mulesoft · failup · Mar 27, 2026 · Mar 27, 2026 · Mar 27, 2026 · Mar 30, 2026
@@ -18,6 +18,10 @@
  ** xref:manage-versions-instances-concept.adoc[Manage API Instance Versions]
  ** xref:configure-multiple-credential-providers.adoc[Configure Multiple Client Provider]
  ** xref:govern-api-instances.adoc[Govern API Instances]
+ ** xref:godaddy-overview.adoc[Agent verification (GoDaddy ANS)]
+ *** xref:godaddy-set-up.adoc[]
+ *** xref:godaddy-register-agent.adoc[]
+ *** xref:godaddy-verify-agent.adoc[]
 * xref:api-groups-landing-page.adoc[Manage API Groups]
  ** xref:api-groups-creating-groups.adoc[Create API Groups]
  ** xref:api-groups-modifying-groups.adoc[Modify API Groups]

@@ -0,0 +1,62 @@
+= Register Agents with GoDaddy ANS
+
+GoDaddy Agent Name Service (ANS) integration enables you to register and verify agents deployed through API Manager.
+
+Registration associates an agent with a fully qualified domain name (FQDN) and establishes a verifiable identity based on domain ownership. This identity is used across Anypoint Platform to indicate whether an agent is trusted and verified.
+
+This integration connects API Manager with GoDaddy to validate domain ownership and manage verification status.
+
+== Capabilities
+
+With GoDaddy ANS integration in API Manager, you can:
+
+* Register an agent instance with GoDaddy ANS
+* Verify agent identity using domain ownership validation
+* Track verification progress directly from API Manager
+* View verification status in Anypoint Exchange
+
+== Registration Workflow
+
+The registration workflow spans API Manager, GoDaddy, and your DNS provider.
+
+Initiate registration from an API instance in API Manager. GoDaddy validates domain ownership using standard verification methods such as DNS or ACME challenges. API Manager tracks the verification process and updates the agent status when verification is complete.
+
+Depending on your domain configuration, some steps might require manual action.
+
+== Consumer Endpoint and FQDN
+
+The consumer endpoint configured for the agent is used to derive a fully qualified domain name (FQDN) that uniquely identifies the agent.
+
+Only the hostname of the endpoint is used. For example, in `https://example.com/path`, the registered domain is `example.com`.
+
+This domain is registered as part of the verification process and can't be modified after registration.
+
+For more information, see https://www.godaddy.com/resources/skills/whats-a-fully-qualified-domain-name-fqdn-and-whats-it-good-for[What is a Fully Qualified Domain Name (FQDN)?].
+
+== Domain Requirements
+
+The domain used for registration must meet these requirements:
+
+* Be a custom domain (vanity domain)
+* Not be a MuleSoft-managed domain such as `cloudhub.io`, as these domains aren’t supported
+* Be associated with a valid DNS configuration
+
+If these requirements aren't met, registration can't proceed.
+
+== Integration with Anypoint Exchange
+
+Verification status is reflected in Anypoint Exchange:
+
+* Verified agents display a visual indicator in search results and asset pages
+* Verification is tied to the agent instance and its associated domain
+
+== Next Steps
+
+Before registering an agent, ensure that your environment is properly configured.
+
+For more information, see xref:godaddy-set-up.adoc[Prepare Your Environment for Agent Verification].
+
+== See Also
+
+* xref:api-manager::index.adoc[API Manager Overview]
+* xref:exchange::index.adoc[Anypoint Exchange]
@@ -0,0 +1,49 @@
+= Create an Agent Instance
+
+Create an agent instance in API Manager to expose your agent and configure its runtime, endpoint, and routing settings.
+
+After creating the agent instance, you can verify its identity using GoDaddy ANS to associate it with a domain and enable its verified status in Anypoint Exchange.
+
+== Requirements
+
+Before you begin, make sure that:
+
+* The API instance is deployed and accessible
+* You have access to a target runtime (for example, Flex Gateway)
+* You have the required permissions to manage API instances
+
+== Create an Agent Instance
+
+. In Anypoint Platform, go to *API Manager*.
+. Click *Add new instance*.
+. Select the agent or API asset you want to deploy.
+. Configure the runtime settings:
++
+* Select the target gateway
+* Choose the deployment configuration
++
+. Configure the endpoint settings:
++
+* *Consumer endpoint*: The public endpoint where the agent is exposed  
++
+This endpoint is used to derive the domain that identifies the agent during verification.
++
+. Configure the upstream service:
++
+* Provide the target service or backend configuration
++
+. Review the configuration and click *Deploy*.
+
+After deployment, the agent instance is created and available in API Manager.
+
+== Next Steps
+
+After creating the agent instance:
+
+* Verify the agent identity using GoDaddy ANS
+* Complete domain validation to enable verified status
+* Confirm that the agent displays as verified in Anypoint Exchange
+
+Before verification, ensure that your environment is properly configured.
+
+For more information, see xref:godaddy-set-up.adoc[Prepare Your Environment for Agent Verification]
@@ -0,0 +1,90 @@
+= Prepare Your Environment for Agent Verification
+
+Before verifying an agent using GoDaddy Agent Name Service (ANS), configure your environment to support domain-based identity validation.
+
+Verification requires a custom domain, a configured runtime environment, and secure communication settings.
+
+== Custom Domain
+
+Agent verification requires a custom domain (vanity domain) that you own and control.
+
+* The domain associated with your agent must match the consumer endpoint used during registration.
+* The domain is used to establish the agent’s identity.
+* You must be able to create and manage DNS records for the domain.
+* MuleSoft-managed domains such as `cloudhub.io` aren't supported.
