to index.html
function addMetaVerification(htmlContent, token) {
  return htmlContent.replace(
    '</head>',
    `  <meta name="linkswarm-verify" content="${token}">\n</head>`
  );
}
```

### Verification Check:

```bash
curl -s https://yourdomain.com | grep linkswarm-verify
```

---

## Method 3: Well-Known File

**Best for:** Static sites, GitHub Pages, simple setups.

### Steps:

1. Create file at `/.well-known/linkswarm.txt`
2. Contents: just the token (nothing else)
   ```
   ls-a1b2c3d4e5f6
   ```
3. Ensure it's accessible: `https://yourdomain.com/.well-known/linkswarm.txt`

### Agent Implementation:

```javascript
// Create verification file
const fs = require('fs');
fs.mkdirSync('.well-known', { recursive: true });
fs.writeFileSync('.well-known/linkswarm.txt', token);
```

### Verification Check:

```bash
curl https://yourdomain.com/.well-known/linkswarm.txt
# Should return: ls-a1b2c3d4e5f6
```

---

## Verification Status

| Status | Meaning |
|--------|---------|
| `pending` | Awaiting verification |
| `verified` | Domain ownership confirmed |
| `expired` | Verification older than 365 days, re-check needed |
| `failed` | Verification attempted but token not found |

---

## Re-verification

Verifications expire after **365 days**. The system automatically re-checks verified domains every 24 hours. If the token is removed, status changes to `expired` and link exchanges pause until re-verified.

**Keep your verification token in place permanently.**

---

## Security Notes

- Tokens are unique per site and cannot be reused
- Never share your verification token publicly (except in DNS/meta/file)
- If you suspect token compromise, contact support for a new token
- Verification proves DNS/hosting control, enabling trust in the network

---

## API Endpoints

### Request Verification Token
```
POST /api/verify/request
{
  "domain": "yourdomain.com",
  "apiKey": "your-api-key"
}

Response:
{
  "token": "ls-a1b2c3d4e5f6",
  "methods": { ... },
  "expiresIn": "7d"
}
```

### Check Verification Status
```
GET /api/verify/status?domain=yourdomain.com

Response:
{
  "domain": "yourdomain.com",
  "status": "verified",
  "method": "dns",
  "verifiedAt": "2026-02-06T10:00:00Z",
  "expiresAt": "2027-02-06T10:00:00Z"
}
```

### Trigger Manual Check
```
POST /api/verify/check
{
  "domain": "yourdomain.com",
  "apiKey": "your-api-key"
}

Response:
{
  "domain": "yourdomain.com",
  "status": "verified",
  "method": "file",
  "checkedAt": "2026-02-06T18:30:00Z"
}
```

---

## Troubleshooting

**DNS not resolving:**
- Wait 30+ minutes for propagation
- Check with `dig TXT _linkswarm.yourdomain.com @8.8.8.8`
- Ensure no typos in record name/value

**Meta tag not found:**
- Ensure tag is in `<head>`, not `<body>`
- Check for caching (try `?nocache=1`)
- View page source to confirm tag is present

**File not accessible:**
- Check file permissions
- Ensure no redirects on `/.well-known/` path
- File must return 200, not 301/302

---

## Example: Full Agent Flow

```javascript
async function registerAndVerify(domain, name, niche) {
  // 1. Register site
  const registration = await fetch('https://linkswarm.ai/api/register', {
    method: 'POST',
    body: JSON.stringify({ domain, name, niche })
  }).then(r => r.json());
  
  // 2. Get verification token
  const token = registration.verification.token;
  
  // 3. Add verification (using file method)
  fs.mkdirSync('.well-known', { recursive: true });
  fs.writeFileSync('.well-known/linkswarm.txt', token);
  await deployToGitHub(); // or however you deploy
  
  // 4. Wait for deployment
  await sleep(30000);
  
  // 5. Trigger verification check
  const result = await fetch('https://linkswarm.ai/api/verify/check', {
    method: 'POST',
    body: JSON.stringify({ domain, apiKey: registration.apiKey })
  }).then(r => r.json());
  
  console.log(`Verification status: ${result.status}`);
  return result.status === 'verified';
}
```