Using a Custom Domain with Aiphoria
Why Use a Custom Domain?β
Using a custom domain for your Aiphoria payment links provides significant benefits for your business and customers:
-
Build Trust and Confidence When customers make payments, they expect to interact with your brand, not a third-party domain. A custom domain like
payments.megacorp.comreinforces your brand identity and increases customer confidence during the payment process. -
Brand Consistency Maintain a consistent brand experience throughout the entire customer journeyβfrom your website to the payment page. This seamless experience strengthens brand recognition and customer loyalty.
-
Enhanced Security Perception Customers are increasingly aware of phishing attempts and fraudulent websites. A custom domain linked to your organization demonstrates legitimacy and helps customers verify they're on the correct payment page.
-
Better Email Deliverability When sending payment links or receipts via email, using your own domain (e.g.,
DoNotReply@megacorp.com) improves email deliverability and reduces the likelihood of messages being marked as spam.
If an Aiphoria customer would like to use a custom domain for platform access, this document will guide you through the required steps.
In this generic example, we will use megacorp.com.
Step 1 β CAA Requirementsβ
In this example, the megacorp.com domain has a CAA record specifying globalsign.com as the only certificate authority (CA) that is allowed to issue SSL/TLS certificates.
You can verify if your domain has a CAA record using:
Online Toolsβ
Use tools like MXToolbox or DNSChecker to check if the CAA record is currently set.
Command Lineβ
dig megacorp.com CAA
Aiphoria requires GoDaddy to be an additional certificate authority.
Microsoft Azure uses GoDaddy to manage SSL/TLS certificates, streamlining the renewal process without requiring manual intervention.
If a CAA other than GoDaddy is set, continue below.
If not, you can skip to Step 2 (or if you donβt have any CAA records configured).
Add a CAA DNS Record for GoDaddyβ
- Access the DNS Management Portal for
megacorp.com. - Locate the DNS Management Section (DNS Settings / DNS Management / Zone Editor).
- Add a new DNS record.
- Select CAA as the record type.
- Enter the following values:
| Field | Value |
|---|---|
| Name | megacorp.com (or leave blank for root) |
| Type | CAA |
| TTL | 3600 (default) |
| Flags | 0 |
| Tag | issue |
| Value | godaddy.com |
Notes:
- Name: leave blank or specify
megacorp.com - Flags:
0(standard) - Tag:
issue - Value:
godaddy.com
- Save the record.
Example CAA Record Configurationβ
megacorp.com. 7200 IN CAA 0 issue "godaddy.com"
megacorp.com. 7200 IN CAA 0 issue "globalsign.com"
megacorp.com. 7200 IN CAA 0 issuewild ";"
This configuration authorizes GoDaddy and GlobalSign to issue SSL certificates for megacorp.com.
Verify the CAA Record (Optional)β
Online Tool: MXToolbox or DNSChecker
Command Line:
dig megacorp.com CAA
Step 2 β TXT DNS Updatesβ
After completing Step 1 (or if Step 1 is not required), Aiphoria can now request certificates for the domain and supply the TXT records needed for domain verification.
In this example, we will use:
production-aiphoria.megacorp.comtest-aiphoria.megacorp.com
Aiphoria recommends providing two URLs (production and testing).
Azure will create and manage SSL certificates to ensure that sensitive data is securely delivered via SSL/TLS encryption.
Tell Aiphoria the domains you wish to useβ
Once you confirm the product names or URLs, Aiphoria will generate the TXT values needed in the following steps.
Add the TXT DNS Records (example only)β
| Field | Value |
|---|---|
| Name | megacorp.com |
| Type | TXT |
| TTL | 3600 (default) |
| Value | (generated after domain is added to Azure) |
Step 3 β A Record DNS Updatesβ
Once the TXT records are verified and confirmed to Aiphoria, we will supply A records to route traffic to the Aiphoria Gateway.
Productionβ
| Field | Value |
|---|---|
| Name | production-aiphoria.megacorp.com |
| Type | A |
| TTL | 3600 |
| Value | VALUE TO BE PROVIDED |
Testβ
| Field | Value |
|---|---|
| Name | test-aiphoria.megacorp.com |
| Type | A |
| TTL | 3600 |
| Value | VALUE TO BE PROVIDED |
Once these steps are completed, the subdomains will be approved and traffic will be delivered securely.
Step 4 β Email DNS Updates (Optional)β
The below email steps are only needed if you are sending SMS via the Aiphoria Transact solution directly to end customers for pay-by-link payments.
If the customer would like Aiphoria to send emails from their own domain (e.g. DoNotReply@megacorp.com), the following DNS TXT records must be added to verify megacorp.com in the Aiphoria Email Communication Service.
This will be used for password reset emails sent from the Aiphoria portal.
Required DNS TXT Recordsβ
Domain Verificationβ
| Field | Value |
|---|---|
| Name | megacorp.com |
| Type | TXT |
| TTL | 3600 |
| Value | VALUE TO BE PROVIDED |
SPF Recordβ
| Field | Value |
|---|---|
| Name | megacorp.com |
| Type | TXT |
| TTL | 3600 |
| Value | v=spf1 include:spf.protection.outlook.com -all |
DKIM Record 1β
| Field | Value |
|---|---|
| Name | selector1-azurecomm-prod-net._domainkey |
| Type | TXT |
| TTL | 3600 |
| Value | selector1-azurecomm-prod-net._domainkey.azurecomm.net |
DKIM Record 2β
| Field | Value |
|---|---|
| Name | selector2-azurecomm-prod-net._domainkey |
| Type | TXT |
| TTL | 3600 |
| Value | selector2-azurecomm-prod-net._domainkey.azurecomm.net |