{
  "openapi": "3.0.3",
  "info": {
    "title": "WhoisJSON API",
    "description": "### Making requests\nWhoisJSON.com provides RESTful APIs designed for server-to-server communication using HTTPS. Responses are delivered in JSON or XML format.\n\nTo get started, create a free developer account at [whoisjson.com](https://whoisjson.com). The first **1,000 requests/month** are included at no cost.\n\n> It may take up to one minute for your account to activate after registration.\n\nBase URL: `https://whoisjson.com/api/v1`\n\n### Authentication\nSet the `Authorization` header to `TOKEN=<YOUR_API_KEY>` on every request.\n\n```\nAuthorization: TOKEN=abc123yourapikey\n```\n\n### Quota header\nEvery response includes a `Remaining-Requests` header with the number of API calls left in your current billing period:\n\n```\nRemaining-Requests: 452\n```\n\n### HTTP status codes\n| Code | Meaning | Reason |\n|------|---------|--------|\n| `200` | OK | Successful operation |\n| `400` | Bad Request | Missing or invalid query parameter |\n| `401` | Unauthorized | API key is missing or invalid |\n| `403` | Forbidden | Email address not validated |\n| `429` | Too Many Requests | Usage or rate limit exceeded |\n| `500` | Internal Server Error | Unexpected server-side error |\n\n### Useful links\n- [OpenAPI Specification](https://whoisjson.com/openapi.json) — machine-readable OpenAPI 3.0 JSON spec\n- [Full documentation](https://whoisjson.com/documentation)\n- [Terms of service](https://whoisjson.com/terms-of-service)\n- [Contact us](https://whoisjson.com/contact-us)",
    "version": "1.0.0"
  },
  "servers": [
    {
      "url": "https://whoisjson.com/api/v1",
      "description": "Production"
    }
  ],
  "tags": [
    {
      "name": "WHOIS",
      "description": "Domain registration data, ownership, and registrar information"
    },
    {
      "name": "DNS",
      "description": "DNS record queries — A, AAAA, MX, TXT, NS, SOA, CAA, DMARC, and more"
    },
    {
      "name": "SSL",
      "description": "TLS/SSL certificate inspection and validation"
    },
    {
      "name": "Domain",
      "description": "Domain availability checks and subdomain discovery"
    },
    {
      "name": "Security",
      "description": "Signup domain risk scoring and email domain intelligence"
    },
    {
      "name": "IP",
      "description": "Reverse WHOIS lookup from an IP address"
    }
  ],
  "paths": {
    "/whois": {
      "get": {
        "tags": ["WHOIS"],
        "summary": "Retrieve full WHOIS record for a domain",
        "description": "Returns the complete WHOIS record for a domain name: registrar details, registration and expiry dates, nameservers, registrant/admin/tech contacts, DNSSEC status, and EPP status flags.\n\nWhen data is sourced via RDAP, the response also includes enriched fields:\n- `statusAnalysis` — parsed EPP flags (transfer lock, delete lock, etc.)\n- `nsAnalysis` — nameserver infrastructure summary (provider detection, self-hosted flag, mixed infrastructure)\n- `age` — domain age in days/months/years with risk indicators (`isNewlyRegistered`, `isYoung`)\n- `expiration` — days until expiry and boolean `isExpiringSoon` / `isExpired` flags",
        "operationId": "getWhois",
        "parameters": [
          {
            "name": "domain",
            "in": "query",
            "description": "The domain name to look up (e.g. `example.com`). Do not include protocol or path.",
            "required": true,
            "schema": {
              "type": "string",
              "default": "whoisjson.com"
            }
          },
          {
            "name": "format",
            "in": "query",
            "description": "Response format. Use `json` (default) for JSON output or `xml` for XML output.",
            "required": false,
            "schema": {
              "type": "string",
              "default": "json",
              "enum": ["json", "xml"]
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful operation",
            "headers": {
              "Remaining-Requests": { "$ref": "#/components/headers/RemainingRequests" }
            },
            "content": {
              "application/json": {
                "schema": { "$ref": "#/components/schemas/Whois" }
              },
              "application/xml": {
                "schema": { "$ref": "#/components/schemas/Whois" }
              }
            }
          },
          "400": { "$ref": "#/components/responses/BadRequest" },
          "401": { "$ref": "#/components/responses/Unauthorized" },
          "403": { "$ref": "#/components/responses/Forbidden" },
          "429": { "$ref": "#/components/responses/TooManyRequests" },
          "500": { "$ref": "#/components/responses/InternalServerError" }
        }
      }
    },
    "/reverseWhois": {
      "get": {
        "tags": ["IP"],
        "summary": "Retrieve WHOIS data for an IP address",
        "description": "Returns WHOIS information associated with an IPv4 address. Useful for identifying the organization that owns an IP block, retrieving abuse contact details, and correlating IP infrastructure with domain registration data.",
        "operationId": "getReverseWhois",
        "parameters": [
          {
            "name": "ip",
