Domain Inventory API: Build a Complete Domain Asset Inventory

Introduction

Most domain problems start with a deceptively small question: which domains do we actually own, and what are they doing right now? The answer is often spread across registrar accounts, DNS providers, old campaign spreadsheets, acquisition documents, support tickets and individual memory.

A domain inventory API workflow gives operations and security teams a repeatable way to turn a domain list into current technical evidence. For each domain, query the documented /whois, /nslookup and /ssl-cert-check endpoints, normalize the fields that matter, and store the result with a timestamp.

This article focuses on the inventory build step. For ongoing ownership, renewal and alerting workflows, connect this inventory to the broader domain portfolio management API process.

What Is a Domain Inventory API?

A domain inventory API is a workflow that enriches a list of domains with current technical data: registrar, registration dates, expiration dates, EPP status, nameservers, DNS records, email security records and SSL certificate state.

Practical definition: a domain inventory is not only a list of names. It is a timestamped record of what each domain resolves to, who controls it, when it can expire and which production services depend on it.

The inventory itself usually lives in your database, CMDB, GRC tool or internal dashboard. WhoisJSON supplies the lookup layer that refreshes the public domain signals in JSON.

Why Domain Asset Inventory Breaks Manually

Manual inventory breaks because domain data changes outside the spreadsheet. A registrar transfer can alter renewal ownership. A DNS provider migration can move every record in the zone. A certificate can rotate, expire or change issuer without the business owner noticing.

Forgotten domains

Campaign, acquisition, redirect and ccTLD domains often stay active after the team that created them has moved on.

DNS drift

NS, MX, TXT, CAA and CNAME records change as vendors, email providers and products evolve.

Renewal risk

Expiry dates and EPP status codes identify domains that need ownership or renewal action.

SSL blind spots

Certificate expiry, issuer changes and SAN coverage matter for customer-facing domains and APIs.

Which WhoisJSON Endpoints to Use

The workflow below uses only documented endpoints from the WhoisJSON OpenAPI specification. Authenticate every request with Authorization: TOKEN=YOUR_API_KEY and use the production base URL https://whoisjson.com/api/v1.

Inventory signal	Endpoint	Fields to read	Use
Registrar and ownership context	`/whois`	`registrar`, `contacts`	Identify the registrar and available contact context.
Expiry and age	`/whois`	`created`, `expires`, `age`, `expiration`	Prioritize renewals and flag new or expiring domains.
Domain status	`/whois`	`status`, `statusAnalysis`	Detect holds, transfer locks, redemption and pending delete states.
Nameservers	`/whois` and `/nslookup`	`nameserver`, `nsAnalysis`, `NS`	Compare registrar-side and live DNS delegation signals.
DNS inventory	`/nslookup`	`A`, `AAAA`, `CNAME`, `MX`, `TXT`, `SOA`, `CAA`	Understand web, email, vendor and zone configuration.
Email security	`/nslookup`	`DMARC`, `BIMI`, `MTASTS`, `TLSRPT`	Track mail authentication and transport security records.
SSL certificate state	`/ssl-cert-check`	`issuer`, `valid_from`, `valid_to`, `valid`, `details`	Detect certificate expiry, issuer changes and SAN coverage.
Candidate availability	`/domain-availability`	`domain`, `available`	Check defensive variants or candidate domains you do not own yet.

Keep availability separate. For owned domains, inventory starts with WHOIS, DNS and SSL. Use domain availability for candidates, defensive variants and naming research.

Example Domain Inventory Schema

Store a compact normalized object instead of raw API responses only. Keep raw responses if you need audit detail, but make the main inventory easy to query and diff.

Normalized inventory rowJSON

{
  "domain": "example.com",
  "checked_at": "2026-06-22T10:30:00Z",
  "registrar": "Example Registrar, Inc.",
  "registered": true,
  "created": "1995-08-14 04:00:00",
  "expires": "2026-08-13 04:00:00",
  "days_left": 52,
  "status": ["clientTransferProhibited"],
  "nameservers": ["a.iana-servers.net", "b.iana-servers.net"],
  "dns": {
    "a": ["93.184.216.34"],
    "mx": [],
    "txt_count": 2,
    "has_dmarc": true,
    "caa": []
  },
  "ssl": {
    "valid": true,
    "issuer": "DigiCert Inc",
    "valid_to": "2026-09-10T23:59:59.000Z"
  },
  "business": {
    "owner": "Web Platform",
    "criticality": "production",
    "purpose": "primary website"
  }
}

The business block is not returned by WhoisJSON. Add it from your internal systems so the technical state becomes actionable.

