diff --git a/.configure-endpoints.sh b/.configure-endpoints.sh
new file mode 100755
index 0000000..c54d2b6
--- /dev/null
+++ b/.configure-endpoints.sh
@@ -0,0 +1,70 @@
+#!/bin/bash
+
+scriptversion="0.1"
+srcfolder="src"
+updatephp="update.php"
+configuresh=".configure.sh"
+
+### banner
+clear
+echo "##############################################"
+echo "### ownDynDNS multi-endpoint configuration ###"
+echo "###           script version $scriptversion           ###"
+echo "##############################################"
+echo ""
+
+echo "This script will set up multiple endpoints within the same webspace.\
+ That means you can use multiple sets of user credentials each with their own\
+ permissions regarding which domains to update."
+echo ""
+echo "It is recommended you use the webroot of your desired webspace, although\
+ you could place this directory structure anywhere you like, e.g. in a\
+ subdirectory of your homepage like example.com/dyndns/[this tree] ."
+echo ""
+echo "This script assumes you have already downloaded the update.php script\
+ and the src directory including its contents."
+echo ""
+
+### set up dir variable for this script
+dir=$(pwd)
+while [ ! -d $dir/$srcfolder ]
+do
+  echo "current directory does not contain ${srcfolder} !"
+  read -p "enter directory where ownDynDNS is located: " dir
+done
+
+### set up user and group for permissions later
+echo "This script will automatically set the necessary file permissions for\
+ your webserver. This might be www-data:www-data, please check if you run\
+ into any issues."
+echo ""
+read -p "enter the user the webserver is running as [www-data]: " wwwuserd
+read -p "enter the group the webserver is running as [www-data]: " wwwgroupd
+wwwuserd=${wwwuserd:-"www-data"}
+wwwgroupd=${wwwgroupd:-"www-data"}
+
+
+createEndpoint() {
+  local endpoint=$1
+  mkdir $dir/$endpoint
+  cp $dir/$updatephp $dir/$endpoint
+  chmod +x $dir/$configuresh
+  $dir/$configuresh $dir/$endpoint
+  chown $wwwuserd:$wwwgroupd $dir/$endpoint/$updatephp
+  chmod 440 $dir/$endpoint/$updatephp
+  chown $wwwuserd:$wwwgroupd $dir/$endpoint/.env
+  chmod 440 $dir/$endpoint/.env
+}
+
+echo "##############################################"
+echo "You will now start adding endpoints which are just subdirectories\
+ that contain the update.php file as well as a customized .env file."
+echo ""
+
+### endpoint creation loop
+while true
+do
+  read -p "enter endpoint name [Empty to quit]: " endpoint
+  if [ -z $endpoint ]; then break; fi
+  createEndpoint $endpoint
+done
diff --git a/.configure.sh b/.configure.sh
old mode 100644
new mode 100755
index ec0908f..b89b8d0
--- a/.configure.sh
+++ b/.configure.sh
@@ -1,54 +1,90 @@
 #!/bin/bash
-echo "### ownDynDNS configuration script"
 
 # set variables
-scriptversion="1.5"
-
-wwwuserd="www-data"
-wwwgroupd="www-data"
+scriptversion="1.6"
 
 defaultenvfile=".env.dist"
 
-dir=$(pwd)
-while [ ! -f $dir/$defaultenvfile ]
-do
-  echo "current directory does not contain ${defaultenvfile} !"
-  read -p "enter directory where ownDynDNS is located: " dir
-done
+if [ ! -z $1 ]
+then
+  dir=$1
+  endpoint=$(basename ${dir})
+
+  # set up log file location suggestion
+  log1="/var/log/dnsupdater/${endpoint}.json"
+  log2="${dir}/log.json"
+  
+else
+  echo "### ownDynDNS configuration script"
+
+  wwwuserd="www-data"
+  wwwgroupd="www-data"
+
+  dir=$(pwd)
+  while [ ! -f $dir/$defaultenvfile ]
+  do
+    echo "current directory does not contain ${defaultenvfile} !"
+    read -p "enter directory where ownDynDNS is located: " dir
+  done
+
+  # source .env.dist
+  source $dir/$defaultenvfile
+
+  # set up log file location suggestions
+  log1="$logFile"
+  log2="/var/log/dnsupdater/log.json"
+fi
 
