0. Fill in the variables
export PROJECT_ID="YOUR_GCP_PROJECT"
export GATEWAY_BASE="https://snaptest-stage.p2w.tech"
export ADMIN_TOKEN="CHANGE_ME"
export NEW_DOMAIN="example.p2w.tech"
export PIXEL_ID="f2146192-52af-43ac-b4b4-bae9440190bf"
export TRACKER="RedTrack"
export WEBHOOK_BASE="https://api.point2web.com/v1/webhooks/conversions/"
export FIRST_PARTY_COOKIE_DOMAIN=".p2w.tech"
export UPSTREAM_BASE="https://tr.snapchat.com"
export UPSTREAM_P_BASE="https://tr6.snapchat.com"
export LB_IP_NAME="snap-sgtm-gateway-ip"
export CERT_MAP_NAME="snap-sgtm-gateway-cert-map"
export DOMAIN_SLUG="$(echo "$NEW_DOMAIN" | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9]/-/g')"
export DNS_AUTH_NAME="${DOMAIN_SLUG}-auth"
export CERT_NAME="cm-${DOMAIN_SLUG}"
export CERT_MAP_ENTRY_NAME="${DOMAIN_SLUG}-entry"
1. Add the runtime domain config to the gateway
curl -sS -X POST "${GATEWAY_BASE}/admin/onboard-domain" -H "Authorization: Bearer ${ADMIN_TOKEN}" -H "Content-Type: application/json" -d '{
"domain": "'"${NEW_DOMAIN}"'",
"status": "active",
"pixel_id": "'"${PIXEL_ID}"'",
"tracker": "'"${TRACKER}"'",
"webhook_base": "'"${WEBHOOK_BASE}"'",
"upstream_base": "'"${UPSTREAM_BASE}"'",
"upstream_p_base": "'"${UPSTREAM_P_BASE}"'",
"first_party_cookie_domain": "'"${FIRST_PARTY_COOKIE_DOMAIN}"'",
"first_party_cookie_ttl_seconds": 2592000,
"first_party_cookie_samesite": "lax",
"first_party_cookie_secure": true,
"first_party_cookie_httponly": false,
"inject_tracking_into_json_body": true,
"clickid_cookie_priority": ["u_sclid", "rtkclid", "clickid"],
"campaign_id_priority": ["cmpid", "campaignid"],
"allowed_paths": ["/cm/i", "/p", "/v1/capi", "/r"],
"mirror_cookie_names": ["u_sclid", "u_scsid", "rtkclid", "clickid", "_scid"],
"notes": "domain onboarded via help page"
}' | python -m json.tool
Quick verification:
curl -sS "${GATEWAY_BASE}/admin/domains/${NEW_DOMAIN}" -H "Authorization: Bearer ${ADMIN_TOKEN}" | python -m json.tool
2. Create DNS authorization in Certificate Manager
gcloud config set project "${PROJECT_ID}"
gcloud certificate-manager dns-authorizations create "${DNS_AUTH_NAME}" --domain="${NEW_DOMAIN}" --location=global
gcloud certificate-manager dns-authorizations describe "${DNS_AUTH_NAME}" --location=global
After the describe command, copy the DNS record into your DNS provider and wait for propagation.
5. Get the shared load balancer IP
gcloud compute addresses describe "${LB_IP_NAME}" --global
gcloud compute addresses describe "${LB_IP_NAME}" --global --format='get(address)'
Then create the DNS records:
A ${NEW_DOMAIN} -> <LB_IP>- Optionally add an
AAAA record if IPv6 is part of your setup.
7. Quick rollback / cleanup
gcloud certificate-manager maps entries delete "${CERT_MAP_ENTRY_NAME}" --map="${CERT_MAP_NAME}" --location=global --quiet
gcloud certificate-manager certificates delete "${CERT_NAME}" --location=global --quiet
gcloud certificate-manager dns-authorizations delete "${DNS_AUTH_NAME}" --location=global --quiet
If needed, mark the domain as inactive through /admin/domains afterwards.