Basic Requests

A full inventory pass usually starts with three API calls per domain.

WHOIS/RDAP inventorycURL

curl "https://whoisjson.com/api/v1/whois?domain=example.com" \
  -H "Authorization: TOKEN=YOUR_API_KEY"

DNS inventorycURL

curl "https://whoisjson.com/api/v1/nslookup?domain=example.com" \
  -H "Authorization: TOKEN=YOUR_API_KEY"

SSL inventorycURL

curl "https://whoisjson.com/api/v1/ssl-cert-check?domain=example.com" \
  -H "Authorization: TOKEN=YOUR_API_KEY"

Python Example: Build Inventory from a Domain List

This example reads a small list of domains and returns normalized inventory rows. In production, persist the rows in a database and add retry/backoff for 429 and transient 5xx responses.

domain_inventory.pyPython

import requests
from datetime import datetime, timezone

API_KEY = "YOUR_API_KEY"
BASE_URL = "https://whoisjson.com/api/v1"
HEADERS = {"Authorization": f"TOKEN={API_KEY}"}


def get_json(path, domain):
    response = requests.get(
        f"{BASE_URL}/{path}",
        headers=HEADERS,
        params={"domain": domain},
        timeout=20,
    )
    response.raise_for_status()
    return response.json()


def normalize_inventory(domain):
    whois = get_json("whois", domain)
    dns = get_json("nslookup", domain)
    ssl = get_json("ssl-cert-check", domain)

    registrar = whois.get("registrar") or {}
    expiration = whois.get("expiration") or {}
    issuer = ssl.get("issuer") or {}

    return {
        "domain": domain,
        "checked_at": datetime.now(timezone.utc).isoformat(),
        "registered": whois.get("registered"),
        "registrar": registrar.get("name"),
        "created": whois.get("created"),
        "expires": whois.get("expires"),
        "days_left": expiration.get("daysLeft"),
        "status": whois.get("status", []),
        "nameservers": whois.get("nameserver", []),
        "ns_records": dns.get("NS", []),
        "a_records": dns.get("A", []),
        "mx_records": dns.get("MX", []),
        "has_dmarc": bool(dns.get("DMARC")),
        "has_caa": bool(dns.get("CAA")),
        "ssl_valid": ssl.get("valid"),
        "ssl_valid_to": ssl.get("valid_to"),
        "ssl_issuer": issuer.get("O") or issuer.get("CN"),
    }


domains = ["example.com", "example.net"]
inventory = [normalize_inventory(domain) for domain in domains]
print(inventory)

Every response includes the Remaining-Requests header. For larger inventories, use the rate limits and retries guide to pace calls within your plan.

Node.js Example: Compare Current State to a Baseline

Inventory becomes more useful when you compare the current state to the last known baseline. The example below checks a few high-impact fields.

inventory_diff.jsNode.js

const API_KEY = "YOUR_API_KEY";
const BASE_URL = "https://whoisjson.com/api/v1";

async function getJson(path, domain) {
  const url = new URL(`${BASE_URL}/${path}`);
  url.searchParams.set("domain", domain);

  const response = await fetch(url, {
    headers: { Authorization: `TOKEN=${API_KEY}` },
  });

  if (!response.ok) {
    throw new Error(`${path} failed with ${response.status}`);
  }

  return response.json();
}

function sorted(values) {
  return [...new Set((values || []).map((v) => String(v).toLowerCase()))].sort();
}

async function currentInventory(domain) {
  const [whois, dns, ssl] = await Promise.all([
    getJson("whois", domain),
    getJson("nslookup", domain),
    getJson("ssl-cert-check", domain),
  ]);

  return {
    domain,
    expires: whois.expires,
    status: sorted(whois.status),
    nameservers: sorted(whois.nameserver),
    nsRecords: sorted(dns.NS),
    mxRecords: sorted((dns.MX || []).map((mx) => mx.exchange)),
    sslValidTo: ssl.valid_to,
    sslValid: ssl.valid,
  };
}

