your domain

docs/docs/apis/introduction.mdx

@@ -87,7 +87,7 @@ The authentication API (aka Auth API) is used for all operations on the currentl
 #### GRPC
 
 Endpoint:
-$ZITADEL_DOMAIN/zitadel.auth.v1.AuthService/
+$CUSTOM_DOMAIN/zitadel.auth.v1.AuthService/
 
 Definition:
 [Auth Proto](https://github.com/zitadel/zitadel/blob/main/proto/zitadel/auth.proto)
@@ -95,7 +95,7 @@ Definition:
 #### REST
 
 Endpoint:
-$ZITADEL_DOMAIN/auth/v1/
+$CUSTOM_DOMAIN/auth/v1/
 
 API Reference:
 [OpenAPI Docs](/apis/resources/auth)
@@ -120,7 +120,7 @@ To identify the current organization you can send a header `x-zitadel-orgid` or
 #### GRPC
 
 Endpoint:
-$ZITADEL_DOMAIN/zitadel.management.v1.ManagementService/
+$CUSTOM_DOMAIN/zitadel.management.v1.ManagementService/
 
 Definition:
 [Management Proto](https://github.com/zitadel/zitadel/blob/main/proto/zitadel/management.proto)
@@ -128,7 +128,7 @@ Definition:
 #### REST
 
 Endpoint:
-$ZITADEL_DOMAIN/management/v1/
+$CUSTOM_DOMAIN/management/v1/
 
 API Reference:
 [OpenAPI Docs](/apis/resources/mgmt)
@@ -151,7 +151,7 @@ This API is intended to configure and manage one ZITADEL instance itself.
 #### GRPC
 
 Endpoint:
-$ZITADEL_DOMAIN/zitadel.admin.v1.AdminService/
+$CUSTOM_DOMAIN/zitadel.admin.v1.AdminService/
 
 Definition:
 [Admin Proto](https://github.com/zitadel/zitadel/blob/main/proto/zitadel/admin.proto)
@@ -159,7 +159,7 @@ Definition:
 #### REST
 
 Endpoint:
-$ZITADEL_DOMAIN/admin/v1/
+$CUSTOM_DOMAIN/admin/v1/
 
 API Reference:
 [OpenAPI Docs](/apis/resources/admin)
@@ -184,7 +184,7 @@ Checkout the guide how to [access the ZITADEL System API](/docs/guides/integrate
 #### GRPC
 
 Endpoint:
-$ZITADEL_DOMAIN/zitadel.system.v1.SystemService/
+$CUSTOM_DOMAIN/zitadel.system.v1.SystemService/
 
 Definition:
 [System Proto](https://github.com/zitadel/zitadel/blob/main/proto/zitadel/system.proto)
@@ -192,7 +192,7 @@ Definition:
 #### REST
 
 Endpoint:
-$ZITADEL_DOMAIN/system/v1/
+$CUSTOM_DOMAIN/system/v1/
 
 API Reference:
 [OpenAPI Docs](/apis/resources/system)
@@ -215,7 +215,7 @@ The Assets API allows you to up- and download all kinds of assets. This can be f
 #### REST
 
 Endpoint:
-$ZITADEL_DOMAIN/assets/v1/
+$CUSTOM_DOMAIN/assets/v1/
 
 Definition:
 [Assets](./assets/assets.md)
@@ -271,14 +271,14 @@ In the table below you can see the URI of those calls.
 
 | Service | URI                                                   |
 | :------ | :---------------------------------------------------- |
-| REST    | $ZITADEL_DOMAIN/auth/v1/users/me                      |
+| REST    | $CUSTOM_DOMAIN/auth/v1/users/me                      |
-| GRPC    | $ZITADEL_DOMAIN/zitadel.auth.v1.AuthService/GetMyUser |
+| GRPC    | $CUSTOM_DOMAIN/zitadel.auth.v1.AuthService/GetMyUser |
 
 ## Domains
 
-ZITADEL hosts everything under a single domain: `{instance}.zitadel.cloud` or your custom domain `$ZITADEL_DOMAIN`
+ZITADEL hosts everything under a single domain: `{instance}.zitadel.cloud` or your custom domain `$CUSTOM_DOMAIN`
 
-The domain is used as the OIDC issuer and as the base url for the gRPC and REST APIs, the Login and Console UI, which you'll find under `{your_domain}/ui/console/`.
+The domain is used as the OIDC issuer and as the base url for the gRPC and REST APIs, the Login and Console UI, which you'll find under `{custom_domain}/ui/console/`.
 
