Verifying your domain during onboarding (Arrival board)
If you mentioned a URL in your describe-it textarea — "…wine bar in Brooklyn at oakbar.com" — the Arrival Board surfaces a Domain lane with a "Verify {domain}" button. Click it and Turtini mints a DNS TXT challenge bound to your user account; once you drop the record into your DNS, the lane auto-polls every 15 seconds and flips to VERIFIED when it sees the record. Your Verified-by-Turtini trust badge publishes the moment you click Create.
Step-by-step:
1. **Mention your domain in the describe step.** The arrival classifier regex-extracts any URL from your free-text description. Bare domains work ("oakbar.com"), as do full URLs ("https://oakbar.com/menu").
2. **Click "Verify {domain}" on the Domain lane.** Turtini calls the arrivalDomainStart Cloud Function which mints a session-scoped 24-char base32 token, writes a pre-org verification record bound to (your userId, the domain), and returns DNS instructions.
3. **Add the TXT record at your DNS provider.** Host: `_turtini-verify.{your-domain}`. Value: `turtini-domain-verify={your-token}`. The lane shows both values in monospace; copy-paste each into Cloudflare / Namecheap / GoDaddy / whoever you use.
4. **Wait — or hit Recheck.** Every 15 seconds the lane re-resolves DNS and asks the server to confirm. As soon as the record propagates (usually under a minute, sometimes up to an hour depending on your registrar's TTL), the lane flips to VERIFIED and shows a green badge.
5. **Click Create on step 3.** Right after your org is created, Turtini materializes the pre-org verification record into your org's orgDomains/{domain} doc with status: 'verified'. The existing onOrgDomainVerifiedAutoIssue trigger picks that up and emits an Ed25519-signed domainVerified credential. Your /trust/{orgId} public page lights up immediately.
What if the verification expires?
Pre-org verification tokens are good for 72 hours. If you don't finish onboarding in that window, the record marks itself expired and the lane prompts you to restart with a fresh token. Just click "Restart verification" and you get a new token; the old TXT record at your provider can be deleted.
What if I skip verification?
Skip entirely — we still capture the domain into your org's website field at Create. You can verify later from Account → Org Settings → Domains, which uses the same DNS TXT challenge under the same _turtini-verify.{domain} record. The difference is that the trust badge takes a few minutes to publish instead of being ready the instant your org exists.
What about Verified-by-Turtini partner co-signatures?
Verified-by-Turtini supports partner authorities co-signing credentials (a chamber of commerce, an industry association, a regulator). Domain verification on the Arrival board issues the platform-signed credential only; partner co-signs happen separately via /cosign — see "Verified-by-Turtini issuer chain."