function diffInventory(previous, current) {
  return {
    domain: current.domain,
    expiryChanged: previous.expires !== current.expires,
    nameserversChanged: JSON.stringify(previous.nameservers) !== JSON.stringify(current.nameservers),
    mxChanged: JSON.stringify(previous.mxRecords) !== JSON.stringify(current.mxRecords),
    sslExpiryChanged: previous.sslValidTo !== current.sslValidTo,
  };
}

const previous = {
  domain: "example.com",
  expires: "2026-08-13 04:00:00",
  nameservers: ["a.iana-servers.net", "b.iana-servers.net"],
  mxRecords: [],
  sslValidTo: "2026-09-10T23:59:59.000Z",
};

currentInventory("example.com")
  .then((current) => console.log(diffInventory(previous, current)))
  .catch(console.error);

How Often to Refresh Each Signal

Not every field needs the same cadence. Refresh expensive or low-risk parts less often and move high-risk domains into monitoring when changes should trigger immediate action.

Signal	Suggested cadence	Why
Expiry, registrar and EPP status	Daily for critical domains, weekly for ordinary domains	Renewal and ownership risks should not wait for quarterly reviews.
NS records	Daily or monitored	Nameserver changes can move the whole DNS zone.
MX, TXT, DMARC, CAA	Daily to weekly	Email, verification and certificate policy drift affect operations and security.
SSL validity	Daily for production domains	Certificate expiry can become a visible outage.
Availability of variants	Daily for active brand watchlists	Availability is useful for names you do not own yet.

Limits and Non-Goals

A good inventory is explicit about what the data source does and does not provide.

WhoisJSON lookup endpoints return current data. Store your own snapshots if you need inventory history and diffs.
This article stays focused on WHOIS/RDAP, DNS, SSL and optional availability workflows.
The DNS endpoint returns active DNS records in one response; it does not perform DNS zone transfers.
SSL checks inspect the certificate currently served by the domain on supported HTTPS ports.
Domain availability is for candidates and variants, not a substitute for ownership records on domains you already operate.
Business owner, cost center, renewal budget and criticality are internal fields you should add outside the API response.

Where This Fits in the Operations Cluster

Treat this article as the starting point for building the first usable dataset. Then use the specialized guides to deepen each operational workflow.

Domain Portfolio Management API turns the inventory into ownership, renewal and monitoring practice.
Domain expiry detection explains expiration lifecycle and EPP status risk.
Nameserver monitoring focuses on DNS delegation drift and provider migrations.
SOA record lookup helps detect zone-level DNS changes.
SSL certificate monitoring covers expiry, issuer and fingerprint change workflows.

FAQ

What is a domain inventory API?

A domain inventory API is a workflow that enriches a list of domains with current technical data such as registrar, expiration date, EPP status, nameservers, DNS records, email security records and SSL certificate state.

Which WhoisJSON endpoints should I use for domain inventory?

Use GET /api/v1/whois for registrar, dates, status and nameserver data; GET /api/v1/nslookup for DNS records; and GET /api/v1/ssl-cert-check for certificate validity, issuer, validity dates and certificate details.

Does WhoisJSON store historical domain inventory snapshots?

The documented lookup endpoints return current data. For an inventory system, store snapshots in your own database with a timestamp, then compare later API responses against your saved baseline.

How many API calls does a domain inventory refresh need?

A basic refresh with WHOIS, DNS and SSL data uses three calls per domain. For 500 domains, that is about 1,500 API calls per full sweep before any optional availability checks for variants or candidates.

Should domain availability be part of a domain inventory?

Use domain availability for candidates, defensive variants and names you do not own yet. For owned domains, the main inventory signals are WHOIS/RDAP, DNS and SSL state.

Conclusion

A domain inventory API workflow gives teams a live foundation for domain operations. Start with a simple list, enrich each domain with WHOIS/RDAP, DNS and SSL data, add internal ownership fields, then store timestamped snapshots so changes become visible.

Once the inventory is reliable, the next step is operations: renewal alerts, nameserver monitoring, DNS drift checks, certificate expiry tracking and monitoring for critical domains.

Build your first domain inventory

Start with the domains that would hurt most if they expired, changed DNS or lost HTTPS. WHOIS, DNS and SSL data are available under one API key.

Start free Read documentation