            "in": "query",
            "description": "The IPv4 address to look up (e.g. `8.8.8.8`).",
            "required": true,
            "schema": {
              "type": "string",
              "default": "8.8.8.8"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful operation",
            "headers": {
              "Remaining-Requests": { "$ref": "#/components/headers/RemainingRequests" }
            },
            "content": {
              "application/json": {
                "schema": { "$ref": "#/components/schemas/Whois" }
              },
              "application/xml": {
                "schema": { "$ref": "#/components/schemas/Whois" }
              }
            }
          },
          "400": { "$ref": "#/components/responses/BadRequest" },
          "401": { "$ref": "#/components/responses/Unauthorized" },
          "403": { "$ref": "#/components/responses/Forbidden" },
          "429": { "$ref": "#/components/responses/TooManyRequests" },
          "500": { "$ref": "#/components/responses/InternalServerError" }
        }
      }
    },
    "/nslookup": {
      "get": {
        "tags": ["DNS"],
        "summary": "Retrieve all DNS records for a domain",
        "description": "Returns all active DNS records for a domain in a single call. Covered record types: `A`, `AAAA`, `CNAME`, `MX`, `NS`, `TXT`, `SOA`, `CAA`, `DMARC`, `BIMI`, `MTASTS`, and `TLSRPT`.\n\nUseful for email deliverability audits (SPF, DKIM, DMARC), security assessments (CAA, MTA-STS), and DNS infrastructure analysis.",
        "operationId": "getDnsRecords",
        "parameters": [
          {
            "name": "domain",
            "in": "query",
            "description": "The domain name to query (e.g. `example.com`). Do not include protocol or path.",
            "required": true,
            "schema": {
              "type": "string",
              "default": "whoisjson.com"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful operation",
            "headers": {
              "Remaining-Requests": { "$ref": "#/components/headers/RemainingRequests" }
            },
            "content": {
              "application/json": {
                "schema": { "$ref": "#/components/schemas/Nslookup" }
              },
              "application/xml": {
                "schema": { "$ref": "#/components/schemas/Nslookup" }
              }
            }
          },
          "400": { "$ref": "#/components/responses/BadRequest" },
          "401": { "$ref": "#/components/responses/Unauthorized" },
          "403": { "$ref": "#/components/responses/Forbidden" },
          "429": { "$ref": "#/components/responses/TooManyRequests" },
          "500": { "$ref": "#/components/responses/InternalServerError" }
        }
      }
    },
    "/ssl-cert-check": {
      "get": {
        "tags": ["SSL"],
        "summary": "Retrieve SSL/TLS certificate details for a domain",
        "description": "Fetches and validates the TLS certificate currently served by the domain. Returns issuer (O, CN), validity window (`valid_from` / `valid_to`), a boolean `valid` field, Subject Alternative Names (SANs), key size, and fingerprints (SHA-1, SHA-256, SHA-512).\n\nUse this endpoint to monitor certificate expiry, verify issuer trust, and audit SAN coverage.",
        "operationId": "getSslCertCheck",
        "parameters": [
          {
            "name": "domain",
            "in": "query",
            "description": "The domain name for which to retrieve the SSL certificate details (e.g. `example.com`).",
            "required": true,
            "schema": {
              "type": "string",
              "default": "whoisjson.com"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful operation",
            "headers": {
              "Remaining-Requests": { "$ref": "#/components/headers/RemainingRequests" }
            },
            "content": {
              "application/json": {
                "schema": { "$ref": "#/components/schemas/SSL-Cert-Check" }
              },
              "application/xml": {
                "schema": { "$ref": "#/components/schemas/SSL-Cert-Check" }
              }
            }
          },
          "400": { "$ref": "#/components/responses/BadRequest" },
          "401": { "$ref": "#/components/responses/Unauthorized" },
          "403": { "$ref": "#/components/responses/Forbidden" },
          "429": { "$ref": "#/components/responses/TooManyRequests" },
          "500": { "$ref": "#/components/responses/InternalServerError" }
        }
      }
    },
    "/subdomains": {
      "get": {
        "tags": ["Domain"],
        "summary": "Discover active subdomains for a domain",
        "description": "Discovers active subdomains by running parallel DNS brute-force against 800+ common subdomain patterns. Automatically detects and filters wildcard DNS responses to avoid false positives. Returns each live subdomain with its record type (`A` or `CNAME`) and all resolved IP addresses.\n\nUseful for attack surface mapping, asset discovery, and infrastructure audits.",
        "operationId": "getSubdomains",
        "parameters": [
          {
            "name": "domain",
            "in": "query",
            "description": "The domain name to scan for subdomains (e.g. `example.com`).",
