Getting Started with Merlonix
Merlonix has two core workflows: brand asset attestation (tamper-evident certificates for logos and brand files) and domain monitoring (SSL, DNS, and domain expiry tracking for client sites). This guide walks through both.
Most agencies start with attestation because it has no technical prerequisites — you can issue your first certificate within minutes of signing up. Domain monitoring takes a few more steps but is straightforward once the client account is configured.
What you can accomplish in this guide:
- Issue your first brand asset certificate (5 minutes)
- Add a client domain and start SSL and DNS monitoring (5 minutes)
- Configure alert routing so the right person is notified when something needs attention (5 minutes)
If you are setting up monitoring for your entire client portfolio, the 30-minute setup guide covers the full batch process after you have completed these steps.
1. Create your account
Sign up at merlonix.com/pricing/ and start your 14-day free trial on the Starter tier. No credit card required during the trial.
Merlonix uses magic-link authentication — enter your email, click the link, and you land on the dashboard. No password to create.
2. Issue your first brand asset attestation
Attestation creates a tamper-evident certificate tied to a specific file. When a client questions whether a delivered logo was the approved version, the certificate resolves it: here is the file hash, here is the timestamp, here is the verification link.
Steps:
- Navigate to Attestations → New attestation
- Select an asset (or add a new one with a label and hostname)
- Choose an attestation method:
- Inline — enter a description of what you are certifying (e.g. "Final logo pack v3 — approved 2026-04-29")
- DNS TXT record — add a
_merlonix-verify.<domain>TXT record with the provided token - HTTP file — serve a file at
/.well-known/merlonix-<token>.txt
- Click Verify now
The certificate is issued immediately for inline attestations. DNS and HTTP methods typically resolve within 30 seconds once the challenge is in place.
What you get: a public verification URL. Share this with the delivery email. Anyone with the link — your client, their legal team, a third-party auditor — can verify the certificate status, the timestamp, and the file hash without logging in.
To revoke a certificate (when an asset is superseded or a deliverable is disputed), go to Attestations, find the certificate, and click Revoke. Stakeholders with the old verification link immediately see a "revoked" status.
3. Add a domain for monitoring
Monitoring runs SSL and DNS checks against a hostname on a configurable schedule. It catches certificate expiry before it breaks client sites and flags DNS drift before it causes email delivery failures or SEO drops.
From the Assets tab, click Add asset and fill in:
| Field | What to enter |
|---|---|
| Label | A human-readable name, e.g. Client A — shop |
| Domain / IP | The hostname being monitored, e.g. shop.clienta.com |
| Check interval | How often to run checks — 5 min for critical, 60 min for low-traffic |
| SSL monitoring | Enabled by default — tracks certificate expiry, key algorithm, issuer chain |
| DNS monitoring | Enabled by default — detects record drift against a stored baseline |
Click Save. Merlonix enqueues the first check immediately. After the check runs, open the asset detail page to see:
- SSL status —
ok,expiring_soon,expired, or a flagged anomaly likekey_downgrade - DNS status —
okor a drift classification such asA_record_changed - Days until expiry — a chart of the last 50 checks so you can spot gradual expiry trends
Adding your full client portfolio: The steps above cover a single domain. To add all client domains with per-client alert routing and automated reports, see the 30-minute SSL monitoring setup guide.
4. Set up alert channels
Go to Settings → Alert channels and add a destination for monitoring alerts:
- Email — your billing email is pre-filled; add team member addresses as needed
- Slack webhook — paste the Incoming Webhook URL from your Slack app settings
- Generic webhook — any HTTPS endpoint; requests are signed with
X-Merlonix-Signature: sha256=<hex>
Each channel lets you filter by severity so your 3 AM pager only fires on critical alerts.
Alert routing is per-client: Client A's SSL expiry alert goes to Client A's channel, not into a shared inbox with all other clients. Configure routing per client under each client account in Settings → Alert channels. See Alert Channels for the full reference, or How to Configure Slack Alerts for Client SSL Expiry for a step-by-step Slack setup guide.
What to Do Next
Set up your full client portfolio
The four steps above cover a single client domain. To configure monitoring across all your clients efficiently:
- How to Set Up SSL Monitoring for All Your Client Domains in 30 Minutes — batch setup walkthrough for agencies
- Agency Client Onboarding Checklist: Brand Assets and Digital Certificates — complete six-phase onboarding process including domain inventory, brand assets, and attestation
Configure alerts and DNS monitoring
- Alert Channels — email, Slack, and webhook configuration with per-severity filters
- DNS Monitoring Setup — how baselines work, what drift classifications mean, and when to update baselines
- Client Status Pages — share a live status page URL with clients (no login required)
- How to Configure Slack Alerts for Client SSL Expiry — step-by-step Slack setup guide
Understand how monitoring works
- Monitoring Concepts — how Merlonix classifies each check result and assigns severity levels
- Agency Monitoring: The Complete Guide — SSL, DNS, domain expiry, vendor monitoring, and client reporting in one reference
Configure client reporting
Monthly reports are generated automatically per client — navigate to Reports → Schedule for each client to configure delivery.
- Monthly Reports — what each report section contains, how to schedule delivery, and how to use quarterly reviews
- Vendor Stack Tags — configure which vendor services appear in your reports and alerts
- Brand Monitoring Reporting for Agencies: What to Include in Monthly Client Reports
Go deeper on attestation and compliance
- Attestation Deep Dive — how verification methods work, tamper evidence, and 7-year audit log retention
- API Integration Reference — automate asset provisioning, attestation creation, and data export via REST API
- How to Deliver a Brand Attestation Certificate to a Client — step-by-step certificate delivery workflow
- Certificate of Authenticity Software: Buyer's Guide for Agencies
- Brand Asset Compliance Playbook for Marketing Agencies
- Brand Asset Audit for Marketing Agencies: Finding Compliance Gaps Before They Become Problems
- Agency Brand Protection: Safeguarding Client Brands at Scale