diff --git a/docs/docs/apis/introduction.mdx b/docs/docs/apis/introduction.mdx
index 905adfc0fb..8c3bb6a06f 100644
--- a/docs/docs/apis/introduction.mdx
+++ b/docs/docs/apis/introduction.mdx
@@ -87,7 +87,7 @@ The authentication API (aka Auth API) is used for all operations on the currentl
 #### GRPC
 
 Endpoint:
-$ZITADEL_DOMAIN/zitadel.auth.v1.AuthService/
+$CUSTOM_DOMAIN/zitadel.auth.v1.AuthService/
 
 Definition:
 [Auth Proto](https://github.com/zitadel/zitadel/blob/main/proto/zitadel/auth.proto)
@@ -95,7 +95,7 @@ Definition:
 #### REST
 
 Endpoint:
-$ZITADEL_DOMAIN/auth/v1/
+$CUSTOM_DOMAIN/auth/v1/
 
 API Reference:
 [OpenAPI Docs](/apis/resources/auth)
@@ -120,7 +120,7 @@ To identify the current organization you can send a header `x-zitadel-orgid` or
 #### GRPC
 
 Endpoint:
-$ZITADEL_DOMAIN/zitadel.management.v1.ManagementService/
+$CUSTOM_DOMAIN/zitadel.management.v1.ManagementService/
 
 Definition:
 [Management Proto](https://github.com/zitadel/zitadel/blob/main/proto/zitadel/management.proto)
@@ -128,7 +128,7 @@ Definition:
 #### REST
 
 Endpoint:
-$ZITADEL_DOMAIN/management/v1/
+$CUSTOM_DOMAIN/management/v1/
 
 API Reference:
 [OpenAPI Docs](/apis/resources/mgmt)
@@ -151,7 +151,7 @@ This API is intended to configure and manage one ZITADEL instance itself.
 #### GRPC
 
 Endpoint:
-$ZITADEL_DOMAIN/zitadel.admin.v1.AdminService/
+$CUSTOM_DOMAIN/zitadel.admin.v1.AdminService/
 
 Definition:
 [Admin Proto](https://github.com/zitadel/zitadel/blob/main/proto/zitadel/admin.proto)
@@ -159,7 +159,7 @@ Definition:
 #### REST
 
 Endpoint:
-$ZITADEL_DOMAIN/admin/v1/
+$CUSTOM_DOMAIN/admin/v1/
 
 API Reference:
 [OpenAPI Docs](/apis/resources/admin)
@@ -184,7 +184,7 @@ Checkout the guide how to [access the ZITADEL System API](/docs/guides/integrate
 #### GRPC
 
 Endpoint:
-$ZITADEL_DOMAIN/zitadel.system.v1.SystemService/
+$CUSTOM_DOMAIN/zitadel.system.v1.SystemService/
 
 Definition:
 [System Proto](https://github.com/zitadel/zitadel/blob/main/proto/zitadel/system.proto)
@@ -192,7 +192,7 @@ Definition:
 #### REST
 
 Endpoint:
-$ZITADEL_DOMAIN/system/v1/
+$CUSTOM_DOMAIN/system/v1/
 
 API Reference:
 [OpenAPI Docs](/apis/resources/system)
@@ -215,7 +215,7 @@ The Assets API allows you to up- and download all kinds of assets. This can be f
 #### REST
 
 Endpoint:
-$ZITADEL_DOMAIN/assets/v1/
+$CUSTOM_DOMAIN/assets/v1/
 
 Definition:
 [Assets](./assets/assets.md)
@@ -271,14 +271,14 @@ In the table below you can see the URI of those calls.
 
 | Service | URI                                                   |
 | :------ | :---------------------------------------------------- |
-| REST    | $ZITADEL_DOMAIN/auth/v1/users/me                      |
-| GRPC    | $ZITADEL_DOMAIN/zitadel.auth.v1.AuthService/GetMyUser |
+| REST    | $CUSTOM_DOMAIN/auth/v1/users/me                      |
+| GRPC    | $CUSTOM_DOMAIN/zitadel.auth.v1.AuthService/GetMyUser |
 
 ## Domains
 
-ZITADEL hosts everything under a single domain: `{instance}.zitadel.cloud` or your custom domain `$ZITADEL_DOMAIN`
+ZITADEL hosts everything under a single domain: `{instance}.zitadel.cloud` or your custom domain `$CUSTOM_DOMAIN`
 
-The domain is used as the OIDC issuer and as the base url for the gRPC and REST APIs, the Login and Console UI, which you'll find under `{your_domain}/ui/console/`.
+The domain is used as the OIDC issuer and as the base url for the gRPC and REST APIs, the Login and Console UI, which you'll find under `{custom_domain}/ui/console/`.
 