            "required": true,
            "schema": {
              "type": "string",
              "default": "discord.com"
            }
          },
          {
            "name": "format",
            "in": "query",
            "description": "Response format. Use `json` (default) for JSON output or `xml` for XML output.",
            "required": false,
            "schema": {
              "type": "string",
              "enum": ["json", "xml"],
              "default": "json"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful operation",
            "headers": {
              "Remaining-Requests": { "$ref": "#/components/headers/RemainingRequests" }
            },
            "content": {
              "application/json": {
                "schema": { "$ref": "#/components/schemas/SubdomainDiscovery" }
              }
            }
          },
          "400": { "$ref": "#/components/responses/BadRequest" },
          "401": { "$ref": "#/components/responses/Unauthorized" },
          "403": { "$ref": "#/components/responses/Forbidden" },
          "429": { "$ref": "#/components/responses/TooManyRequests" },
          "500": { "$ref": "#/components/responses/InternalServerError" }
        }
      }
    },
    "/domain-availability": {
      "get": {
        "tags": ["Domain"],
        "summary": "Check if a domain name is available for registration",
        "description": "Checks whether a domain name is currently available for registration by querying live WHOIS data. Returns a boolean `available` field alongside the queried domain name.\n\nSuitable for domain research tools, bulk availability workflows, and automated naming pipelines.",
        "operationId": "getDomainAvailability",
        "parameters": [
          {
            "name": "domain",
            "in": "query",
            "description": "The domain name to check for availability (e.g. `example.com`).",
            "required": true,
            "schema": {
              "type": "string",
              "default": "example.com"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful operation",
            "headers": {
              "Remaining-Requests": { "$ref": "#/components/headers/RemainingRequests" }
            },
            "content": {
              "application/json": {
                "schema": { "$ref": "#/components/schemas/DomainAvailability" }
              }
            }
          },
          "400": { "$ref": "#/components/responses/BadRequest" },
          "401": { "$ref": "#/components/responses/Unauthorized" },
          "403": { "$ref": "#/components/responses/Forbidden" },
          "429": { "$ref": "#/components/responses/TooManyRequests" },
          "500": { "$ref": "#/components/responses/InternalServerError" }
        }
      }
    },
    "/domain/email-intelligence": {
      "get": {
        "tags": ["Security"],
        "summary": "Score the domain behind a signup email",
        "description": "Evaluates the domain behind an email address or domain name using WHOIS/RDAP and DNS signals. Returns a risk score, domain category (`business`, `freemail`, `disposable`), explicit signals, recommendation, and routing action.\n\nThis endpoint does **not** verify mailbox existence, SMTP deliverability, or whether an email address can receive messages.",
        "operationId": "emailDomainIntelligence",
        "parameters": [
          {
            "name": "domain",
            "in": "query",
            "description": "Domain name to evaluate. Takes priority over `email` when both are provided.",
            "required": false,
            "schema": { "type": "string", "example": "example.com" }
          },
          {
            "name": "email",
            "in": "query",
            "description": "Email address whose domain should be evaluated. The local mailbox is never checked.",
            "required": false,
            "schema": { "type": "string", "example": "user@example.com" }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful domain intelligence response",
            "headers": {
              "Remaining-Requests": { "$ref": "#/components/headers/RemainingRequests" }
            },
            "content": {
              "application/json": {
                "schema": { "$ref": "#/components/schemas/EmailDomainIntelligence" }
              }
            }
          },
          "400": { "$ref": "#/components/responses/BadRequest" },
          "401": { "$ref": "#/components/responses/Unauthorized" },
          "403": { "$ref": "#/components/responses/Forbidden" },
          "429": { "$ref": "#/components/responses/TooManyRequests" },
          "500": { "$ref": "#/components/responses/InternalServerError" }
        }
      }
    }
  },
  "components": {
    "headers": {
      "RemainingRequests": {
        "description": "Number of API requests remaining in the current billing period.",
        "schema": {
          "type": "integer",
          "example": 452
        }
      }
    },
    "responses": {
      "BadRequest": {
        "description": "Bad Request — the query parameter is missing or invalid.",
        "content": {
          "application/json": {
            "schema": { "$ref": "#/components/schemas/Error" },
