Skip to main content

CSC Global Integration Setup

This guide walks you through integrating CSC Global DomainManager with RAD Security to ingest your domain portfolio and DNS security posture, DNS zone records, and TLS certificates for external attack-surface and brand-protection analysis. CSC Global DomainManager manages enterprise domain registration, DNS, and digital certificates. RAD Security connects to the DomainManager API and pulls your domain, DNS, and certificate data on a scheduled basis. CSC Global covers domain registration and TLS — it complements DNS Made Easy, which covers operational DNS.
Read-only integration: RAD Security only reads data from CSC Global. It never registers, modifies, or deletes domains, DNS records, or certificates in your CSC account.

Prerequisites

Before you begin, ensure you have:
  • A CSC Global DomainManager account with API access enabled
  • An API-enabled admin login for the CSC DomainManager portal (weblogin.cscglobal.com)
  • Ability to generate a bearer API token and copy the API key
  • Knowledge of which environment to target — production or ote
  • Access to a RAD Security workspace with integration permissions

Understanding Integration Components

The CSC DomainManager API uses two credentials together on every request: a Bearer API Token (sent as Authorization: Bearer) and a per-account API Key (sent as the apikey header). Both are required.
CSC Global offers a production environment and an OTE sandbox. Production uses apis.cscglobal.com; the OTE sandbox uses apis-ote.cscglobal.com. Credentials are environment-specific — OTE credentials will not work against production and vice versa.
The CSC API token expires after roughly 30 days of inactivity and can be refreshed or regenerated in the portal. Because RAD polls continuously, the token normally stays alive — but if sync is disabled for a long period, you may need to regenerate it.

Step 1: Generate API Credentials in CSC DomainManager

1

Sign in to DomainManager

Sign in to the CSC DomainManager portal at weblogin.cscglobal.com as an API-enabled admin.
2

Generate the Bearer Token

Under the API settings, generate the bearer token. This is sent as Authorization: Bearer on every request.
The CSC API token expires after about 30 days of inactivity and can be refreshed or regenerated in the portal. RAD’s continuous polling keeps it alive, but if the integration is disabled for an extended period you may need to regenerate the token and update it in RAD Security.
3

Copy the API Key

Copy your per-account API key. This is sent as the apikey header on every request.
4

Determine the Environment

Decide whether to target production or the ote sandbox, and use the credentials issued for that environment.
Exact portal navigation and labels may vary. See the CSC DomainManager API documentation for the current steps to generate the bearer token and API key.

Configure in RAD Security

Navigate to your RAD Security workspace and configure the CSC Global integration with the following parameters:

Required Parameters

ParameterDescription
API TokenBearer token generated in the CSC admin portal (sent as Authorization: Bearer)
API KeyPer-account API key (sent as the apikey header)
Environmentproduction or ote (the CSC OTE sandbox)

Verify Integration

1

Check Connection Status

  1. Navigate to Data Sources > Integrations > Domain Security in RAD Security
  2. Locate your CSC Global integration
  3. Verify the connection status shows as Connected
Your CSC Global integration is now configured! RAD Security will ingest your domain portfolio, DNS records, and TLS certificates on a scheduled basis.

What Data is Synced

  • DKIM/SPF/DMARC and DNSSEC presence
  • Registrar locks: serverDelete, serverTransfer, and serverUpdate prohibited; multilock; vital flag
  • MX/A record counts and HTTP reachability
  • A/AAAA/CNAME/MX/TXT/NS/SRV/CAA records
  • Common name
  • Validity dates
  • Certificate status
This data feeds external attack-surface and brand-protection analysis in RAD Security.

Use Cases

Attack Surface Analysis

Map your external footprint across registered domains, DNS records, and certificates.

DNS Posture Hygiene

Track DKIM/SPF/DMARC, DNSSEC, and registrar locks across your portfolio.

Certificate Lifecycle

Catch expiring or misconfigured TLS certificates before they cause outages.

Brand Protection

Monitor your registered domains to support brand-protection workflows.

Troubleshooting

Possible causes:
  • Incorrect API token or API key
  • The API token has expired (after ~30 days of inactivity)
Solution:
  • Verify both the API Token and API Key are copied correctly (no extra spaces)
  • Regenerate the bearer token in the CSC portal if it has expired, then update it in RAD Security
  • Confirm the credentials belong to the environment you selected
Possible causes:
  • OTE sandbox credentials used against production (or vice versa)
Solution:
  • Ensure the Environment parameter matches the credentials: production for apis.cscglobal.com, ote for apis-ote.cscglobal.com
  • Generate credentials for the correct environment if needed
Possible causes:
  • RSQL filters scoping out all records
  • The account has no domains
Solution:
  • Confirm the account has domains in the CSC DomainManager portal
  • Review any configured filters that may exclude results

Security Best Practices

Use a Service Login

Generate API credentials under a dedicated admin login rather than a personal account.

Rotate Credentials

Regenerate the bearer token and API key periodically according to your security policy.

Secure Storage

Store the API token and API key in a secrets vault. Never commit them to version control.

Use OTE for Testing

Validate configuration against the OTE sandbox before connecting production.

Additional Resources

CSC DomainManager API

Official CSC DomainManager API v2 documentation

Domain Security Overview

Learn about RAD’s domain security integrations

Next Steps

DNS Made Easy Setup

Complement CSC Global with operational DNS from DNS Made Easy

Domain Security Overview

Explore other domain security integration options

Data Sources

Connect additional security data sources