How to Verify Ownership of a Target 

Last updated: June 2, 2026

Introduction

Before running any vulnerability scan, you must verify that you own or are authorized to test the application or domain you're adding. This step protects your application by ensuring only authorized users can initiate scans against it.

Getting Started

  1. Go to the Targets page in your Astra dashboard.

  2. In the Pending Verification section, click Start Verification next to your target.

  3. Fill in the basic details — application name, business name, and target URL.

  4. Choose a verification method (see options below).

Verification Methods

1. File Upload [Recommended]

Upload a specific verification file to the root directory of your web server.

Why it's the recommended approach:

  • Verification is instant — no waiting for DNS propagation

  • Simpler to implement than modifying DNS records

  • Less room for error, especially if DNS is managed by a separate team

Important: Each target has a unique verification file. Make sure you upload the correct file for the right target.

2. DNS Verification

Add a specific TXT record to your domain's DNS settings. This proves you have control over the domain associated with your application.

Keep in mind that DNS changes can take time to propagate, so this method is generally slower than file upload.

3. Manual Verification

If neither of the above methods works for your setup — for example, if your target is an API or your infrastructure doesn't support file uploads or DNS changes — you can request manual verification.

Submit the request and the Astra support team will manually verify your ownership. This process can take up to 12–24 hours. You'll receive an email confirmation once it's approved.

Note for API targets: Manual verification is the only supported method for API targets. Select Manual Verification when setting up your API target and the support team will handle the rest.

What Happens Next

Once verification is complete, your target moves from Pending Verification to Pending Setup, where you can configure it before running your first scan.

Troubleshooting

Wrong verification file uploaded Each target has its own unique verification file. Double-check that you've downloaded and uploaded the file for the correct target.

Connection to your server timed out Ensure your server is up and responding, then try again. If the issue persists, raise a support ticket from your dashboard.

Manual verification taking longer than expected Manual reviews are typically completed within 12–24 hours. If you haven't heard back after that window, reach out to the support team.