 Are you self-hosting and having troubles with _Instance not found_ errors? [Check out this page](/docs/self-hosting/manage/custom-domain).
 

docs/docs/apis/scim2.md

@@ -11,7 +11,7 @@ deprovisioning.
 ## Supported endpoints
 
 The Zitadel SCIM v2.0 service provider implementation supports the following endpoints.
-The base URL for the SCIM endpoint in Zitadel is: `https://${ZITADEL_DOMAIN}/scim/v2/{orgId}`.
+The base URL for the SCIM endpoint in Zitadel is: `https://${CUSTOM_DOMAIN}/scim/v2/{orgId}`.
 
 | Endpoint                                                                | Remarks                                                    |
 |-------------------------------------------------------------------------|------------------------------------------------------------|

docs/docs/examples/secure-api/python-flask.mdx

@@ -183,7 +183,7 @@ class ZitadelIntrospectTokenValidator(IntrospectTokenValidator):
 3. Create a new file named ".env" in the directory. Copy the configuration in the [".env.example"](https://github.com/zitadel/example-api-python3-flask/blob/main/.env.example) file to the newly created .env file. Set the values with your Custom Domain/Issuer URL, Client ID, and Client Secret from the previous steps. Obtain your Issuer URL by following [these steps](/docs/guides/start/quickstart#referred1).
 
 ```python
-ZITADEL_DOMAIN = "https://your-domain-abcdef.zitadel.cloud"
+ZITADEL_DOMAIN = "https://custom-domain-abcdef.zitadel.cloud"
 CLIENT_ID = "197....@projectname"
 CLIENT_SECRET = "NVAp70IqiGmJldbS...."
 ```

docs/docs/guides/integrate/identity-providers/_custom_login_policy.mdx

@@ -1,6 +1,6 @@
 1. Go to the Settings
-    - To allow external IdP logins by default, go to your instance default settings at `$YOUR-DOMAIN/ui/console/instance?id=general`
+    - To allow external IdP logins by default, go to your instance default settings at `$CUSTOM_DOMAIN/ui/console/instance?id=general`
-    - To allow external IdP logins on an organization, go to `$YOUR-DOMAIN/ui/console/org-settings?id=login` and ensure you have the right org context.
+    - To allow external IdP logins on an organization, go to `$CUSTOM_DOMAIN/ui/console/org-settings?id=login` and ensure you have the right org context.
 2. Modify your login policy in the menu "Login Behavior and Security"
 3. Enable the attribute "External Login allowed"
 

docs/docs/guides/integrate/identity-providers/introduction.md

@@ -85,8 +85,8 @@ In ZITADEL, you have the flexibility to link an external Identity Provider (IdP)
 The login policy can be set as a default at the instance level and can be customized for each organization. The configuration process varies slightly depending on your focus:
 
 
-- **For default settings**, navigate to: `$YOUR-DOMAIN/ui/console/instance?id=general`
+- **For default settings**, navigate to: `$CUSTOM_DOMAIN/ui/console/instance?id=general`
-- **For specific organization settings**, select the organization from the menu and visit: `$YOUR-DOMAIN/ui/console/org-settings?id=login`
+- **For specific organization settings**, select the organization from the menu and visit: `$CUSTOM_DOMAIN/ui/console/org-settings?id=login`
 
 
 Once in the settings:

docs/docs/guides/integrate/login-ui/_list-mfa-options.mdx

@@ -8,7 +8,7 @@ Request Example:
 
 ```bash
 curl --request GET \
-  --url https://$ZITADEL_DOMAIN/v2/settings/login \
+  --url https://$CUSTOM_DOMAIN/v2/settings/login \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''
 ```

docs/docs/guides/integrate/login-ui/_logout.mdx

@@ -16,7 +16,7 @@ Make sure that the provided token is from the authenticated user, resp. the mana
 
 ```bash
 curl --request DELETE \
-  --url https://$ZITADEL_DOMAIN/v2/sessions/218480890961985793 \
+  --url https://$CUSTOM_DOMAIN/v2/sessions/218480890961985793 \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json'
@@ -28,7 +28,7 @@ Send the session token in the body of the request:
 