 Are you self-hosting and having troubles with _Instance not found_ errors? [Check out this page](/docs/self-hosting/manage/custom-domain).
 
diff --git a/docs/docs/apis/scim2.md b/docs/docs/apis/scim2.md
index d342142cf0..c4a9a98a94 100644
--- a/docs/docs/apis/scim2.md
+++ b/docs/docs/apis/scim2.md
@@ -11,7 +11,7 @@ deprovisioning.
 ## Supported endpoints
 
 The Zitadel SCIM v2.0 service provider implementation supports the following endpoints.
-The base URL for the SCIM endpoint in Zitadel is: `https://${ZITADEL_DOMAIN}/scim/v2/{orgId}`.
+The base URL for the SCIM endpoint in Zitadel is: `https://${CUSTOM_DOMAIN}/scim/v2/{orgId}`.
 
 | Endpoint                                                                | Remarks                                                    |
 |-------------------------------------------------------------------------|------------------------------------------------------------|
diff --git a/docs/docs/examples/secure-api/python-flask.mdx b/docs/docs/examples/secure-api/python-flask.mdx
index ce2f83c40f..1a03b2b03a 100644
--- a/docs/docs/examples/secure-api/python-flask.mdx
+++ b/docs/docs/examples/secure-api/python-flask.mdx
@@ -183,7 +183,7 @@ class ZitadelIntrospectTokenValidator(IntrospectTokenValidator):
 3. Create a new file named ".env" in the directory. Copy the configuration in the [".env.example"](https://github.com/zitadel/example-api-python3-flask/blob/main/.env.example) file to the newly created .env file. Set the values with your Custom Domain/Issuer URL, Client ID, and Client Secret from the previous steps. Obtain your Issuer URL by following [these steps](/docs/guides/start/quickstart#referred1).
 
 ```python
-ZITADEL_DOMAIN = "https://your-domain-abcdef.zitadel.cloud"
+ZITADEL_DOMAIN = "https://custom-domain-abcdef.zitadel.cloud"
 CLIENT_ID = "197....@projectname"
 CLIENT_SECRET = "NVAp70IqiGmJldbS...."
 ```
diff --git a/docs/docs/guides/integrate/identity-providers/_custom_login_policy.mdx b/docs/docs/guides/integrate/identity-providers/_custom_login_policy.mdx
index cf695df454..db36e60482 100644
--- a/docs/docs/guides/integrate/identity-providers/_custom_login_policy.mdx
+++ b/docs/docs/guides/integrate/identity-providers/_custom_login_policy.mdx
@@ -1,6 +1,6 @@
 1. Go to the Settings
-    - To allow external IdP logins by default, go to your instance default settings at `$YOUR-DOMAIN/ui/console/instance?id=general`
-    - To allow external IdP logins on an organization, go to `$YOUR-DOMAIN/ui/console/org-settings?id=login` and ensure you have the right org context.
+    - To allow external IdP logins by default, go to your instance default settings at `$CUSTOM_DOMAIN/ui/console/instance?id=general`
+    - To allow external IdP logins on an organization, go to `$CUSTOM_DOMAIN/ui/console/org-settings?id=login` and ensure you have the right org context.
 2. Modify your login policy in the menu "Login Behavior and Security"
 3. Enable the attribute "External Login allowed"
 
diff --git a/docs/docs/guides/integrate/identity-providers/introduction.md b/docs/docs/guides/integrate/identity-providers/introduction.md
index 628b91a40b..4f6fc82dd0 100644
--- a/docs/docs/guides/integrate/identity-providers/introduction.md
+++ b/docs/docs/guides/integrate/identity-providers/introduction.md
@@ -85,8 +85,8 @@ In ZITADEL, you have the flexibility to link an external Identity Provider (IdP)
 The login policy can be set as a default at the instance level and can be customized for each organization. The configuration process varies slightly depending on your focus:
 
 
-- **For default settings**, navigate to: `$YOUR-DOMAIN/ui/console/instance?id=general`
-- **For specific organization settings**, select the organization from the menu and visit: `$YOUR-DOMAIN/ui/console/org-settings?id=login`
+- **For default settings**, navigate to: `$CUSTOM_DOMAIN/ui/console/instance?id=general`
+- **For specific organization settings**, select the organization from the menu and visit: `$CUSTOM_DOMAIN/ui/console/org-settings?id=login`
 
