For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
DashboardGet started
  • Getting Started
    • Introduction
    • Quickstart
    • Errors
  • Core Concepts
    • Capabilities
    • Containers
    • Gateway
    • Wallets and top-ups
    • Grants and controls
    • Mandates
    • Approvals
    • Receipts
    • Settlements
  • Authentication
    • Authentication overview
    • Wallet sign-in (SIWE)
    • Connected apps (OAuth)
  • Guides
    • Call a capability
    • Monetize an API
    • Apply for public capability
    • Realtime notifications
  • Agents
    • MCP
    • CLI
  • Admin
    • Capability applications
  • API Reference
    • Overview
    • Authentication
  • Generated API Explorer
LogoLogo
DashboardGet started
On this page
  • Anatomy
  • When to use a container vs leave a capability standalone
  • Domain verification
  • Verification flow
  • What verification doesn’t do (yet)
  • API endpoints
  • MCP tools
  • Related
Core Concepts

Containers

Was this page helpful?
Previous

Gateway

Next
Built with

A container is a brand or product grouping over capabilities. One container, many capabilities — usually one per HTTP endpoint of that brand.

Without containers:

eats.dimenzuri.book-room
eats.dimenzuri.cancel-booking
eats.dimenzuri.checkin
eats.dimenzuri.room-service

…appears in the registry as four independent rows. Agents have to mentally cluster them by slug prefix.

With a container:

Container: Dimenzuri  (verified: dimenzuri.example.com)
  ├─ dimenzuri.book-room
  ├─ dimenzuri.cancel-booking
  ├─ dimenzuri.checkin
  └─ dimenzuri.room-service

…agents see one branded entity with a description, logo, website, and a verified domain badge. Discovery improves, abuse drops.

Anatomy

1{
2  "id": "ctr_...",
3  "slug": "dimenzuri",
4  "name": "Dimenzuri",
5  "description": "A Kenyan hotel chain offering booking, room service, and concierge endpoints.",
6  "logo_url": "https://dimenzurihotels.example/logo.png",
7  "website_url": "https://dimenzurihotels.example",
8  "owner_account_id": "acc_...",
9  "status": "active",
10  "claimed_domain": "dimenzuri.example.com",
11  "domain_verified_at": "2026-05-22T09:14:00.000Z"
12}

claimed_domain + domain_verified_at are present once the owner has proven control via DNS (see Domain verification).

When to use a container vs leave a capability standalone

  • Use a container if you operate ≥ 2 capabilities under the same brand or product.
  • Skip it for one-off capabilities, hobby endpoints, or experiments.

Containers are optional — ungrouped capabilities still work fine and remain discoverable via GET /v1/capabilities.

Domain verification

The strongest signal a container’s owner truly represents a brand is DNS control: only dimenzuri.example.com’s owner can create a TXT record under that domain.

Verification flow

1

Claim the domain

From the container’s dashboard page or via the API:

1POST /v1/capability-containers/{id}/domain/claim
2{ "domain": "dimenzuri.example.com" }

Returns a token to publish at _lipafy.<domain>:

1{
2  "claim": {
3    "verification_record_host": "_lipafy.dimenzuri.example.com",
4    "verification_record_value": "lipafy-verify=<token>",
5    "verified": false
6  }
7}
2

Publish a TXT record

At your DNS provider:

Type:  TXT
Name:  _lipafy.dimenzuri.example.com
Value: lipafy-verify=<token-from-claim>
TTL:   300

Wait 1-5 minutes for propagation.

3

Verify

1POST /v1/capability-containers/{id}/domain/verify

Lipafy resolves the TXT record and checks for the token. On success, domain_verified_at is set and the container shows a verified badge in the public registry.

What verification doesn’t do (yet)

  • It does NOT yet enforce that capability slugs match the verified domain. Today you can have a verified domain dimenzuri.example.com but slugs called pizza.delivery. A future hardening pass will require the slug’s domain segment to match.
  • It does NOT prove the legal entity behind the domain. DNS control ≠ trademark ownership. Use the admin review process (Apply for a public capability) for the trademark layer.

API endpoints

MethodPathAuthPurpose
GET/v1/capability-containersPublicList all active containers (registry)
GET/v1/capability-containers/mineOwnerList your containers
GET/v1/capability-containers/{idOrSlug}PublicGet one container + its public capabilities
POST/v1/capability-containersOwnerCreate a container
PATCH/v1/capability-containers/{id}OwnerUpdate (name, description, logo, website, status)
DELETE/v1/capability-containers/{id}OwnerArchive (soft-delete)
POST/v1/capability-containers/assignOwnerAttach (or detach with container_id: null) a capability to this container
POST/v1/capability-containers/{id}/domain/claimOwnerBegin DNS verification
POST/v1/capability-containers/{id}/domain/verifyOwnerCheck the TXT record

MCP tools

For agents using the Model Context Protocol:

ToolPurpose
lipafy.list_containersBrowse active containers (grouped view of capabilities)
lipafy.get_containerDrill into one container and see all its capabilities
lipafy.list_capabilitiesFlat list of all capabilities (use when grouping is not helpful)

Agents that want to find capabilities by brand should prefer list_containers → get_container → execute_capability over the flat list.

Related

  • Capabilities — the underlying primitive containers group.
  • Apply for a public capability — the human-reviewed listing path that complements DNS verification.