 ```bash
 curl --request DELETE \
-  --url https://$ZITADEL_DOMAIN/v2/sessions/218480890961985793 \
+  --url https://$CUSTOM_DOMAIN/v2/sessions/218480890961985793 \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \

docs/docs/guides/integrate/login-ui/_select-account.mdx

@@ -9,7 +9,7 @@ The list of session IDs can be sent in the “search sessions” request to get
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/sessions/search \
+  --url https://$CUSTOM_DOMAIN/v2/sessions/search \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \

docs/docs/guides/integrate/login-ui/_update_session_webauthn.mdx

@@ -8,7 +8,7 @@ Example Request:
 
 ```bash
 curl --request PATCH \
-  --url https://$ZITADEL_DOMAIN/v2/sessions/218480890961985793 \
+  --url https://$CUSTOM_DOMAIN/v2/sessions/218480890961985793 \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \

docs/docs/guides/integrate/login-ui/device-auth.mdx

@@ -76,7 +76,7 @@ With the user_code entered by the user you will now be able to get the informati
 
 ```bash
 curl --request GET \
-  --url https://$ZITADEL_DOMAIN/v2/oidc/device_authorization/FWRK-JGWK \
+  --url https://$CUSTOM_DOMAIN/v2/oidc/device_authorization/FWRK-JGWK \
   --header 'Authorization: Bearer '"$TOKEN"''
 ```
 
@@ -122,7 +122,7 @@ Read more about the [Authorize or Deny Device Authorization Request Documentatio
 Make sure that the authorization header is from an account which is permitted to finalize the Auth Request through the `IAM_LOGIN_CLIENT` role.
 ```bash
 curl --request POST \
-  --url $ZITADEL_DOMAIN/v2/oidc/device_authorization/XzNejv6NxqVU8Qur5uxEh7f_Wi1p0qUu4PJTJ6JUIx0xtJ2uqmU \
+  --url $CUSTOM_DOMAIN/v2/oidc/device_authorization/XzNejv6NxqVU8Qur5uxEh7f_Wi1p0qUu4PJTJ6JUIx0xtJ2uqmU \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \
@@ -142,7 +142,7 @@ If the user denies the device authorization request, you can deny the request by
 
 ```bash
 curl --request POST \
-  --url $ZITADEL_DOMAIN/v2/oidc/device_authorization/ \
+  --url $CUSTOM_DOMAIN/v2/oidc/device_authorization/ \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \

docs/docs/guides/integrate/login-ui/external-login.mdx

@@ -27,7 +27,7 @@ In the response, you will get an authentication URL of the provider you like.
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/idp_intents \
+  --url https://$CUSTOM_DOMAIN/v2/idp_intents \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \
@@ -49,7 +49,7 @@ curl --request POST \
 		"changeDate": "2023-06-14T12:51:29.654819Z",
 		"resourceOwner": "163840776835432705"
 	},
-	"authUrl": "https://accounts.google.com/o/oauth2/v2/auth?client_id=Test&prompt=select_account&redirect_uri=https%3A%2F%2F$ZITADEL_DOMAIN%2Fidps%2Fcallback&response_type=code&scope=openid+profile+email&state=218525066445455617"
+	"authUrl": "https://accounts.google.com/o/oauth2/v2/auth?client_id=Test&prompt=select_account&redirect_uri=https%3A%2F%2F$CUSTOM_DOMAIN%2Fidps%2Fcallback&response_type=code&scope=openid+profile+email&state=218525066445455617"
 }
 ```
 
@@ -59,13 +59,13 @@ The next step is to call the auth URL you got in the response from the previous
 This will open up the login page of the given provider. In this guide, it is Google Login.
 
 ```bash
-https://accounts.google.com/o/oauth2/v2/auth?client_id=Test&prompt=select_account&redirect_uri=https%3A%2F%2F$ZITADEL_DOMAIN%2Fidps%2Fcallback&response_type=code&scope=openid+profile+email&state=218525066445455617
+https://accounts.google.com/o/oauth2/v2/auth?client_id=Test&prompt=select_account&redirect_uri=https%3A%2F%2F$CUSTOM_DOMAIN%2Fidps%2Fcallback&response_type=code&scope=openid+profile+email&state=218525066445455617
 ```
 
 After the user has successfully authenticated, a redirect to the ZITADEL backend /idps/callback will automatically be performed.
 