 
 Once in the settings:
diff --git a/docs/docs/guides/integrate/login-ui/_list-mfa-options.mdx b/docs/docs/guides/integrate/login-ui/_list-mfa-options.mdx
index 0694816238..16c9a752f3 100644
--- a/docs/docs/guides/integrate/login-ui/_list-mfa-options.mdx
+++ b/docs/docs/guides/integrate/login-ui/_list-mfa-options.mdx
@@ -8,7 +8,7 @@ Request Example:
 
 ```bash
 curl --request GET \
-  --url https://$ZITADEL_DOMAIN/v2/settings/login \
+  --url https://$CUSTOM_DOMAIN/v2/settings/login \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''
 ```
diff --git a/docs/docs/guides/integrate/login-ui/_logout.mdx b/docs/docs/guides/integrate/login-ui/_logout.mdx
index c4d55fd0f9..bc4efe7a01 100644
--- a/docs/docs/guides/integrate/login-ui/_logout.mdx
+++ b/docs/docs/guides/integrate/login-ui/_logout.mdx
@@ -16,7 +16,7 @@ Make sure that the provided token is from the authenticated user, resp. the mana
 
 ```bash
 curl --request DELETE \
-  --url https://$ZITADEL_DOMAIN/v2/sessions/218480890961985793 \
+  --url https://$CUSTOM_DOMAIN/v2/sessions/218480890961985793 \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json'
@@ -28,7 +28,7 @@ Send the session token in the body of the request:
 
 ```bash
 curl --request DELETE \
-  --url https://$ZITADEL_DOMAIN/v2/sessions/218480890961985793 \
+  --url https://$CUSTOM_DOMAIN/v2/sessions/218480890961985793 \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \
diff --git a/docs/docs/guides/integrate/login-ui/_select-account.mdx b/docs/docs/guides/integrate/login-ui/_select-account.mdx
index 44df859426..cbd1f87090 100644
--- a/docs/docs/guides/integrate/login-ui/_select-account.mdx
+++ b/docs/docs/guides/integrate/login-ui/_select-account.mdx
@@ -9,7 +9,7 @@ The list of session IDs can be sent in the “search sessions” request to get
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/sessions/search \
+  --url https://$CUSTOM_DOMAIN/v2/sessions/search \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \
diff --git a/docs/docs/guides/integrate/login-ui/_update_session_webauthn.mdx b/docs/docs/guides/integrate/login-ui/_update_session_webauthn.mdx
index 7a00d006a8..822f6804ba 100644
--- a/docs/docs/guides/integrate/login-ui/_update_session_webauthn.mdx
+++ b/docs/docs/guides/integrate/login-ui/_update_session_webauthn.mdx
@@ -8,7 +8,7 @@ Example Request:
 
 ```bash
 curl --request PATCH \
-  --url https://$ZITADEL_DOMAIN/v2/sessions/218480890961985793 \
+  --url https://$CUSTOM_DOMAIN/v2/sessions/218480890961985793 \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \
diff --git a/docs/docs/guides/integrate/login-ui/device-auth.mdx b/docs/docs/guides/integrate/login-ui/device-auth.mdx
index 32984a17ff..886a1b9249 100644
--- a/docs/docs/guides/integrate/login-ui/device-auth.mdx
+++ b/docs/docs/guides/integrate/login-ui/device-auth.mdx
@@ -76,7 +76,7 @@ With the user_code entered by the user you will now be able to get the informati
 
 ```bash
 curl --request GET \
-  --url https://$ZITADEL_DOMAIN/v2/oidc/device_authorization/FWRK-JGWK \
+  --url https://$CUSTOM_DOMAIN/v2/oidc/device_authorization/FWRK-JGWK \
   --header 'Authorization: Bearer '"$TOKEN"''
 ```
 
@@ -122,7 +122,7 @@ Read more about the [Authorize or Deny Device Authorization Request Documentatio
 Make sure that the authorization header is from an account which is permitted to finalize the Auth Request through the `IAM_LOGIN_CLIENT` role.
 ```bash
 curl --request POST \
-  --url $ZITADEL_DOMAIN/v2/oidc/device_authorization/XzNejv6NxqVU8Qur5uxEh7f_Wi1p0qUu4PJTJ6JUIx0xtJ2uqmU \
+  --url $CUSTOM_DOMAIN/v2/oidc/device_authorization/XzNejv6NxqVU8Qur5uxEh7f_Wi1p0qUu4PJTJ6JUIx0xtJ2uqmU \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \
@@ -142,7 +142,7 @@ If the user denies the device authorization request, you can deny the request by
 
 ```bash
 curl --request POST \
-  --url $ZITADEL_DOMAIN/v2/oidc/device_authorization/ \
+  --url $CUSTOM_DOMAIN/v2/oidc/device_authorization/ \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \
diff --git a/docs/docs/guides/integrate/login-ui/external-login.mdx b/docs/docs/guides/integrate/login-ui/external-login.mdx
index 6775d2cb3b..7be1763db0 100644
--- a/docs/docs/guides/integrate/login-ui/external-login.mdx
+++ b/docs/docs/guides/integrate/login-ui/external-login.mdx
@@ -27,7 +27,7 @@ In the response, you will get an authentication URL of the provider you like.
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/idp_intents \
+  --url https://$CUSTOM_DOMAIN/v2/idp_intents \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \
@@ -49,7 +49,7 @@ curl --request POST \
 		"changeDate": "2023-06-14T12:51:29.654819Z",
 		"resourceOwner": "163840776835432705"
 	},
-	"authUrl": "https://accounts.google.com/o/oauth2/v2/auth?client_id=Test&prompt=select_account&redirect_uri=https%3A%2F%2F$ZITADEL_DOMAIN%2Fidps%2Fcallback&response_type=code&scope=openid+profile+email&state=218525066445455617"
+	"authUrl": "https://accounts.google.com/o/oauth2/v2/auth?client_id=Test&prompt=select_account&redirect_uri=https%3A%2F%2F$CUSTOM_DOMAIN%2Fidps%2Fcallback&response_type=code&scope=openid+profile+email&state=218525066445455617"
 }
 ```
 