-# source .env.dist
-source $dir/$defaultenvfile
 
 envfile="${dir}/.env"
 
-log1="$logFile"
-log2="/var/log/dnsupdater/log.json"
-
 
 ### main script
 #echo "found ${defaultenvfile}. using current directory"
 
 read -p "enter a custom username for dns updates [random]: " user
 user=${user:-$(tr -dc A-Za-z0-9 </dev/urandom | head -c 16)}
-#echo "using username: ${user}"
+echo "using username: ${user}"
 
 read -s -p "enter a custom password for dns updates [random]: " pass
 pass=${pass:-$(tr -dc A-Za-z0-9 </dev/urandom | head -c 16)}
 echo ""
-#echo "using password: ${pass}"
+echo "using password: ${pass}"
 
-read -s -p "enter your netcup DNS API Key: " apikey
-echo ""
-#echo "using api key: ${apikey}"
+if [ -z $DDNS_NETCUP_API_KEY ]
+then
+  read -s -p "enter your netcup DNS API Key: " apikey
+  echo ""
+else
+  echo -e "Found DDNS_NETCUP_API_KEY. Leave empty to use or enter new DNS API Key\n"
+  read -p "DNS API Key [${DDNS_NETCUP_API_KEY}]: " apikey
+  apikey=${apikey:-$DDNS_NETCUP_API_KEY}
+fi
 
-read -s -p "enter your netcup API Password: " apipass
-echo ""
-#echo "using api password: ${apipass}"
+if [ -z $DDNS_NETCUP_API_PASSWORD ]
+then
+  read -s -p "enter your netcup API Password: " apipass
+  echo ""
+else
+  echo "Found DDNS_NETCUP_API_PASSWORD. Leave empty to use or enter new DNS API Password"
+  read -p "DNS API Password [${DDNS_NETCUP_API_PASSWORD}]: " apipass
+  echo ""
+  apipass=${apipass:-$DDNS_NETCUP_API_PASSWORD}
+fi
 
-read -p "enter your netcup customer ID: " custid
-#echo "using customer id: ${custid}"
+if [ -z $DDNS_NETCUP_CUSTOMER_ID ]
+then
+  read -s -p "enter your netcup customer ID: " custid
+  echo ""
+else
+  echo "Found DDNS_NETCUP_CUSTOMER_ID. Leave empty to use or enter new customer ID"
+  read -p "Netcup customer ID [${DDNS_NETCUP_CUSTOMER_ID}]: " custid
+  echo ""
+  custid=${custid:-$DDNS_NETCUP_CUSTOMER_ID}
+fi
 
 read -p "do you wish to enable debugging? [y/N]: " debug
+echo ""
 if [[ ${debug,,::1} == "y" ]]
 then
   #echo "enabling debugging"
@@ -59,6 +95,7 @@ else
 fi
 
 read -p "do you want to enable logging? [Y/n]: " log
+echo ""
 if [[ ${log,,::1} != "n" ]]
 then
   #echo "enabling logging"
@@ -75,12 +112,14 @@ echo "[2] private: ${log2}"
 echo "[3] custom location"
 
 read -p "select from the choices above [1]: " choice
+echo ""
 case $choice in
   2)
     logfile=${log2}
     ;;
   3)
     read -p "enter logfile location: " logfile
+    echo ""
     logfile=${logfile:-$log1}
     ;;
   *)
@@ -88,18 +127,23 @@ case $choice in
     ;;
 esac
 
-echo "the logfile needs to be writable by the webserver if logging is enabled."
-read -p "which user does the webserver run as? [${wwwuserd}]: " wwwuser
-wwwuser=${wwwuser:-$wwwuserd}
+if [ -z ${endpoint} ]
+then
+  echo "the logfile needs to be writable by the webserver if logging is enabled."
+  read -p "which user does the webserver run as? [${wwwuserd}]: " wwwuser
+  echo ""
+  wwwuser=${wwwuser:-$wwwuserd}
 