 :::warning
-Note that the redirect URL is `https://{YOUR-DOMAIN}/idps/callback` when using the new V2 hosted login compared to the V1 hosted login, which was `https://{YOUR-DOMAIN}/ui/login/login/externalidp/callback`.
+Note that the redirect URL is `https://{CUSTOM_DOMAIN}/idps/callback` when using the new V2 hosted login compared to the V1 hosted login, which was `https://{CUSTOM_DOMAIN}/ui/login/login/externalidp/callback`.
 :::
 
 ## Get Provider Information
@@ -79,7 +79,7 @@ To get the information of the provider, make a request to ZITADEL.
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/idp_intents/$INTENT_ID \
+  --url https://$CUSTOM_DOMAIN/v2/idp_intents/$INTENT_ID \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \
@@ -138,7 +138,7 @@ This check requires that the previous step ended on the successful page and didn
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/sessions \
+  --url https://$CUSTOM_DOMAIN/v2/sessions \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
 
@@ -170,7 +170,7 @@ The display name is used to list the linkings on the users.
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/human \
+  --url https://$CUSTOM_DOMAIN/v2/users/human \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \
@@ -209,7 +209,7 @@ If you want to link/connect to an existing account you can perform the add ident
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/users/218385419895570689/links \
+  --url https://$CUSTOM_DOMAIN/v2/users/users/218385419895570689/links \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \

docs/docs/guides/integrate/login-ui/mfa.mdx

@@ -41,7 +41,7 @@ Request Example:
 
 ```bash
 curl --request POST \
-    --url https://$ZITADEL_DOMAIN/v2/users/$USER_ID/totp \
+    --url https://$CUSTOM_DOMAIN/v2/users/$USER_ID/totp \
     --header 'Accept: application/json' \
     --header 'Authorization: Bearer '"$TOKEN"''
     --header 'Content-Type: application/json' \
@@ -73,7 +73,7 @@ Request Example:
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/$USER_ID/totp/verify \
+  --url https://$CUSTOM_DOMAIN/v2/users/$USER_ID/totp/verify \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''
   --header 'Content-Type: application/json' \
@@ -99,7 +99,7 @@ Example Request
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/sessions \
+  --url https://$CUSTOM_DOMAIN/v2/sessions \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json' \
@@ -136,7 +136,7 @@ More detailed information about the API: [Update session Documentation](/apis/re
 Example Request
 ```bash
 curl --request PATCH \
-  --url https://$ZITADEL_DOMAIN/v2/sessions/$SESSION-ID \
+  --url https://$CUSTOM_DOMAIN/v2/sessions/$SESSION-ID \
   --header 'Accept: application/json' \
   --header 'Content-Type: application/json' \
   --data '{
@@ -175,7 +175,7 @@ Example Request:
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/$USER-ID/phone \
+  --url https://$CUSTOM_DOMAIN/v2/users/$USER-ID/phone \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json' \
@@ -195,7 +195,7 @@ More detailed information about the API: [Verify phone](/apis/resources/user_ser
 Example Request:
 ```bash
 curl --request POST \
-    --url https://$ZITADEL_DOMAIN/v2/users/$USER-ID/phone/verify \
+    --url https://$CUSTOM_DOMAIN/v2/users/$USER-ID/phone/verify \
     --header 'Accept: application/json' \
     --header 'Authorization: Bearer '"$TOKEN"'' \
     --header 'Content-Type: application/json' \
@@ -213,7 +213,7 @@ More detailed information about the API: [Add OTP SMS for a user](/apis/resource
 Example Request:
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/$USER-ID/otp_sms \
+  --url https://$CUSTOM_DOMAIN/v2/users/$USER-ID/otp_sms \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json'
@@ -237,7 +237,7 @@ Example Request
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/sessions \
+  --url https://$CUSTOM_DOMAIN/v2/sessions \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json' \
@@ -264,7 +264,7 @@ Example Request
 
