Introduction
TXT records are the workbench of DNS. A single domain can publish sender policy, product verification tokens, certificate validation material, vendor onboarding proofs, and security reporting hints as plain text values. That flexibility is useful, but it also makes TXT records noisy: the same array can contain SPF, Google verification, Microsoft tenant proof, GitHub Pages ownership, ACME challenges, and custom application metadata.
WhoisJSON exposes TXT records through the documented DNS Lookup API /nslookup endpoint. Query a domain, read the TXT array, then classify the strings your workflow cares about. There is no TXT-only endpoint and no hidden parser to invent: the API returns the published TXT values as structured JSON strings.
What Is a TXT Record Lookup API?
A TXT record lookup API accepts a domain name, queries DNS, and returns the domain's published TXT values as machine-readable JSON. Instead of shelling out to dig or nslookup and parsing text output, your application can store, compare, filter, and monitor the records directly.
GET /api/v1/nslookup?domain=example.com. The OpenAPI schema documents TXT as an array of strings in the Nslookup response.The same response can also include MX, DMARC, BIMI, MTASTS, TLSRPT, CAA, SOA and standard DNS records. For the broader record-type overview, see the DNS Lookup API guide.
What TXT Records Can Contain
TXT is a generic DNS record type, so the meaning comes from the string content. A precise integration should classify values by prefix, known token pattern, or expected vendor, not by assuming every TXT value has the same purpose.
| Pattern | Common purpose | What to do with it |
|---|---|---|
v=spf1 ... | SPF sender policy. | Parse as email sender authorization context. See the SPF guide for first-level parsing. |
google-site-verification=... | Google Search Console or Google service ownership proof. | Compare with the token expected by your onboarding flow. |
MS=ms... | Microsoft 365 or Azure tenant/domain verification. | Check whether the tenant proof is present before activating a customer domain. |
facebook-domain-verification=... | Meta domain ownership verification. | Store as a vendor verification signal, not as a security policy. |
atlassian-domain-verification=... | Atlassian organization/domain proof. | Useful during vendor inventory and SaaS governance audits. |
_github-pages-challenge-... | GitHub Pages domain ownership challenge. | Treat as an application ownership token. |
_globalsign-domain-verification=... | Certificate authority domain validation token. | Audit as certificate issuance or domain-control evidence. |
| Custom key/value text | Internal application metadata or vendor-specific proof. | Match against a known allowlist for your organization. |
Query TXT Records in JSON
Send the root domain in the domain query parameter and authenticate with Authorization: TOKEN=YOUR_API_KEY.
curl "https://whoisjson.com/api/v1/nslookup?domain=example.com" \
-H "Authorization: TOKEN=YOUR_API_KEY"The documented response exposes TXT as an array of strings. Fields present depend on what the domain publishes.
{
"TXT": [
"v=spf1 include:_spf.example.net -all",
"google-site-verification=abc123",
"MS=ms12345678",
"facebook-domain-verification=abcdef123456"
],
"MX": [
{ "exchange": "mail.example.com", "priority": 10 }
],
"DMARC": [
"v=DMARC1; p=reject; rua=mailto:[email protected]"
]
}Do not retry a successful API response just because TXT is empty. An empty or missing TXT array is a valid DNS result for domains that publish no TXT records.
Classify TXT Records by Use Case
Because TXT values are free-form strings, the practical workflow is classification. Start with exact prefixes for known standards, then maintain an allowlist of vendor tokens expected by your product, IT team, or customer-domain onboarding flow.
Email authentication
Values beginning with v=spf1 are SPF policies. Review them with MX and DMARC context, not as standalone deliverability proof.
Domain ownership
Verification strings from Google, Microsoft, Meta, GitHub, Atlassian and other SaaS tools prove DNS control for a product workflow.
Certificate validation
Some CAs publish DNS validation challenges as TXT values. Store and review these during certificate governance checks.
Configuration drift
Unexpected or stale vendor tokens can reveal abandoned services, incomplete migrations, or shadow SaaS usage.
For sender-policy parsing, use the SPF record lookup API guide. For DMARC policy, use the DMARC lookup API guide.
Python Example: Verify TXT Tokens
This example retrieves TXT records, extracts SPF values, and checks whether an expected domain-verification token is present.
import requests
API_KEY = "YOUR_API_KEY"
BASE_URL = "https://whoisjson.com/api/v1"
HEADERS = {"Authorization": f"TOKEN={API_KEY}"}
def classify_txt(value: str) -> str:
normalized = value.strip().lower()
if normalized.startswith("v=spf1"):
return "spf"
if normalized.startswith("google-site-verification="):
return "google_verification"
if normalized.startswith("ms=ms"):
return "microsoft_verification"
if normalized.startswith("facebook-domain-verification="):
return "meta_verification"
if normalized.startswith("atlassian-domain-verification="):
return "atlassian_verification"
if normalized.startswith("_globalsign-domain-verification="):
return "certificate_validation"
return "other"
def lookup_txt(domain: str, expected_token: str | None = None) -> dict:
response = requests.get(
f"{BASE_URL}/nslookup",
headers=HEADERS,
params={"domain": domain},
timeout=10,
)
response.raise_for_status()
txt_records = [
str(value).strip()
for value in response.json().get("TXT") or []
]
classified = [
{"value": value, "type": classify_txt(value)}
for value in txt_records
]
return {
"domain": domain,
"txtCount": len(txt_records),
"hasSpf": any(item["type"] == "spf" for item in classified),
"expectedTokenFound": (
expected_token in txt_records
if expected_token else None
),
"records": classified,
}
print(lookup_txt("example.com", "google-site-verification=abc123"))
Node.js Example: Audit TXT Records
This example groups TXT records into practical buckets for onboarding, email-security review, and vendor-token inventory.