@@ -59,13 +59,13 @@ The next step is to call the auth URL you got in the response from the previous
 This will open up the login page of the given provider. In this guide, it is Google Login.
 
 ```bash
-https://accounts.google.com/o/oauth2/v2/auth?client_id=Test&prompt=select_account&redirect_uri=https%3A%2F%2F$ZITADEL_DOMAIN%2Fidps%2Fcallback&response_type=code&scope=openid+profile+email&state=218525066445455617
+https://accounts.google.com/o/oauth2/v2/auth?client_id=Test&prompt=select_account&redirect_uri=https%3A%2F%2F$CUSTOM_DOMAIN%2Fidps%2Fcallback&response_type=code&scope=openid+profile+email&state=218525066445455617
 ```
 
 After the user has successfully authenticated, a redirect to the ZITADEL backend /idps/callback will automatically be performed.
 
 :::warning
-Note that the redirect URL is `https://{YOUR-DOMAIN}/idps/callback` when using the new V2 hosted login compared to the V1 hosted login, which was `https://{YOUR-DOMAIN}/ui/login/login/externalidp/callback`.
+Note that the redirect URL is `https://{CUSTOM_DOMAIN}/idps/callback` when using the new V2 hosted login compared to the V1 hosted login, which was `https://{CUSTOM_DOMAIN}/ui/login/login/externalidp/callback`.
 :::
 
 ## Get Provider Information
@@ -79,7 +79,7 @@ To get the information of the provider, make a request to ZITADEL.
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/idp_intents/$INTENT_ID \
+  --url https://$CUSTOM_DOMAIN/v2/idp_intents/$INTENT_ID \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \
@@ -138,7 +138,7 @@ This check requires that the previous step ended on the successful page and didn
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/sessions \
+  --url https://$CUSTOM_DOMAIN/v2/sessions \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
 