 ```bash
 curl --request PATCH \
-  --url https://$ZITADEL_DOMAIN/v2/sessions/225307381909694507 \
+  --url https://$CUSTOM_DOMAIN/v2/sessions/225307381909694507 \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json' \
@@ -301,7 +301,7 @@ More detailed information about the API: [Add OTP Email for a user](/apis/resour
 Example Request:
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/$USER-ID/otp_email \
+  --url https://$CUSTOM_DOMAIN/v2/users/$USER-ID/otp_email \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json'
@@ -325,7 +325,7 @@ Example Request
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/sessions \
+  --url https://$CUSTOM_DOMAIN/v2/sessions \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json' \
@@ -352,7 +352,7 @@ Example Request
 
 ```bash
 curl --request PATCH \
-  --url https://$ZITADEL_DOMAIN/v2/sessions/225307381909694507 \
+  --url https://$CUSTOM_DOMAIN/v2/sessions/225307381909694507 \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json' \
@@ -386,7 +386,7 @@ Request Example:
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/$USER_ID/u2f \
+  --url https://$CUSTOM_DOMAIN/v2/users/$USER_ID/u2f \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''
   --header 'Content-Type: application/json' \
@@ -457,7 +457,7 @@ Example Request:
 ```bash
 
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/$USER_ID/u2f/$PASSKEY_ID \
+  --url https://$CUSTOM_DOMAIN/v2/users/$USER_ID/u2f/$PASSKEY_ID \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \
@@ -497,7 +497,7 @@ Example Request
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/sessions \
+  --url https://$CUSTOM_DOMAIN/v2/sessions \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json' \
@@ -510,7 +510,7 @@ curl --request POST \
   "metadata": {},
   "challenges": {
 		"webAuthN": {
-			"domain": "YOUR-Domain",
+			"domain": "CUSTOM_DOMAIN",
 			"userVerificationRequirement": "USER_VERIFICATION_REQUIREMENT_DISCOURAGED"
 		}
 	}

docs/docs/guides/integrate/login-ui/oidc-standard.mdx

@@ -55,7 +55,7 @@ With the ID from the redirect before you will now be able to get the information
 
 ```bash
 curl --request GET \
-  --url https://$ZITADEL_DOMAIN/v2/oidc/auth_requests/V2_224908753244265546 \
+  --url https://$CUSTOM_DOMAIN/v2/oidc/auth_requests/V2_224908753244265546 \
   --header 'Authorization: Bearer '"$TOKEN"''
 ```
 
@@ -100,7 +100,7 @@ Read more about the [Finalize Auth Request Documentation](/docs/apis/resources/o
 Make sure that the authorization header is from an account which is permitted to finalize the Auth Request through the `IAM_LOGIN_CLIENT` role.
 ```bash
 curl --request POST \
-  --url $ZITADEL_DOMAIN/v2/oidc/auth_requests/V2_224908753244265546 \
+  --url $CUSTOM_DOMAIN/v2/oidc/auth_requests/V2_224908753244265546 \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \

docs/docs/guides/integrate/login-ui/passkey.mdx

@@ -34,7 +34,7 @@ Send either the sendLink or the returnCode (empty message) in the request body,
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/$USER_ID/passkeys/registration_link \
+  --url https://$CUSTOM_DOMAIN/v2/users/$USER_ID/passkeys/registration_link \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \
@@ -81,7 +81,7 @@ The code only has to be filled if the user did get a registration code.
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/$USER_ID/passkeys \
+  --url https://$CUSTOM_DOMAIN/v2/users/$USER_ID/passkeys \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \
@@ -185,7 +185,7 @@ Example Request:
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/$USER_ID/passkeys/$PASSKEY_ID \
+  --url https://$CUSTOM_DOMAIN/v2/users/$USER_ID/passkeys/$PASSKEY_ID \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \
@@ -223,7 +223,7 @@ More detailed information about the API: [Create Session Documentation](/apis/re
 Example Request:
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/sessions \
+  --url https://$CUSTOM_DOMAIN/v2/sessions \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \

docs/docs/guides/integrate/login-ui/password-reset.mdx

@@ -29,7 +29,7 @@ Make sure to also include the URL Template to customize the reset link in the em
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/$USER_ID/password_reset \
+  --url https://$CUSTOM_DOMAIN/v2/users/$USER_ID/password_reset \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json' \
@@ -48,7 +48,7 @@ Send the request with asking for the return Code in the body of the request.
 #### Request
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/$USER_ID/password_reset \
+  --url https://$CUSTOM_DOMAIN/v2/users/$USER_ID/password_reset \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json' \
@@ -96,7 +96,7 @@ In this case it requires additionally the current password instead of the verifi
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/$USER_ID/password \
+  --url https://$CUSTOM_DOMAIN/v2/users/$USER_ID/password \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json' \

docs/docs/guides/integrate/login-ui/saml-standard.mdx

@@ -55,7 +55,7 @@ With the ID from the redirect before you will now be able to get the information
 
