Skip to content

REST API Reference

Base URL: https://api.nsin.ir — authenticate every request with an API key via Authorization: Bearer nsin_… or X-Api-Key.

A key acts as your account: domains you own and domains shared with you are reachable exactly as in the panel, and domain-level roles still apply on top. Read-only keys may only call GET endpoints. Account (/users), admin and auth endpoints are never available to API keys. You can read subscription, usage and invoice data (below), but keys can never move money — wallet top-ups and plan purchases must be done from the panel and return 403.

{domain} in a path is the domain’s id (from GET /domains/), not its name. Trailing slashes matter — use the paths exactly as written.

MethodPathDescription
GET/proxy-ip/The edge IP to point proxied DNS records at
Terminal window
curl -H "X-Api-Key: $NSIN_KEY" https://api.nsin.ir/proxy-ip/
MethodPathDescription
GET/domains/List your domains (owned + shared, each with my_role)
POST/domains/Add a domain — body {"name":"example.com","dns_mode":"managed"} (managed or external)
GET/domains/{domain}One domain’s details, verification state and your permissions
PUT/domains/{domain}Update settings (DNS mode, cache caps/TTL, security headers)
DELETE/domains/{domain}Remove the domain from your account
POST/domains/{domain}/enableActivate the domain once nameservers point at NSIN
POST/domains/{domain}/check-nsRe-check delegation now instead of waiting for the ticker
POST/domains/{domain}/verifyStart ownership verification (TXT token)
POST/domains/{domain}/verify/retryRetry a failed verification
POST/domains/{domain}/developer-modeEnable developer mode (temporarily bypass the edge cache)
DELETE/domains/{domain}/developer-modeDisable developer mode
Terminal window
curl -X POST -H "X-Api-Key: $NSIN_KEY" -H "Content-Type: application/json" \
-d '{"name":"example.com","dns_mode":"managed"}' \
https://api.nsin.ir/domains/
MethodPathDescription
GET/domains/{domain}/records/List records (ids, proxy status, TTL)
POST/domains/{domain}/records/Create a record
PUT/domains/{domain}/records/{id}Update a record (omitted fields unchanged)
DELETE/domains/{domain}/records/{id}Delete a record
GET/domains/{domain}/records/scanScan public DNS for existing records before import
POST/domains/{domain}/records/scan-importImport the records found by a scan
POST/domains/{domain}/records/import/parseParse a pasted BIND zone file into records (preview)
POST/domains/{domain}/records/importImport records from a parsed zone file
POST/domains/{domain}/records/batch-updateUpdate many records in one call
POST/domains/{domain}/records/batch-deleteDelete many records in one call
Terminal window
# Create a proxied A record for www.example.com
curl -X POST -H "X-Api-Key: $NSIN_KEY" -H "Content-Type: application/json" \
-d '{"name":"www","type":"A","destination":"203.0.113.10","proxied":true}' \
https://api.nsin.ir/domains/example.com/records/

Record types: A, AAAA, CNAME, ANAME, TXT, MX (with mx_priority), NS, SRV, CAA, PTR, TLSA, SSHFP, URI.

MethodPathDescription
GET/domains/{domain}/ssl/Certificate status, expiry, issuer, SANs
POST/domains/{domain}/ssl/Upload your own certificate + private key
POST/domains/{domain}/ssl/parseValidate/inspect a certificate before uploading
POST/domains/{domain}/ssl/issueTrigger a Let’s Encrypt issuance for the domain

Issuing your own certificates (including wildcards) via DNS-01? The acme.sh DNS plugin drives the records API with the same key.

Every rule type shares the same seven-endpoint shape under /domains/{domain}/rules/{type}/:

MethodPathDescription
GET/domains/{domain}/rules/{type}/List rules of this type (in priority order)
POST/domains/{domain}/rules/{type}/Create a rule
PATCH/domains/{domain}/rules/{type}/reorderReorder rules (body: ordered list of rule_ids)
GET/domains/{domain}/rules/{type}/{id}Get one rule
PUT/domains/{domain}/rules/{type}/{id}Update a rule
DELETE/domains/{domain}/rules/{type}/{id}Delete a rule
PATCH/domains/{domain}/rules/{type}/{id}/toggleEnable/disable a rule without deleting it

Available {type} values:

{type}What it controls
cacheEdge cache rules — TTL, scope, path includes/excludes, cache-safety toggles
redirectURL redirects (301/302)
rewriteRequest/response header and path rewrites
dropBlock matching requests at the edge
rate-limitPer-client request rate limits
captchaChallenge matching requests with a CAPTCHA
wafWeb Application Firewall rules
bot-routeRoute or block traffic by bot/user-agent classification
fingerprintTLS/HTTP fingerprint (tunnel & VPN) rules
origin_poolOrigin server pools for load balancing
origin_routeRoute requests to a specific origin pool
error-pageCustom branded error pages
Terminal window
# List a domain's cache rules
curl -H "X-Api-Key: $NSIN_KEY" \
https://api.nsin.ir/domains/example.com/rules/cache/
# Add a 1-hour cache rule for /assets
curl -X POST -H "X-Api-Key: $NSIN_KEY" -H "Content-Type: application/json" \
-d '{"ttl_sec":3600,"scope":"default","path_match_type":"wildcard","path_includes":["/assets/*"]}' \
https://api.nsin.ir/domains/example.com/rules/cache/
MethodPathDescription
DELETE/domains/{domain}/cache/Purge the domain’s entire edge cache
GET/cache/stats/?domain={domain}Cached entry count and on-disk size for the domain
Terminal window
curl -X DELETE -H "X-Api-Key: $NSIN_KEY" https://api.nsin.ir/domains/example.com/cache/

All domain-scoped analytics take ?domain={domain} and an optional &period=; account-wide endpoints aggregate across every domain you can see. Analytics requires a plan with monitoring enabled.