            "example": { "error": "Invalid domain name." }
          }
        }
      },
      "Unauthorized": {
        "description": "Unauthorized — API key is missing or invalid.",
        "content": {
          "application/json": {
            "schema": { "$ref": "#/components/schemas/Error" },
            "example": { "error": "Invalid or missing API key." }
          }
        }
      },
      "Forbidden": {
        "description": "Forbidden — email address not validated.",
        "content": {
          "application/json": {
            "schema": { "$ref": "#/components/schemas/Error" },
            "example": { "error": "Please validate your email address." }
          }
        }
      },
      "TooManyRequests": {
        "description": "Too Many Requests — usage or rate limit exceeded.",
        "headers": {
          "Remaining-Requests": { "$ref": "#/components/headers/RemainingRequests" }
        },
        "content": {
          "application/json": {
            "schema": { "$ref": "#/components/schemas/Error" },
            "example": { "error": "Monthly quota exceeded." }
          }
        }
      },
      "InternalServerError": {
        "description": "Internal Server Error — unexpected server-side error.",
        "content": {
          "application/json": {
            "schema": { "$ref": "#/components/schemas/Error" },
            "example": { "error": "Internal server error." }
          }
        }
      }
    },
    "schemas": {
      "Error": {
        "type": "object",
        "properties": {
          "error": {
            "type": "string",
            "example": "Invalid domain name."
          }
        }
      },
      "Whois": {
        "type": "object",
        "properties": {
          "server": {
            "type": "string",
            "example": "delta"
          },
          "name": {
            "type": "string",
            "example": "whoisjson.com"
          },
          "idnName": {
            "type": "string",
            "example": "whoisjson.com"
          },
          "status": {
            "type": "array",
            "items": {
              "type": "string",
              "example": "clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited"
            }
          },
          "statusAnalysis": {
            "type": "object",
            "nullable": true,
            "description": "Only present when source = rdap",
            "properties": {
              "clientDeleteProhibited": { "type": "boolean" },
              "clientTransferProhibited": { "type": "boolean" },
              "clientUpdateProhibited": { "type": "boolean" },
              "serverDeleteProhibited": { "type": "boolean" },
              "serverTransferProhibited": { "type": "boolean" },
              "serverUpdateProhibited": { "type": "boolean" },
              "isActive": { "type": "boolean" },
              "isOnHold": { "type": "boolean" },
              "isPendingDelete": { "type": "boolean" },
              "isPendingTransfer": { "type": "boolean" },
              "isRedemptionPeriod": { "type": "boolean" }
            }
          },
          "nameserver": {
            "type": "array",
            "items": {
              "type": "string",
              "example": "dns200.anycast.me"
            }
          },
          "nsAnalysis": {
            "type": "object",
            "nullable": true,
            "description": "DNS nameserver infrastructure analysis. Only present when source = rdap and nameservers are available.",
            "properties": {
              "count": {
                "type": "integer",
                "description": "Total number of nameservers declared in RDAP."
              },
              "list": {
                "type": "array",
                "description": "Normalized list of nameservers (lowercase FQDN).",
                "items": {
                  "type": "string",
                  "example": "ns1.cloudflare.com"
                }
              },
              "detectedProviders": {
                "type": "array",
                "description": "Recognized DNS providers based on pattern matching. This list is informational and may not reflect all real infrastructure providers.",
                "items": {
                  "type": "string",
                  "example": "cloudflare"
                }
              },
              "detectedProviderCount": {
                "type": "integer",
                "description": "Number of recognized DNS providers detected via pattern matching."
              },
              "uniqueNsDomains": {
                "type": "integer",
                "description": "Number of distinct registrable domains across all nameservers. Reflects real DNS infrastructure diversity."
              },
              "mixedInfrastructure": {
                "type": "boolean",
                "description": "True when nameservers belong to multiple distinct registrable domains, indicating distributed DNS infrastructure."
              },
              "singleInfrastructure": {
                "type": "boolean",
                "description": "True when all nameservers belong to a single registrable domain, indicating centralized DNS infrastructure."