 ```bash
 curl --request GET \
-  --url https://$ZITADEL_DOMAIN/v2/saml/saml_requests/V2_224908753244265546 \
+  --url https://$CUSTOM_DOMAIN/v2/saml/saml_requests/V2_224908753244265546 \
   --header 'Authorization: Bearer '"$TOKEN"''
 ```
 
@@ -97,7 +97,7 @@ Read more about the [Finalize SAML Request Documentation](/docs/apis/resources/s
 Make sure that the authorization header is from an account which is permitted to finalize the SAML Request through the `IAM_LOGIN_CLIENT` role.
 ```bash
 curl --request POST \
-  --url $ZITADEL_DOMAIN/v2/saml/saml_requests/V2_224908753244265546 \
+  --url $CUSTOM_DOMAIN/v2/saml/saml_requests/V2_224908753244265546 \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \

docs/docs/guides/integrate/login-ui/username-password.mdx

@@ -23,7 +23,7 @@ Read more about the metadata [here](/docs/guides/manage/customize/user-metadata)
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/users/human \
+  --url https://$CUSTOM_DOMAIN/v2/users/human \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json' \
@@ -111,7 +111,7 @@ Send it to the Get Session Endpoint to find out how the user has authenticated.
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2/sessions \
+  --url https://$CUSTOM_DOMAIN/v2/sessions \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"'' \
   --header 'Content-Type: application/json' \
@@ -176,7 +176,7 @@ To update an existing session, add the session ID you got in the previous step t
 
 ```bash
 curl --request PATCH \
-  --url https://$ZITADEL_DOMAIN/v2/sessions/$SESSION_ID \
+  --url https://$CUSTOM_DOMAIN/v2/sessions/$SESSION_ID \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \

docs/docs/guides/integrate/login/hosted-login.mdx

@@ -226,7 +226,7 @@ Your contributions will play a crucial role in shaping the future of our login s
 As this feature is currently in Beta, please be aware of some potential workarounds and important considerations before implementation.
 
 - **Create Users:** The new typescript login is built with the session and the user V2 API, the users V2 API does have some differences to the v1 API, so make sure you create users through the new API.
-- **External IDPs:** If you want to use external identity provider login, such as Login with Google or Apple. You can follow our existing setup guides, just make sure to use the following redirect url: $YOUR-DOMAIN/idps/callback
+- **External IDPs:** If you want to use external identity provider login, such as Login with Google or Apple. You can follow our existing setup guides, just make sure to use the following redirect url: `$CUSTOM_DOMAIN/idps/callback`
 - **Passkey/U2F:** Those authentication methods are bound to a domain. As your new login runs on a different domain than the previous login, existing passwordless authentication and u2f (fingerprint, face id, etc.) can’t be used. Also when they are managed through the management console of ZITADEL, they are added on a different domain.
   <br />
   *Note: If you run the login on a subdomain of your current instance, this problem

docs/docs/guides/integrate/login/oidc/authmethods/_basic.mdx

@@ -60,7 +60,7 @@ So check [Client Secret Basic Auth Method](/apis/openidoauth/authn-methods#clien
 
 ```curl
 curl --request POST \
---url {your-domain}/oauth/v2/token \
+--url {CUSTOM_DOMAIN}/oauth/v2/token \
 --header 'Authorization: Basic ${basic}' \
 --header 'Content-Type: application/x-www-form-urlencoded' \
 --data grant_type=authorization_code \

docs/docs/guides/integrate/login/oidc/authmethods/_jwtpk.mdx

@@ -62,7 +62,7 @@ for us to validate the signature against the registered public key:
 
 ```curl
 curl --request POST \
---url {your-domain}/oauth/v2/token \
+--url {CUSTOM_DOMAIN}/oauth/v2/token \
 --header 'Content-Type: application/x-www-form-urlencoded' \
 --data grant_type=authorization_code \
 --data code=${code} \

docs/docs/guides/integrate/login/oidc/authmethods/_pkce.mdx

@@ -67,7 +67,7 @@ Send your `client_id` and the previously generated string as `code_verifier` for
 