const API_KEY = "YOUR_API_KEY";
const BASE_URL = "https://whoisjson.com/api/v1";
function classifyTxt(value) {
const normalized = value.trim().toLowerCase();
if (normalized.startsWith("v=spf1")) return "spf";
if (normalized.startsWith("google-site-verification=")) {
return "google_verification";
}
if (normalized.startsWith("ms=ms")) return "microsoft_verification";
if (normalized.startsWith("facebook-domain-verification=")) {
return "meta_verification";
}
if (normalized.startsWith("atlassian-domain-verification=")) {
return "atlassian_verification";
}
if (normalized.startsWith("_globalsign-domain-verification=")) {
return "certificate_validation";
}
return "other";
}
async function auditTxt(domain, allowedVendors = []) {
const url = new URL(`${BASE_URL}/nslookup`);
url.searchParams.set("domain", domain);
const response = await fetch(url, {
headers: { Authorization: `TOKEN=${API_KEY}` },
});
if (!response.ok) {
throw new Error(`DNS lookup failed: ${response.status}`);
}
const data = await response.json();
const records = (data.TXT ?? []).map((value) => ({
value: String(value).trim(),
type: classifyTxt(String(value)),
}));
const unexpectedVendorTokens = records.filter((record) => {
return record.type.endsWith("_verification")
&& !allowedVendors.includes(record.type);
});
return {
domain,
txtCount: records.length,
spfRecords: records.filter((record) => record.type === "spf"),
verificationTokens: records.filter((record) =>
record.type.endsWith("_verification")
),
unexpectedVendorTokens,
records,
};
}
auditTxt("example.com", ["google_verification", "microsoft_verification"])
.then(console.log)
.catch(console.error);
Common TXT Lookup Findings
No TXT records
Normal for some domains, but suspicious if your onboarding flow expects ownership proof or SPF.
Multiple verification tokens
Often normal for active SaaS usage. Review whether every vendor is still approved.
Duplicate SPF policies
More than one v=spf1 value is a configuration problem for SPF evaluation. Treat it separately from generic TXT inventory.
Stale vendor proof
A leftover token may indicate an abandoned integration, a failed migration, or unmanaged DNS changes.
TXT vs SPF, DMARC, DKIM, and Verification Records
TXT is the container, not the meaning. Several DNS workflows use TXT-like strings, but they are not interchangeable.
| Workflow | Where to look | Important boundary |
|---|---|---|
| Generic TXT inventory | TXT | Returns root-domain TXT strings from the documented response. |
| SPF | TXT | Filter values beginning with v=spf1. Full SPF validation needs recursive DNS and sender IP context. |
| DMARC | DMARC | WhoisJSON exposes a dedicated DMARC array in the DNS response; do not search root TXT only. |
| BIMI | BIMI | Returned separately from generic TXT in the documented response. |
| MTA-STS / TLS-RPT | MTASTS / TLSRPT | Returned as dedicated arrays for email transport-security review. |
| DKIM | Selector-specific TXT records | The documented endpoint does not provide DKIM selector discovery. You need known selectors for DKIM-specific checks. |
Bulk TXT Audits for Domain Portfolios
A TXT audit is useful when you manage many customer domains, SaaS tenants, acquired brands, or internal domain assets. One /nslookup request per domain returns TXT together with MX, DMARC, BIMI, MTA-STS, TLS-RPT and standard DNS records, so you can build a compact inventory without chaining many endpoint calls.
- Store the full TXT array and a timestamp so record changes can be reviewed later.
- Normalize case for matching, but keep the original value for evidence and debugging.
- Compare verification tokens with an allowlist of approved vendors.
- Treat an empty TXT array as a valid result, not as an API failure.
- Use bounded concurrency and retry only transient HTTP failures such as 429 or 5xx responses.
For production retry and backoff patterns, see the API rate limits and retries guide.
What a TXT Lookup Cannot Prove
FAQ
What is a TXT record lookup API?
It queries DNS TXT records for a domain and returns the published text values as structured JSON strings.
Which WhoisJSON endpoint returns TXT records?
Use GET /api/v1/nslookup with the domain query parameter, then read the TXT array from the JSON response.
Can I use TXT records to verify domain ownership?
Yes. A TXT lookup can confirm whether an expected verification token is present. Your application should compare the returned strings with the exact token it issued or expects.
Are SPF records TXT records?
Yes. SPF is published as a TXT value beginning with v=spf1. A TXT lookup retrieves the string, while full SPF validation requires additional evaluation logic.
Does WhoisJSON return DKIM records?
The documented DNS endpoint does not provide DKIM selector discovery. DKIM records are selector-specific TXT records, so a DKIM workflow needs known selectors.
Can I check TXT, MX, and DMARC together?
Yes. One /nslookup response can include TXT, MX, DMARC, BIMI, MTASTS, TLSRPT, and standard DNS records.
Conclusion
A TXT record lookup API turns one of the noisiest DNS record types into data your application can classify and monitor. Use /nslookup, read the TXT array, preserve the raw strings, and classify only the patterns that matter to your workflow.
Keep the boundary honest: WhoisJSON returns the published TXT values. Token validation, SPF evaluation, DKIM selector discovery, and vendor approval logic are application-layer decisions.
Check TXT records with WhoisJSON
Query TXT, MX, DMARC, BIMI, MTA-STS, TLS-RPT, and standard DNS records with one API key.
Check TXT RecordsView Documentation