-read -p "which group does the webserver run as? [${wwwgroupd}]: " wwwgroup
-wwwgroup=${wwwgroup:-$wwwgroupd}
-
-mkdir -p $(dirname $logfile) && touch $logfile || echo "### could not create logfile!"
-chown $wwwuser:$wwwgroup $logfile
-chmod 0640 $logfile
-#echo "logfile will be created at: ${logfile}"
+  read -p "which group does the webserver run as? [${wwwgroupd}]: " wwwgroup
+  echo ""
+  wwwgroup=${wwwgroup:-$wwwgroupd}
 
+  mkdir -p $(dirname $logfile) && touch $logfile || echo "### could not create logfile!"
+  echo ""
+  chown $wwwuser:$wwwgroup $logfile
+  chmod 0640 $logfile
+  #echo "logfile will be created at: ${logfile}"
+fi
 
 
 ### Apache htaccess file config
@@ -108,23 +152,31 @@ echo "select if you want to enable the .htaccess file:"
 echo "[1] no .htaccess file. (e.g. using nginx)"
 echo "[2] block access to .env file only (default log location accessible)"
 echo "[3] block access to .env file and log file"
+echo ""
 
 read -p "select from the choices above [1]: " choice
+echo ""
 case $choice in
   2)
     cat > $htaccess << EOM
 <FilesMatch "\.env$">
         Order allow,deny
         Deny from all
-</FilesMatch>
+</FilesMatch>envfile
 EOM
-    rm .htaccess.example
+    if [ -z $endpoint ]
+    then
+      rm .htaccess.example
+    fi
     ;;
   3)
     mv .htaccess{.example,}
     ;;
   *)
-    rm .htaccess.example
+    if [ -z $endpoint ]
+    then
+      rm .htaccess.example
+    fi
     ;;
 esac
 
@@ -133,6 +185,7 @@ echo "if you are using nginx please read the docs about how to disable access to
 echo -e "  location ~* (env|log|json) {\n    deny all;\n    return 404;\n  }"
 
 read -p "do you wish to enable result return? [y/N]: " returnip
+echo ""
 if [[ ${returnip,,::1} == "y" ]]
 then
   #echo "enabling return ip"
@@ -143,6 +196,7 @@ else
 fi
 
 read -p "do you want to allow creation of new entries on the fly? [y/N]: " allowcreate
+echo ""
 if [[ ${allowcreate,,::1} == "y" ]]
 then
   #echo "enabling return ip"
@@ -152,20 +206,38 @@ else
   allowcreate="false"
 fi
 
+read -p "do you want to restrict updates to a specific domain entry? [Y/n]: " restrictdomain
+echo ""
+if [[ ${restrictdomain,,::1} == "n" ]]
+then
+  restrictdomain="false"
+else
+  restrictdomain="true"
+  echo "enter the FQDN you want to restrict updates to. If you are using third\
+ level domains, e.g. nas.home.example.com you should only enter example.com"
+  echo "use the \"host\" variable for nas.home in that case."
+  echo ""
+  read -p "domain or FQDN: " domain
+  echo ""
+  read -p "host if third level domain: " host
+  echo ""
+fi
+
 
 ### create the .env file
 if [ -f $envfile ]
 then
   echo "${envfile} already exists!"
   read -p "overwrite? [y/N]: " overwrite
+  echo ""
   if [[ ! ${overwrite,,::1} == y ]]
   then
     echo "script cancelled. exiting"
+    echo ""
     exit 1
   fi
 fi
 
-#echo "creating .env file"
 touch $envfile
 echo "# file created at $(date)" >$envfile
 echo "# by configuration script version ${scriptversion}" >> $envfile
@@ -179,5 +251,15 @@ echo "log=${log}" >> $envfile
 echo "logFile=${logfile}" >> $envfile
 echo "returnIp=${returnip}" >> $envfile
 echo "allowCreate=${allowcreate}" >> $envfile
+echo "restrictDomain=${restrictdomain}" >> $envfile
+if [ ! -z ${domain} ]
+then
+  echo "domain=${domain}" >> $envfile
+fi
+if [ ! -z ${host} ]
+then
+  echo "host=${host}" >> $envfile
+fi
 
 echo "created .env file at: ${envfile}"
+echo ""