---
title: Concepts
path: concepts
status: published
---

# Concepts

The mental model behind ScaiDNS. Read these once before you write code against the API — the rest of the documentation assumes the vocabulary defined here.

## Pages in this section

- [Architecture](./architecture.md) — how the API, PowerDNS, MariaDB, and ScaiKey fit together.
- [Authentication](./authentication.md) — JWTs for humans, API keys for machines.
- [Zones and Records](./zones-and-records.md) — the foundational resource model.
- [Tenants and Users](./tenants-and-users.md) — the identity hierarchy sourced from ScaiKey.
- [Permissions and Access](./permissions-and-access.md) — how authorization resolves at request time.
- [Domain Validation](./validation.md) — proving ownership before a zone goes live.
- [DNSSEC](./dnssec.md) — cryptographic signing, key lifecycle.
- [Errors](./errors.md) — the response shape and common patterns.

## Where to go next

Once you've read the concepts, head to [Tutorials](../tutorials/index.md) for task-oriented walkthroughs, or jump straight into the [API Reference](../reference/index.md) if you already know what you want to call.