# Create DNSSEC security key This function generates a DNSSEC zone key for a domain. Note: * After you enable DNSSEC on the domain, you must add the DS records to your registrar. * You cannot modify the DNSSEC security key. To make any changes, you must disable (and delete) and re-create the DNSSEC security key. Important: When you disable the DNS role, the system disables this function. Endpoint: GET /DNSSEC/add_zone_key Version: 11.136.0.13 Security: BasicAuth ## Query parameters: - `algo_num` (integer, required) The algorithm that the system uses to generate the security key. * 5 — RSA/SHA-1 * 6 — DSA-NSEC3-SHA1 * 7 — RSASHA1-NSEC3-SHA1 * 8 — RSA/SHA-256 * 10 — RSA/SHA-512 * 13 — ECDSA Curve P-256 with SHA-256 * 14 — ECDSA Curve P-384 with SHA-384 Note: We recommend that you use 'ECDSA Curve P-256 with SHA-256' if your registrar supports it. Enum: 5, 6, 7, 8, 10, 13, 14 - `domain` (string, required) The domain on which to enable DNSSEC. Example: "example.com" - `key_type` (string, required) The type of key to add. * ksk * zsk Enum: "ksk", "zsk" - `active` (integer) Whether to activate the newly-created key. * 1 — Activate the key. * 0 — Do not activate the key. Enum: 0, 1 - `key_size` (integer) The key's size, in bits. Note: For the following algo_num and key_type parameters, the key_size defaults to the following values: * 5 — ksk 2048 zsk 1024 * 6 — ksk 2048 zsk 1024 * 7 — ksk 2048 zsk 1024 * 8 — ksk 2048 zsk 1024 * 10 — ksk 2048 zsk 1024 * 13 — ksk 256 zsk 256 * 14 — ksk 384 zsk 384 Example: 2048 ## Response 200 fields (application/json): - `apiversion` (integer) The version of the API. Example: 3 - `func` (string) The name of the method called. Example: "add_zone_key" - `module` (string) The name of the module called. Example: "DNSSEC" - `result` (object) - `result.data` (object) - `result.data.domain` (string) The domain for which the system added a security key. Example: "example.com" - `result.data.error` (string) An error message that describes why the system could not add the security key. Note: The function only displays this return when the success return is a 0 value. Example: "Error: Invalid key_id or domain specified: No such key present for domain." - `result.data.new_key_id` (string) The security key's ID. Example: "1" - `result.data.success` (integer) Whether the system added the security key. * 1 — The system added the security key. * 0 — The system failed to add the security key. Enum: 1, 0 - `result.errors` (array,null) List of errors if the API failed. - `result.messages` (array,null) List of messages generated by the API. - `result.metadata` (object) - `result.status` (integer) - 1 - Success - 0 - Failed: Check the errors field for more details. Enum: 0, 1 - `result.warnings` (array,null) List of warnings generated by the API. Warnings describe non-critical failures or other problematic conditions noted while running a API.