Documentation

Getting started

The platform onboarding flow takes a new tenant from sign-up to first campaign in under one working day. The shape of it:

• Tenant creation. Lancelot operations creates the tenant record after verifying the signing authority. The signed authorization is filed against the tenant.
• Operator invites. The tenant admin invites operators by email. Each operator confirms their address and sets a password before any access is granted.
• Sending domain. The tenant nominates a domain to send from (must be a domain they control). TROY generates DKIM keys and renders the SPF, DKIM, and DMARC records to publish.
• Target import. Employees can be imported via CSV or synced from PRODPO. Each target carries department, language, and external ID.
• First campaign. A guided wizard walks through template selection, target selection, and pre-flight checks before scheduling the send.

Sending domain checklist

Before a domain can be used live, the following records must be published in DNS and verified by TROY:

• SPF. A TXT record at the domain apex authorizing the TROY MTA IP.
• DKIM. A TXT record at {selector}._domainkey.{domain} containing the public key generated by TROY.
• DMARC. A TXT record at _dmarc.{domain} with at least p=none aggregate reporting to a mailbox you monitor.
• MX. An MX record so bounces and unsubscribe replies can be received.
• PTR. Reverse DNS on the sending IP must resolve to a hostname under your domain.

One click in the operator console runs all five checks against authoritative resolvers and stores the timestamps.

API

The REST API is documented with OpenAPI/Swagger and exposes every operator action programmatically. Documentation will be hosted at /api/docs on the operator portal once your tenant is provisioned.

Common entry points:

• POST /api/v1/targets — bulk import or update.
• POST /api/v1/campaigns — create a campaign draft.
• POST /api/v1/campaigns/{id}/launch — transition a draft to scheduled.
• GET /api/v1/targets/{id}/risk-score — current risk score.
• POST /api/v1/webhooks — subscribe an external system to events.

Webhooks

TROY emits the following events to subscribed endpoints:

• campaign.scheduled
• campaign.completed
• target.opened / target.clicked / target.submitted / target.reported
• target.risk_score_changed
• sending_domain.dns_status_changed

All deliveries are signed with HMAC-SHA256 using a per-subscription secret.

Operational support

For operational questions during a live campaign, email info@lancelotech.com. For abuse reports unrelated to your tenant, write to abuse@troy-mail.com.