Origin server and Host header
Every property has at least one origin — the backend server the Paradarum CDN pulls content from when an edge node has a cache miss. The first origin is created automatically when you create the property; you can change it later from the property's General tab.
What an origin is
An origin is defined by three things:
- A host — a hostname or IP (with an optional scheme and port) that points at your backend.
- An optional Host Header override — the value sent in the upstream
Hostheader. - An SSL verify toggle — whether the origin's TLS certificate is validated.
There is no separate "origin type" to choose. An origin is just a host string plus those two settings. See Allowed origins for the full list of accepted host forms.
Editing the origin host
- Open your property and go to the General tab.
- In the Origin Server card, click the pencil icon to enable editing of the Origin Hostname field.
- Type the new host — for example
origin.example.com,1.2.3.4:8080, orhttps://backend.example.com. - Click the check icon to save. The panel runs a live regex check and shows
Invalid hostname format!if the value doesn't match.
If you don't include a port, the API normalizes the host by appending :80. So example.com is stored as example.com:80. To use a TLS origin on 443, specify it explicitly — example.com:443 or https://example.com. See Allowed origins.
Host Header override
The Host Header card lets you override the Host header the CDN sends to the origin. This is useful when your origin serves multiple virtual hosts and expects a specific Host value that differs from the public hostname.
- Click the pencil, enter a value (for example
backend.example.com), and save. - Leave it empty to forward the request's own hostname — the CDN passes through the hostname the visitor requested.
SSL verification
The sslVerify flag controls whether the origin's TLS certificate is validated. It defaults to false (the origin certificate is not verified). It is part of the origin model and is sent with every origin update, but it has no dedicated control on the General tab.
Because sslVerify defaults to false, an HTTPS origin works even with a self-signed or mismatched certificate out of the box. If you need strict verification, send "sslVerify": true on the origin update (see the API example below).
Mutable fields
Only four fields on an origin are user-editable through the API:
| Field | Type | Notes |
|---|---|---|
host | string | Origin host. Normalized server-side (adds :80 if no port/scheme/unix). |
hostHeader | string | Upstream Host override. Trimmed; null becomes an empty string. |
sslVerify | boolean | Verify the origin TLS certificate. Defaults to false. |
isEnabled | boolean | true enables the origin, false disables it. |
Other fields (property and rule references, timestamps) are not editable directly.
Updating an origin via the API
Use the production base URL https://api.paradarum.com. The endpoint updates an existing origin in place:
curl -X PUT "https://api.paradarum.com/api/Property/42/origins/7?accountId=123" \
-H "X-API-Key: pdm_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{
"host": "origin.example.com",
"hostHeader": "backend.example.com",
"sslVerify": true,
"isEnabled": true
}'
The endpoint is PUT /api/Property/{propertyId}/origins/{id}. It returns 200 with the updated origin, or 404 if the property doesn't belong to your account or the origin isn't found.
There is no standalone create-or-delete origin endpoint. The first origin is created with the property (the origins[] array on POST /api/property), and you edit it in place from there.
Managed (live) properties
When a property backs a live stream, it is managed: the Origin Server and Host Header cards are hidden because origin and host header are system-managed. A "Managed by Live" banner links back to the live configuration. See Live overview.
Related
- Allowed origins — the exact host forms the origin field accepts.
- Origin Shield — add a central cache layer in front of your origin.