+
+== Private Space
+
+Deploy agents in a private space that supports custom domains and TLS configuration.
+
+If you don't already have a private space, create one in Runtime Manager before proceeding.
+
+For more information, see xref:cloudhub-2::ps-manage.adoc[Private Spaces].
+
+== TLS Context
+
+Configure a TLS context in your private space for the domain used by the agent.
+
+TLS configuration enables secure communication and is required to complete verification. A TLS context must be configured for the domain used by the agent.
+
+API Manager requires a valid TLS context for the domain before verification can proceed.
+
+To configure a TLS context:
+
+. In Anypoint Platform, go to *Runtime Manager*.
+. Select your private space.
+. Open the *TLS* or *Domains and TLS* section.
+. Create a new TLS context for your domain.
+. Upload a valid certificate for the domain.
+
+Make sure that:
+
+* The TLS context is associated with your domain
+* The certificate is valid and active
+* The domain matches the consumer endpoint used by the agent
+
+If no TLS context is configured, verification can't proceed and an error is displayed.
+
+For more information, see xref:cloudhub-2::ps-config-domains.adoc[Configure domains and TLS certificates]
+
+== Gateway Configuration
+
+Agents must be exposed through a configured gateway to support domain-based verification.
+
+When using Flex Gateway, you must configure an endpoint for each agent using your custom domain.
+
+For setup instructions, see xref:gateway::flex-gateway-managed-set-up.adoc[Set up Flex Gateway in managed mode].
+
+Make sure that:
+
+* Each agent is mapped to a unique endpoint or path in the gateway configuration
+* The endpoint uses the same domain as the agent’s consumer endpoint
+
+[NOTE]
+====
+Each agent must be configured with a separate endpoint in the gateway.
+
+If multiple agents are deployed on the same domain, each one requires its own explicit endpoint configuration.
+====
+
+== Secret Group Access
+
+Agent verification requires access to a secret group in Secrets Manager.
+
+The secret group is used to store generated security artifacts during verification.
+
+Make sure that:
+
+* At least one secret group exists
+* You have permission to write to the selected secret group
+
+If you don't have the required permissions, you can't complete verification.
+
+IMPORTANT: If the domain, TLS context, and gateway configuration aren't aligned, agent verification can't be completed.
+
+== Next Steps
+
+After completing the environment setup:
+
+* xref:godaddy-register-agent.adoc[Create an agent instance]
+* xref:goddady-verify-agent.adoc[Verify an agent using GoDaddy ANS]
@@ -0,0 +1,101 @@
+= Verify an Agent Using Godaddy Ans
+
+Verify an agent to establish a trusted identity based on domain ownership and enable its verified status in Anypoint Exchange.
+
+Verification uses GoDaddy Agent Name Service (ANS) to validate the domain associated with the agent and confirm that you control it.
+
+== Before You Begin
+
+Before verifying an agent, make sure that:
+
+* The agent instance is created and deployed in API Manager
+* A valid consumer endpoint is configured for the agent
+* You have GoDaddy API credentials (API key and secret)
+* You have access to manage DNS records for the domain
+* You have access to a secret group in Secrets Manager
+
+For infrastructure requirements such as domain configuration and TLS setup, see xref:godaddy-set-up.adoc[Prepare your environment for agent verification].
+
+== Start Agent Verification
+
+. In Anypoint Platform, go to *API Manager*.
+. Select the API instance that represents your agent.
+. Click *Actions* > *Verify agent identity*.
+
+The verification wizard opens and guides you through the required steps.
+
+== Step 1: Provide Prerequisites
+
+In this step:
+
+* Confirm or update the *Consumer endpoint*
++
+The consumer endpoint is used to derive the domain that is verified. Only the hostname is used. This domain becomes part of the agent’s identity and can't be changed after registration.
+
+* Select a *Secret group*
++
+The secret group is used to store credentials and generated security artifacts required for verification.
+
+You must have access to at least one secret group with sufficient permissions to continue. 
+
+If the domain or environment isn't correctly configured, validation errors are displayed and you can't proceed.
+
+== Step 2: Enter GoDaddy ANS Credentials
+
+Provide your GoDaddy credentials:
+
+* *API key*
+* *API secret*
+
+These credentials are used to authenticate with GoDaddy ANS and initiate the verification process.
+
+If you don’t already have these credentials, generate them in your GoDaddy account.
+
+== Step 3: Verify Domain Ownership (Acme)
+
+To prove domain ownership, create a DNS TXT record using the provided values.
+
+. Copy the record details.
+. In your DNS provider, create the TXT record.
+. Return to API Manager and click *Verify*.
+
+API Manager checks whether the record has been propagated and validated.
+
+[NOTE] 
+ACME records expire after a limited time. If they expire, new records are generated automatically when you retry verification.
+
+== Step 4: Verify DNS Records
+
+After ACME verification, additional DNS records are generated.
+
+. Copy the provided DNS records.
+. Add them to your DNS provider.
+. Click *Verify*.
+
+These records enable secure communication and complete the verification process.
+
+== Verification Process
+
+Verification is asynchronous and depends on DNS propagation and external validation.
+
+* Status updates are displayed in API Manager
+* Verification can take several minutes or longer depending on DNS updates
+* API Manager continues checking the status after verification is initiated
+
+You can close the verification dialog and return later. The status continues to update in the background.
+
+== Retry or Restart Verification
+
+If verification isn't completed:
+
+* DNS records can expire after a limited time
+* You can restart the verification process from the agent instance
+* New DNS records are generated when restarting
+
+== After Verification
+
+When verification is successful:
+
+* The agent is marked as verified in API Manager
+* A verified indicator appears in Anypoint Exchange
+* The agent is associated with a trusted domain identity