@@ -170,7 +170,7 @@ The display name is used to list the linkings on the users.
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/human \
+  --url https://$CUSTOM_DOMAIN/v2/users/human \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \
@@ -209,7 +209,7 @@ If you want to link/connect to an existing account you can perform the add ident
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/users/218385419895570689/links \
+  --url https://$CUSTOM_DOMAIN/v2/users/users/218385419895570689/links \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \
diff --git a/docs/docs/guides/integrate/login-ui/mfa.mdx b/docs/docs/guides/integrate/login-ui/mfa.mdx
index 09046a2506..2b67082ca3 100644
--- a/docs/docs/guides/integrate/login-ui/mfa.mdx
+++ b/docs/docs/guides/integrate/login-ui/mfa.mdx
@@ -41,7 +41,7 @@ Request Example:
 
 ```bash
 curl --request POST \
-    --url https://$ZITADEL_DOMAIN/v2/users/$USER_ID/totp \
+    --url https://$CUSTOM_DOMAIN/v2/users/$USER_ID/totp \
     --header 'Accept: application/json' \
     --header 'Authorization: Bearer '"$TOKEN"''
     --header 'Content-Type: application/json' \
@@ -73,7 +73,7 @@ Request Example:
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/$USER_ID/totp/verify \
+  --url https://$CUSTOM_DOMAIN/v2/users/$USER_ID/totp/verify \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''
   --header 'Content-Type: application/json' \
@@ -99,7 +99,7 @@ Example Request
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/sessions \
+  --url https://$CUSTOM_DOMAIN/v2/sessions \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json' \
@@ -136,7 +136,7 @@ More detailed information about the API: [Update session Documentation](/apis/re
 Example Request
 ```bash
 curl --request PATCH \
-  --url https://$ZITADEL_DOMAIN/v2/sessions/$SESSION-ID \
+  --url https://$CUSTOM_DOMAIN/v2/sessions/$SESSION-ID \
   --header 'Accept: application/json' \
   --header 'Content-Type: application/json' \
   --data '{
@@ -175,7 +175,7 @@ Example Request:
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/$USER-ID/phone \
+  --url https://$CUSTOM_DOMAIN/v2/users/$USER-ID/phone \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json' \
@@ -195,7 +195,7 @@ More detailed information about the API: [Verify phone](/apis/resources/user_ser
 Example Request:
 ```bash
 curl --request POST \
-    --url https://$ZITADEL_DOMAIN/v2/users/$USER-ID/phone/verify \
+    --url https://$CUSTOM_DOMAIN/v2/users/$USER-ID/phone/verify \
     --header 'Accept: application/json' \
     --header 'Authorization: Bearer '"$TOKEN"'' \
     --header 'Content-Type: application/json' \
@@ -213,7 +213,7 @@ More detailed information about the API: [Add OTP SMS for a user](/apis/resource
 Example Request:
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/$USER-ID/otp_sms \
+  --url https://$CUSTOM_DOMAIN/v2/users/$USER-ID/otp_sms \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json'
@@ -237,7 +237,7 @@ Example Request
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/sessions \
+  --url https://$CUSTOM_DOMAIN/v2/sessions \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json' \
@@ -264,7 +264,7 @@ Example Request
 
 ```bash
 curl --request PATCH \
-  --url https://$ZITADEL_DOMAIN/v2/sessions/225307381909694507 \
+  --url https://$CUSTOM_DOMAIN/v2/sessions/225307381909694507 \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json' \
@@ -301,7 +301,7 @@ More detailed information about the API: [Add OTP Email for a user](/apis/resour
 Example Request:
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/$USER-ID/otp_email \
+  --url https://$CUSTOM_DOMAIN/v2/users/$USER-ID/otp_email \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json'
@@ -325,7 +325,7 @@ Example Request
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/sessions \
+  --url https://$CUSTOM_DOMAIN/v2/sessions \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json' \
@@ -352,7 +352,7 @@ Example Request
 
 ```bash
 curl --request PATCH \
-  --url https://$ZITADEL_DOMAIN/v2/sessions/225307381909694507 \
+  --url https://$CUSTOM_DOMAIN/v2/sessions/225307381909694507 \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json' \
@@ -386,7 +386,7 @@ Request Example:
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/$USER_ID/u2f \
+  --url https://$CUSTOM_DOMAIN/v2/users/$USER_ID/u2f \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''
   --header 'Content-Type: application/json' \
@@ -457,7 +457,7 @@ Example Request:
 ```bash
 
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/$USER_ID/u2f/$PASSKEY_ID \
+  --url https://$CUSTOM_DOMAIN/v2/users/$USER_ID/u2f/$PASSKEY_ID \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \
@@ -497,7 +497,7 @@ Example Request
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/sessions \
+  --url https://$CUSTOM_DOMAIN/v2/sessions \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json' \
@@ -510,7 +510,7 @@ curl --request POST \
   "metadata": {},
   "challenges": {
 		"webAuthN": {
-			"domain": "YOUR-Domain",
+			"domain": "CUSTOM_DOMAIN",
 			"userVerificationRequirement": "USER_VERIFICATION_REQUIREMENT_DISCOURAGED"
 		}
 	}
diff --git a/docs/docs/guides/integrate/login-ui/oidc-standard.mdx b/docs/docs/guides/integrate/login-ui/oidc-standard.mdx
index 92068e5116..a4225803fe 100644
--- a/docs/docs/guides/integrate/login-ui/oidc-standard.mdx
+++ b/docs/docs/guides/integrate/login-ui/oidc-standard.mdx
@@ -55,7 +55,7 @@ With the ID from the redirect before you will now be able to get the information
 
 ```bash
 curl --request GET \
-  --url https://$ZITADEL_DOMAIN/v2/oidc/auth_requests/V2_224908753244265546 \
+  --url https://$CUSTOM_DOMAIN/v2/oidc/auth_requests/V2_224908753244265546 \
   --header 'Authorization: Bearer '"$TOKEN"''
 ```
 
