Gandi Integration
Follow this guide to connect your Gandi account, which will allow for the automatic setup and management of your DNS records for DMARC, EasySPF, and MTA-STS directly from your dashboard. This process eliminates the need for manual DNS configuration and reduces the risk of errors.
The connection is secured using a Gandi Personal Access Token (PAT). This token gives our platform limited, specific permissions to manage DNS records on your behalf without exposing your account's sensitive details or billing information.
Step 1: Log in to Gandi and Navigate to Your Organization
1. Log in to your account at gandi.net.
2. In the main menu on the left, click on ORGANIZATIONS.
3. From the list that appears, click on the name of the Organization that contains the domain(s) you wish to manage.
Step 2: Create a Personal Access Token (PAT)
1. On your organization's page, click the Sharing tab in the top menu.
2. Click the blue "Create a token" button to open the token creation form
Step 3: Configure the Token's Permissions
You will now see a form to configure the new token. It is crucial to set these fields correctly to ensure a secure and functional connection.
1.Name of your PAT: Enter a descriptive name that you will recognize later, such as "EasyDMARC Integration".
2.Expires in: This field sets the token's lifespan. We recommend selecting the maximum duration of 1 year to minimize how often you need to regenerate the token.
3.Token resources: This defines which of your domains the token can access.
○ To allow management for all current and future domains in this organization, select "The whole organization".4. Permissions granted to the token:
○ For more targeted control, select "Restrict to selected products" and choose the specific domain(s) from the dropdown menu.
This is the most important security step. You must grant the specific permission for DNS management. In the list of permissions under the "Domains" product family, check the box for:
○ Manage domain name technical configurations.5. Click the Create button at the bottom of the form.
○ Note: When you select this, the system will automatically check See and renew domain names as well. This is normal and required.○ No other permissions are needed.
Step 4: Securely Copy Your New Token
After clicking "Create," Gandi will display your new Personal Access Token.
Important: For security reasons, this token will be shown only once. You must copy it immediately. If you lose the token before pasting it into your dashboard, you will have to delete the old one and create a new one.
Step 5: Find Your Sharing ID (Optional but Recommended)
If your user account is a member of multiple Gandi Organizations, you should also provide your Sharing ID to avoid ambiguity.
1. While on your organization's page in the Gandi dashboard, look at your web browser's address bar.
2. The URL will look similar to this:
https://admin.gandi.net/organizations/.../PLTS/[this-is-you r-sharing-id]/profile.
3. Copy the long string of characters that appears after /PLTS/. This is your Sharing ID.
Step 6: Complete the Connection in Your Dashboard
1. Return to your dashboard and navigate to the Gandi integration page.
2. Paste the Personal Access Token (PAT) you copied in Step 4 into the appropriate field.
3. Paste the optional Sharing ID you found in Step 5.
4. Click Connect.
Your Gandi integration is now complete. Our platform will verify the connection and begin managing your DNS records automatically.
A Note on Token Expiration: Because Gandi Personal Access Tokens have a maximum life of one year, the connection will need to be refreshed when the token expires. Our platform will notify you before your token is set to expire. To maintain the connection, you will need to follow these steps again to create a new token and update it in your dashboard.