Per-domain

MethodPathDescription
GET/analytics/summaryRequests, bandwidth, visitors, cache ratio
GET/analytics/requestsRequests over time
GET/analytics/bandwidthBandwidth over time
GET/analytics/visitorsUnique visitors over time
GET/analytics/cacheCache hit/miss breakdown
GET/analytics/status-codesResponse status-code distribution
GET/analytics/countriesTraffic by visitor country
GET/analytics/asnsTraffic by visitor ASN
GET/analytics/protocolsTraffic by HTTP protocol
GET/analytics/top-urisMost-requested URIs
GET/analytics/top-requestsTop individual requests
GET/analytics/originsTraffic by origin server
GET/analytics/user-agentsTraffic by user agent
GET/analytics/traffic-by-cacheBandwidth split by cache status
GET/analytics/traffic-by-reqstatusBandwidth split by request status
GET/analytics/traffic-by-nodeBandwidth split by edge node
GET/analytics/unreachable-reasonsWhy origin requests failed
GET/analytics/waf-logsWAF match log
GET/analytics/logsRecent request logs
GET/analytics/markdown-testerPreview Markdown-for-Agents conversion
POST/analytics/queryAd-hoc read-only SQL over your own request logs

Account-wide

MethodPathDescription
GET/analytics/overviewHeadline metrics across all your domains
GET/analytics/domains-overviewPer-domain summary rows
GET/analytics/global-summaryCombined totals
GET/analytics/bandwidth-overviewBandwidth across all domains
GET/analytics/tunnel-suspectsDomains showing tunnel/VPN signatures
GET/analytics/node-countriesEdge node locations

Periods: 1h, 6h, 24h, 7d, 30d.

Terminal window
curl -H "X-Api-Key: $NSIN_KEY" \
"https://api.nsin.ir/analytics/summary?domain=example.com&period=24h"

Origin-outage detection and history, scoped by ?domain={domain}.

MethodPathDescription
GET/uptimeIncident history (sustained origin outages)
GET/uptime/liveCurrent per-subdomain origin health
GET/uptime/settingsRead outage-detection thresholds
PUT/uptime/settingsUpdate outage-detection thresholds and alerts

Per-domain advisory checklist (analytics + config + live probes), scoped by ?domain={domain}.

MethodPathDescription
GET/recommendationsList active recommendations
GET/recommendations/countCount of active recommendations
POST/recommendations/dismissDismiss a recommendation
DELETE/recommendations/dismissUn-dismiss a recommendation

Read-only. Keys can inspect a domain’s plan, enabled features, traffic usage and invoices, but cannot buy, switch, renew or top up — those return 403 and must be done from the panel.

MethodPathDescription
GET/domains/{domain}/subscriptionThe domain’s current subscription
GET/domains/{domain}/subscriptionsSubscription history for the domain
GET/domains/{domain}/subscriptions/{id}One subscription’s details
GET/domains/{domain}/featuresPlan features enabled for the domain
GET/domains/{domain}/traffic-usageTraffic used against the plan allowance
GET/domains/{domain}/invoicesInvoices for the domain
GET/domains/{domain}/invoices/{id}One invoice
GET/walletAccount wallet balance
GET/wallet/transactionsWallet transaction history
Terminal window
curl -H "X-Api-Key: $NSIN_KEY" \
https://api.nsin.ir/domains/example.com/traffic-usage

Manage who else can access a domain. Requires the owner or an admin role on the domain.

MethodPathDescription
GET/domains/{domain}/membersList members and their roles
PATCH/domains/{domain}/members/{userId}Change a member’s role
DELETE/domains/{domain}/members/{userId}Remove a member
GET/domains/{domain}/invitesList pending invitations
POST/domains/{domain}/invitesInvite by email or create a share link
POST/domains/{domain}/invites/{inviteId}/resendResend an email invite
DELETE/domains/{domain}/invites/{inviteId}Revoke a pending invite
GET/invites/{token}Look up an invite by its token
POST/invites/{token}/acceptAccept an invite
MethodPathDescription
GET/ticketsList your support tickets
GET/tickets/unread-countCount of tickets with unread replies
POST/ticketsOpen a ticket
GET/tickets/{id}Read a ticket and its messages
POST/tickets/{id}/messagesPost a reply

Errors are JSON: {"error": "message"} with conventional status codes — 400 invalid input, 401 invalid/revoked key, 403 missing permission (read-only key on a write, or insufficient domain role), 404 domain not found or not yours, 409 conflict (e.g. domain already registered), 429 rate limited (300 requests/minute per key).