@@ -100,7 +100,7 @@ Read more about the [Finalize Auth Request Documentation](/docs/apis/resources/o
 Make sure that the authorization header is from an account which is permitted to finalize the Auth Request through the `IAM_LOGIN_CLIENT` role.
 ```bash
 curl --request POST \
-  --url $ZITADEL_DOMAIN/v2/oidc/auth_requests/V2_224908753244265546 \
+  --url $CUSTOM_DOMAIN/v2/oidc/auth_requests/V2_224908753244265546 \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \
diff --git a/docs/docs/guides/integrate/login-ui/passkey.mdx b/docs/docs/guides/integrate/login-ui/passkey.mdx
index 9260b90f74..a3caa71dad 100644
--- a/docs/docs/guides/integrate/login-ui/passkey.mdx
+++ b/docs/docs/guides/integrate/login-ui/passkey.mdx
@@ -34,7 +34,7 @@ Send either the sendLink or the returnCode (empty message) in the request body,
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/$USER_ID/passkeys/registration_link \
+  --url https://$CUSTOM_DOMAIN/v2/users/$USER_ID/passkeys/registration_link \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \
@@ -81,7 +81,7 @@ The code only has to be filled if the user did get a registration code.
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/$USER_ID/passkeys \
+  --url https://$CUSTOM_DOMAIN/v2/users/$USER_ID/passkeys \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \
@@ -185,7 +185,7 @@ Example Request:
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/$USER_ID/passkeys/$PASSKEY_ID \
+  --url https://$CUSTOM_DOMAIN/v2/users/$USER_ID/passkeys/$PASSKEY_ID \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \
@@ -223,7 +223,7 @@ More detailed information about the API: [Create Session Documentation](/apis/re
 Example Request:
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/sessions \
+  --url https://$CUSTOM_DOMAIN/v2/sessions \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \
diff --git a/docs/docs/guides/integrate/login-ui/password-reset.mdx b/docs/docs/guides/integrate/login-ui/password-reset.mdx
index fd5028b2c2..4dd072d114 100644
--- a/docs/docs/guides/integrate/login-ui/password-reset.mdx
+++ b/docs/docs/guides/integrate/login-ui/password-reset.mdx
@@ -29,7 +29,7 @@ Make sure to also include the URL Template to customize the reset link in the em
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/$USER_ID/password_reset \
+  --url https://$CUSTOM_DOMAIN/v2/users/$USER_ID/password_reset \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json' \
@@ -48,7 +48,7 @@ Send the request with asking for the return Code in the body of the request.
 #### Request
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/$USER_ID/password_reset \
+  --url https://$CUSTOM_DOMAIN/v2/users/$USER_ID/password_reset \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json' \
@@ -96,7 +96,7 @@ In this case it requires additionally the current password instead of the verifi
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/$USER_ID/password \
+  --url https://$CUSTOM_DOMAIN/v2/users/$USER_ID/password \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json' \
diff --git a/docs/docs/guides/integrate/login-ui/saml-standard.mdx b/docs/docs/guides/integrate/login-ui/saml-standard.mdx
index 5196f6c81a..2485865ad8 100644
--- a/docs/docs/guides/integrate/login-ui/saml-standard.mdx
+++ b/docs/docs/guides/integrate/login-ui/saml-standard.mdx
@@ -55,7 +55,7 @@ With the ID from the redirect before you will now be able to get the information
 