 ```curl
 curl --request POST \
---url {your-domain}/oauth/v2/token \
+--url {CUSTOM_DOMAIN}/oauth/v2/token \
 --header 'Content-Type: application/x-www-form-urlencoded' \
 --data grant_type=authorization_code \
 --data code=${code} \

docs/docs/guides/integrate/login/oidc/authmethods/_pkcenative.mdx

@@ -53,7 +53,7 @@ Send your `client_id` and the previously generated string as `code_verifier` for
 
 ```curl
 curl --request POST \
---url {your-domain}/oauth/v2/token \
+--url {CUSTOM_DOMAIN}/oauth/v2/token \
 --header 'Content-Type: application/x-www-form-urlencoded' \
 --data grant_type=authorization_code \
 --data code=${code} \

docs/docs/guides/integrate/retrieve-user-roles.md

@@ -208,7 +208,7 @@ https://github.com/zitadel/actions/blob/main/examples/custom_roles.js
 ### Retrieve roles using the auth API
 
 Now we will use the auth API to retrieve roles from a logged in user using the user’s token
-The base URL is: **https://$ZITADEL_DOMAIN/auth/v1**
+The base URL is: **https://$CUSTOM_DOMAIN/auth/v1**
 
 Let’s start with a user who has multiple roles in different organizations in a multi-tenanted set up. You can use the logged in user’s token or the machine user’s token to retrieve the authorizations using the [APIs listed under user authorizations/grants in the auth API](/docs/apis/resources/auth/user-authorizations-grants). 
 
@@ -471,12 +471,12 @@ curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/grants/_search' \
 
 Returns a user grant per ID. A user grant is a role a user has for a specific project and organization.
 
-**URL: https://$ZITADEL_DOMAIN//management/v1/users/:userId/grants/:grantId**
+**URL: https://$CUSTOM_DOMAIN//management/v1/users/:userId/grants/:grantId**
 
 **cURL request:**
 
 ```bash 
-curl -L -X GET 'https://$ZITADEL_DOMAIN/management/v1/users/:userId/grants/:grantId' \
+curl -L -X GET 'https://$CUSTOM_DOMAIN/management/v1/users/:userId/grants/:grantId' \
 -H 'Accept: application/json' \
 -H 'Authorization: Bearer <TOKEN>'
 ```

docs/docs/guides/integrate/token-introspection/private-key-jwt.mdx

@@ -161,7 +161,7 @@ def introspect_token(self, token_string):
     payload = {
         "iss": API_PRIVATE_KEY_FILE["client_id"],
         "sub": API_PRIVATE_KEY_FILE["client_id"],
-        "aud": ZITADEL_DOMAIN,
+        "aud": CUSTOM_DOMAIN,
         "exp": int(time.time()) + 60 * 60,  # Expires in 1 hour
         "iat": int(time.time())
     }

docs/docs/guides/integrate/tools/apache2.mdx

@@ -40,7 +40,7 @@ With the following parameters
 
 | Parameter | Description | Example value|
 |---|---|---|
-| OIDCProviderMetadataURL | Is the url to the discovery endpoint, which is typically located at `{your-domain}/.well-known/openid-configuration`| `https://<your_domain>.zitadel.cloud/.well-known/openid-configuration` |
+| OIDCProviderMetadataURL | Is the url to the discovery endpoint, which is typically located at `{CUSTOM_DOMAIN}/.well-known/openid-configuration`| `https://<your_domain>.zitadel.cloud/.well-known/openid-configuration` |
 | OIDCClientID | Is the ID of the zitadel application. You can find it on the settings page of the application.  | 123456789123@apache_test |
 | OIDCRedirectURI | Users will be redirected to this page after successful login. If you are using localhost or any other non-https endpoint, make sure to enable development mode in ZITADEL. | https://mysecureapp.io/secure/callback |
 | OIDCCryptoPassphrase | Create a secure passphrase. Consult the module's documentation for more details. | ... |