If your API endpoints are already indexed on 402 Index (e.g., from Bazaar, Satring, or self-registration), you can verify domain ownership to edit your listings directly — update names, descriptions, categories, and pricing without contacting us.
Your domain is the hostname of your API endpoints. For example, if your endpoint URL is
https://api.example.com/v1/chat, your domain is api.example.com.
You can search the directory to find your listings, or use the API to query by URL.
Initiate a claim by sending a POST request with your domain. You'll receive a unique verification token and instructions.
curl -X POST https://402index.io/api/v1/claim \
-H 'Content-Type: application/json' \
-d '{"domain": "api.example.com"}'
Response:
{
"domain": "api.example.com",
"verification_token": "a1b2c3d4e5f6... (64 hex characters)",
"verification_url": "https://api.example.com/.well-known/402index-verify.txt",
"instructions": "Place a text file at the URL above containing only this token: a1b2c3d4..."
}
Save the verification_token — this becomes your ongoing credential
for editing listings. The claim expires after 72 hours if not verified.
Create a file at /.well-known/402index-verify.txt on your domain containing
only the verification token (no extra whitespace, HTML, or JSON — just
the raw token string).
app.get('/.well-known/402index-verify.txt', (req, res) => {
res.type('text/plain').send('YOUR_TOKEN_HERE')
})
location = /.well-known/402index-verify.txt {
return 200 'YOUR_TOKEN_HERE';
default_type text/plain;
}
Create the file public/.well-known/402index-verify.txt (or equivalent
static directory) with the token as its only content.
Once the file is in place, trigger verification:
curl -X POST https://402index.io/api/v1/claim/verify \
-H 'Content-Type: application/json' \
-d '{"domain": "api.example.com"}'
Response:
{
"domain": "api.example.com",
"status": "verified",
"services_count": 12
}
We fetch your verification file, compare the token, and mark your domain as verified. The file must be served directly (no redirects) and must be under 1KB.
With a verified domain, you can update any service whose URL hostname matches your domain.
Include your domain and verification_token in every request:
curl -X PATCH https://402index.io/api/v1/services/SERVICE_ID \
-H 'Content-Type: application/json' \
-d '{
"domain": "api.example.com",
"verification_token": "a1b2c3d4e5f6...",
"description": "Updated description for my API",
"category": "ai/text",
"price_usd": 0.01
}'
| Field | Type | Constraints |
|---|---|---|
name | string | Max 200 characters |
description | string | Max 2000 characters |
category | string | Max 100 characters |
price_usd | number | Non-negative |
price_sats | integer | Non-negative integer |
payment_asset | string | Max 50 characters (e.g. BTC, USDC) |
payment_network | string | Max 50 characters (e.g. Lightning, Base) |
If your token is compromised or you want to rotate credentials, revoke it:
curl -X POST https://402index.io/api/v1/claim/revoke \
-H 'Content-Type: application/json' \
-d '{
"domain": "api.example.com",
"verification_token": "a1b2c3d4e5f6..."
}'
This invalidates the token immediately. To regain access, start the claim flow again from step 2. You'll need to place a new verification file with the new token.
Questions? Email hello@402index.io or check the API docs for the full endpoint reference.