 ```bash
 curl --request GET \
-  --url https://$ZITADEL_DOMAIN/v2/saml/saml_requests/V2_224908753244265546 \
+  --url https://$CUSTOM_DOMAIN/v2/saml/saml_requests/V2_224908753244265546 \
   --header 'Authorization: Bearer '"$TOKEN"''
 ```
 
@@ -97,7 +97,7 @@ Read more about the [Finalize SAML Request Documentation](/docs/apis/resources/s
 Make sure that the authorization header is from an account which is permitted to finalize the SAML Request through the `IAM_LOGIN_CLIENT` role.
 ```bash
 curl --request POST \
-  --url $ZITADEL_DOMAIN/v2/saml/saml_requests/V2_224908753244265546 \
+  --url $CUSTOM_DOMAIN/v2/saml/saml_requests/V2_224908753244265546 \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \
diff --git a/docs/docs/guides/integrate/login-ui/username-password.mdx b/docs/docs/guides/integrate/login-ui/username-password.mdx
index 8f796e48c9..f9215bf83c 100644
--- a/docs/docs/guides/integrate/login-ui/username-password.mdx
+++ b/docs/docs/guides/integrate/login-ui/username-password.mdx
@@ -23,7 +23,7 @@ Read more about the metadata [here](/docs/guides/manage/customize/user-metadata)
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/human \
+  --url https://$CUSTOM_DOMAIN/v2/users/human \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json' \
@@ -111,7 +111,7 @@ Send it to the Get Session Endpoint to find out how the user has authenticated.
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/sessions \
+  --url https://$CUSTOM_DOMAIN/v2/sessions \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json' \
@@ -176,7 +176,7 @@ To update an existing session, add the session ID you got in the previous step t
 
 ```bash
 curl --request PATCH \
-  --url https://$ZITADEL_DOMAIN/v2/sessions/$SESSION_ID \
+  --url https://$CUSTOM_DOMAIN/v2/sessions/$SESSION_ID \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \
diff --git a/docs/docs/guides/integrate/login/hosted-login.mdx b/docs/docs/guides/integrate/login/hosted-login.mdx
index 121fb5fe5f..80c9311674 100644
--- a/docs/docs/guides/integrate/login/hosted-login.mdx
+++ b/docs/docs/guides/integrate/login/hosted-login.mdx
@@ -226,7 +226,7 @@ Your contributions will play a crucial role in shaping the future of our login s
 As this feature is currently in Beta, please be aware of some potential workarounds and important considerations before implementation.
 
 - **Create Users:** The new typescript login is built with the session and the user V2 API, the users V2 API does have some differences to the v1 API, so make sure you create users through the new API.
-- **External IDPs:** If you want to use external identity provider login, such as Login with Google or Apple. You can follow our existing setup guides, just make sure to use the following redirect url: $YOUR-DOMAIN/idps/callback
+- **External IDPs:** If you want to use external identity provider login, such as Login with Google or Apple. You can follow our existing setup guides, just make sure to use the following redirect url: `$CUSTOM_DOMAIN/idps/callback`
 - **Passkey/U2F:** Those authentication methods are bound to a domain. As your new login runs on a different domain than the previous login, existing passwordless authentication and u2f (fingerprint, face id, etc.) can’t be used. Also when they are managed through the management console of ZITADEL, they are added on a different domain.
   <br />
   *Note: If you run the login on a subdomain of your current instance, this problem
diff --git a/docs/docs/guides/integrate/login/oidc/authmethods/_basic.mdx b/docs/docs/guides/integrate/login/oidc/authmethods/_basic.mdx
index 4833ae29a5..de8832a905 100644
--- a/docs/docs/guides/integrate/login/oidc/authmethods/_basic.mdx
+++ b/docs/docs/guides/integrate/login/oidc/authmethods/_basic.mdx
@@ -60,7 +60,7 @@ So check [Client Secret Basic Auth Method](/apis/openidoauth/authn-methods#clien
 
 ```curl
 curl --request POST \
---url {your-domain}/oauth/v2/token \
+--url {CUSTOM_DOMAIN}/oauth/v2/token \
 --header 'Authorization: Basic ${basic}' \
 --header 'Content-Type: application/x-www-form-urlencoded' \
 --data grant_type=authorization_code \
diff --git a/docs/docs/guides/integrate/login/oidc/authmethods/_jwtpk.mdx b/docs/docs/guides/integrate/login/oidc/authmethods/_jwtpk.mdx
index 9efd8188ae..5c7a3a8360 100644
--- a/docs/docs/guides/integrate/login/oidc/authmethods/_jwtpk.mdx
+++ b/docs/docs/guides/integrate/login/oidc/authmethods/_jwtpk.mdx
@@ -62,7 +62,7 @@ for us to validate the signature against the registered public key:
 
 ```curl
 curl --request POST \
---url {your-domain}/oauth/v2/token \
+--url {CUSTOM_DOMAIN}/oauth/v2/token \
 --header 'Content-Type: application/x-www-form-urlencoded' \
 --data grant_type=authorization_code \
 --data code=${code} \
diff --git a/docs/docs/guides/integrate/login/oidc/authmethods/_pkce.mdx b/docs/docs/guides/integrate/login/oidc/authmethods/_pkce.mdx
index aea1256bbc..59c6a3527e 100644
--- a/docs/docs/guides/integrate/login/oidc/authmethods/_pkce.mdx
+++ b/docs/docs/guides/integrate/login/oidc/authmethods/_pkce.mdx
@@ -67,7 +67,7 @@ Send your `client_id` and the previously generated string as `code_verifier` for
 
