What is Ownership Connect?

Ownership Connect is an automated match flow that allows the plugin to retrieve a hidden site token from the dashboard for a verified site. This flow is not OAuth; the plugin makes a request to the POST /api/v1/plugin/ownership-connect endpoint with the site URL and verification token.

The panel finds the matching verified site, performs the HTTP validation again and if successful generates a site-scoped plugin token. The plugin stores this token locally and completes the panel connection.

Connection Steps

Save the verification token in the plugin

Record the alphanumeric token on the Ownership Verification card.
Serve plugin well-known file

The verify shim makes the token accessible in the path /.well-known/dk-uptime-verify.
Run automatic or manual sync

After token registration, the plugin tries to establish an automatic connection. If necessary, the same handshake is repeated with the Sync Panel Connection button.
Verify connected status

Connected, Site ID, masked token and capability badges appear on the admin screen.

Token Security

The plugin token is stored as an encrypted payload in wp_options; old plaintext values are migrated during the first read. In contrast, the ownership verification token is stored as alphanumeric plaintext, because it needs to be served in the .well-known file.

Do not commit tokens to the repository.

In particular, the plugin token provides API access, even though it is only valid for that site. Do not share raw values in admin export or debug output, even if you use masking.

Reconnection

If the connection is broken, first clear the local credentials using the Disconnect or Disconnect Verification flow in WordPress. Then re-register the verification token and restart the handshake with Sync Panel Connection.

To reset the connection, simply disconnect on the plugin side and run the ownership handshake again.