Connectors
Connectors automatically import and sync domains from your cloud DNS providers into Detectify. Instead of manually adding assets, connectors keep your inventory current as your infrastructure changes.
How Connectors Work
Once configured, a connector queries your DNS provider’s API to retrieve all domains managed there. These domains are imported into Detectify as assets and serve as seeds for further subdomain discovery. Connectors sync continuously in the background, and you can also trigger a manual sync at any time from the connector’s settings page.
Supported Providers
Detectify supports connectors for the following cloud and DNS providers:
| Provider | Authentication Method |
|---|---|
| AWS Route 53 | Role-based (cross-account IAM role) or credential-based (access key and secret) |
| Azure DNS | Service principal with DNS Zone Reader permissions |
| Google Cloud DNS | Service account with DNS Reader role |
| Cloudflare | API token with Zone and DNS read permissions |
| GoDaddy | API key and secret |
| DigitalOcean | Personal access token |
| Alibaba Cloud DNS | AccessKey ID and secret |
| IBM NS1 | API key |
Setting Up a Connector
The general steps for any connector are:
- Navigate to Settings > Connectors.
- Click Add Connector and select your provider.
- Enter the required credentials (see provider-specific instructions below).
- Click Save and Sync to start the initial import.
Cloudflare Example
The following walkthrough shows how to set up the Cloudflare connector:
- Log in to your Cloudflare dashboard and go to My Profile > API Tokens.
- Click Create Token.
- Choose Create Custom Token.
- Configure the token permissions:
- Permissions: Zone > DNS > Read
- Zone Resources: Select the specific zones you want to sync, or choose All zones to import everything.
- Click Continue to Summary, then Create Token.
- Copy the generated token.
- In Detectify, go to Settings > Connectors > Add Connector > Cloudflare.
- Paste the API token and click Save and Sync.
Detectify imports all DNS records from the selected zones and begins subdomain discovery.
AWS Route 53
Detectify supports two authentication methods for AWS:
- Role-based (recommended): Create a cross-account IAM role that grants Detectify read-only access to your Route 53 hosted zones. This avoids storing long-lived credentials.
- Credential-based: Provide an IAM access key and secret with
route53:ListHostedZonesandroute53:ListResourceRecordSetspermissions.
Network Requirements
Connectors communicate from the following IP addresses. If your DNS provider or network requires allowlisting, add these IPs:
63.32.130.3954.73.182.19052.208.235.127
Sync Behavior
Connectors run on a continuous sync schedule. When new domains appear in your DNS provider, they are automatically imported into Detectify. Domains removed from your DNS provider are flagged but not automatically deleted from Detectify, giving you the opportunity to review changes before removing assets.
You can trigger a manual sync at any time by navigating to the connector and clicking Sync Now.
Managing Connectors
To edit or remove a connector, go to Settings > Connectors, select the connector, and choose Edit or Remove. Removing a connector stops future syncs but does not delete assets that were already imported.
Next Steps
With your connectors in place, assets are imported and kept in sync automatically. Proceed to run your first scan to begin security testing.