 ```curl
 curl --request POST \
---url {your-domain}/oauth/v2/token \
+--url {CUSTOM_DOMAIN}/oauth/v2/token \
 --header 'Content-Type: application/x-www-form-urlencoded' \
 --data grant_type=authorization_code \
 --data code=${code} \
diff --git a/docs/docs/guides/integrate/login/oidc/authmethods/_pkcenative.mdx b/docs/docs/guides/integrate/login/oidc/authmethods/_pkcenative.mdx
index 2fd5f9f13a..024e31fa1e 100644
--- a/docs/docs/guides/integrate/login/oidc/authmethods/_pkcenative.mdx
+++ b/docs/docs/guides/integrate/login/oidc/authmethods/_pkcenative.mdx
@@ -53,7 +53,7 @@ Send your `client_id` and the previously generated string as `code_verifier` for
 
 ```curl
 curl --request POST \
---url {your-domain}/oauth/v2/token \
+--url {CUSTOM_DOMAIN}/oauth/v2/token \
 --header 'Content-Type: application/x-www-form-urlencoded' \
 --data grant_type=authorization_code \
 --data code=${code} \
diff --git a/docs/docs/guides/integrate/retrieve-user-roles.md b/docs/docs/guides/integrate/retrieve-user-roles.md
index cf69a18546..4d2a1e8607 100644
--- a/docs/docs/guides/integrate/retrieve-user-roles.md
+++ b/docs/docs/guides/integrate/retrieve-user-roles.md
@@ -208,7 +208,7 @@ https://github.com/zitadel/actions/blob/main/examples/custom_roles.js
 ### Retrieve roles using the auth API
 
 Now we will use the auth API to retrieve roles from a logged in user using the user’s token
-The base URL is: **https://$ZITADEL_DOMAIN/auth/v1**
+The base URL is: **https://$CUSTOM_DOMAIN/auth/v1**
 
 Let’s start with a user who has multiple roles in different organizations in a multi-tenanted set up. You can use the logged in user’s token or the machine user’s token to retrieve the authorizations using the [APIs listed under user authorizations/grants in the auth API](/docs/apis/resources/auth/user-authorizations-grants). 
 
@@ -471,12 +471,12 @@ curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/grants/_search' \
 
 Returns a user grant per ID. A user grant is a role a user has for a specific project and organization.
 
-**URL: https://$ZITADEL_DOMAIN//management/v1/users/:userId/grants/:grantId**
+**URL: https://$CUSTOM_DOMAIN//management/v1/users/:userId/grants/:grantId**
 
 **cURL request:**
 
 ```bash 
-curl -L -X GET 'https://$ZITADEL_DOMAIN/management/v1/users/:userId/grants/:grantId' \
+curl -L -X GET 'https://$CUSTOM_DOMAIN/management/v1/users/:userId/grants/:grantId' \
 -H 'Accept: application/json' \
 -H 'Authorization: Bearer <TOKEN>'
 ```
diff --git a/docs/docs/guides/integrate/token-introspection/private-key-jwt.mdx b/docs/docs/guides/integrate/token-introspection/private-key-jwt.mdx
index 57fa4abd31..6f7b26c7e6 100644
--- a/docs/docs/guides/integrate/token-introspection/private-key-jwt.mdx
+++ b/docs/docs/guides/integrate/token-introspection/private-key-jwt.mdx
@@ -161,7 +161,7 @@ def introspect_token(self, token_string):
     payload = {
         "iss": API_PRIVATE_KEY_FILE["client_id"],
         "sub": API_PRIVATE_KEY_FILE["client_id"],
-        "aud": ZITADEL_DOMAIN,
+        "aud": CUSTOM_DOMAIN,
         "exp": int(time.time()) + 60 * 60,  # Expires in 1 hour
         "iat": int(time.time())
     }
diff --git a/docs/docs/guides/integrate/tools/apache2.mdx b/docs/docs/guides/integrate/tools/apache2.mdx
index c4cb18c8dd..0d7b481176 100644
--- a/docs/docs/guides/integrate/tools/apache2.mdx
+++ b/docs/docs/guides/integrate/tools/apache2.mdx
@@ -40,7 +40,7 @@ With the following parameters
 
 | Parameter | Description | Example value|
 |---|---|---|
-| OIDCProviderMetadataURL | Is the url to the discovery endpoint, which is typically located at `{your-domain}/.well-known/openid-configuration`| `https://<your_domain>.zitadel.cloud/.well-known/openid-configuration` |
+| OIDCProviderMetadataURL | Is the url to the discovery endpoint, which is typically located at `{CUSTOM_DOMAIN}/.well-known/openid-configuration`| `https://<your_domain>.zitadel.cloud/.well-known/openid-configuration` |
 | OIDCClientID | Is the ID of the zitadel application. You can find it on the settings page of the application.  | 123456789123@apache_test |
 | OIDCRedirectURI | Users will be redirected to this page after successful login. If you are using localhost or any other non-https endpoint, make sure to enable development mode in ZITADEL. | https://mysecureapp.io/secure/callback |
 | OIDCCryptoPassphrase | Create a secure passphrase. Consult the module's documentation for more details. | ... |