Frequently Asked Questions

Every WHOIS response includes a normalized JSON object with:

• Domain name, registration status, and DNSSEC status
• Creation, expiration, and last-updated dates
• Registrar name, URL, email, and phone
• Nameserver list
• EPP status codes (clientTransferProhibited, etc.)
• Registrant, admin, and tech contacts (when publicly available)

Data is sourced from both legacy WHOIS servers and modern RDAP endpoints, then normalized into a consistent schema across all TLDs.

We support over 1,500 TLDs including all major extensions (.com, .net, .org, .io, .dev, .ai, etc.) as well as country-code TLDs (.fr, .de, .uk, .co.jp, etc.) and new gTLDs. Our system automatically routes queries to the correct WHOIS or RDAP server for each TLD.

Set the Authorization header to TOKEN=YOUR_API_KEY on every request. Your API key is available on your dashboard immediately after signing up. Example:

curl "https://whoisjson.com/api/v1/whois?domain=example.com" \
  -H "Authorization: TOKEN=YOUR_API_KEY"

The Remaining-Requests header in every response tells you how many requests you have left for the current billing period.

JSON is the default format and is available on all plans. You can request XML by adding ?format=xml as a query parameter (available on Pro plans and above). All responses are UTF-8 encoded.

All endpoints use the base URL https://whoisjson.com/api/v1 and the same authentication header:

• /whois?domain= — WHOIS lookup
• /nslookup?domain= — DNS records
• /domain-availability?domain= — Registration status
• /ssl-cert-check?domain= — SSL certificate details

See the full API documentation for detailed parameters and response schemas.

Yes, we provide official client libraries for the most popular languages:

• PHP — composer require whoisjson/whoisjson
• Python — pip install whoisjson
• Node.js — npm install @whoisjson/whoisjson

You can also use any HTTP client in any language — the API is a simple REST interface.

All WHOIS responses are cached for 3 hours to ensure fast response times and reduce load on upstream servers. On Pro plans and above, you can bypass the cache by adding ?_forceRefresh=1 to your request. A force-refresh costs 2x credits instead of 1.

The free plan includes everything you need to get started — no credit card required:

• 1,000 API requests per month (shared across all endpoints)
• Rate limit of 20 requests per minute
• JSON response format
• 1 domain monitoring slot
• 3-hour cache duration

Your free plan never expires. Sign up now and get your API key instantly.

All paid plans include JSON + XML formats, priority support, force-refresh, and additional domain monitoring slots. See the full pricing page for details.

Yes. You can change your plan at any time from your dashboard. Upgrades take effect immediately. There are no long-term contracts or commitments.

We accept payments via Stripe (all major credit and debit cards) and PayPal. All transactions are processed securely.

Rate limits are enforced per minute and depend on your plan:

If you exceed the rate limit, the API returns HTTP 429 with the message "Rate limit exceeded." Wait for the next minute window to resume.

When your monthly request quota is reached, the API returns HTTP 429 with the message "You have consumed all your requests." You can upgrade your plan at any time from your dashboard to increase your limit immediately.

Average response time is under 200ms for cached queries. Fresh WHOIS lookups typically complete in 300–800ms depending on the upstream registry. We maintain 99.9% uptime across multi-region infrastructure with automatic failover. Check our API status page for real-time and historical metrics.

Domain Monitoring watches your tracked domains and alerts you when it detects:

• WHOIS data changes (registrar, contacts, nameservers, status)
• DNS record modifications
• Domain expiration approaching
• SSL certificate expiration warnings

Checks run automatically and notifications are sent via email and your dashboard.

The number of monitored domains depends on your plan: Basic (free) includes 1 slot, Pro includes 5, Ultra includes 20, and Mega includes 50. Each slot includes all alert types. Need more? Contact us for a custom enterprise plan.

Yes. We fully support the RDAP protocol (Registration Data Access Protocol), which is the modern replacement for legacy WHOIS. Our system automatically queries RDAP endpoints when available and falls back to traditional WHOIS servers for older TLDs. All data handling complies with GDPR requirements — we only return information that is publicly available through official registry channels.

Since 2018, ICANN's Temporary Specification for gTLD Registration Data and GDPR regulations require registrars to redact personal information from public WHOIS records. When a registrar has applied privacy protections, the API returns "REDACTED FOR PRIVACY" for those specific fields. This is standard behavior and applies to all WHOIS services worldwide.