              },
              "selfHosted": {
                "type": "boolean",
                "description": "True when at least one nameserver is under the same registrable domain as the queried domain (e.g., ns1.example.com for example.com). Indicates potential self-managed DNS."
              }
            }
          },
          "ips": {
            "type": "string",
            "example": "62.210.113.88"
          },
          "created": {
            "type": "string",
            "example": "2016-12-01 09:28:12"
          },
          "changed": {
            "type": "string",
            "example": "2021-12-02 00:13:57"
          },
          "expires": {
            "type": "string",
            "example": "2022-12-01 10:28:12"
          },
          "age": {
            "type": "object",
            "nullable": true,
            "description": "Only present when source = rdap",
            "properties": {
              "days": { "type": "integer" },
              "months": { "type": "integer" },
              "years": { "type": "integer" },
              "isNewlyRegistered": {
                "type": "boolean",
                "description": "True when the domain creation date is 30 days old or less. Used as a high-risk indicator for newly registered domains."
              },
              "isYoung": {
                "type": "boolean",
                "description": "True when the domain creation date is 365 days old or less. Indicates relatively recent domain registration."
              }
            }
          },
          "expiration": {
            "type": "object",
            "nullable": true,
            "description": "Only present when source = rdap",
            "properties": {
              "daysLeft": { "type": "integer" },
              "isExpiringSoon": { "type": "boolean" },
              "isExpired": { "type": "boolean" }
            }
          },
          "registered": {
            "type": "boolean",
            "example": true
          },
          "dnssec": {
            "type": "string",
            "example": "signedDelegation"
          },
          "whoisserver": {
            "type": "string",
            "example": "whois.ovh.com"
          },
          "contacts": {
            "type": "object",
            "properties": {
              "owner": {
                "type": "array",
                "items": { "$ref": "#/components/schemas/Contact" }
              },
              "admin": {
                "type": "array",
                "items": { "$ref": "#/components/schemas/Contact" }
              },
              "tech": {
                "type": "array",
                "items": { "$ref": "#/components/schemas/Contact" }
              }
            }
          },
          "registrar": {
            "type": "object",
            "properties": {
              "id": { "type": "string", "example": "433" },
              "name": { "type": "string", "example": "OVH, SAS" },
              "email": { "type": "string", "example": "abuse@ovh.net" },
              "url": { "type": "string", "example": "https://www.ovh.com" },
              "phone": { "type": "string", "example": "+33.972101007" }
            }
          },
          "rawdata": {
            "type": "array",
            "items": { "type": "string" }
          },
          "network": { "type": "string" },
          "exception": { "type": "string" },
          "parsedContacts": { "type": "boolean", "example": true },
          "ask_whois": { "type": "string", "example": "whois.ovh.com" },
          "source": { "type": "string", "example": "whois | rdap" }
        }
      },
      "Contact": {
        "type": "object",
        "properties": {
          "handle": { "type": "string" },
          "type": { "type": "string" },
          "name": { "type": "string" },
          "organization": { "type": "string" },
          "email": { "type": "string" },
          "address": { "type": "string" },
          "zipcode": { "type": "string" },
          "city": { "type": "string" },
          "state": { "type": "string" },
          "country": { "type": "string" },
          "phone": { "type": "string" },
          "fax": { "type": "string" },
          "created": { "type": "string" },
          "changed": { "type": "string" }
        }
      },
      "Nslookup": {
        "type": "object",
        "properties": {
          "A": {
            "type": "array",
            "items": { "type": "string", "example": "188.114.96.2" }
          },
          "AAAA": {
            "type": "array",
            "items": { "type": "string", "example": "2a06:98c1:3120::2" }
          },
          "CAA": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "flags": {
                  "type": "integer",
                  "example": 0,
                  "description": "CAA record flags (0 for non-critical, 128 for critical)."
                },
                "tag": {
                  "type": "string",
                  "example": "issue",
                  "description": "CAA tag: issue, issuewild, or iodef."
                },
                "value": {
                  "type": "string",
                  "example": "letsencrypt.org",
                  "description": "Value associated with the CAA tag."
                }
              }
            }
          },
          "CNAME": {
            "type": "array",
            "items": { "type": "string", "example": "example.whoisjson.com" }
          },
          "MX": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "exchange": { "type": "string", "example": "mailstream-central.mxrecord.mx" },
                "priority": { "type": "integer", "example": 20 }
              }
            }
          },
          "NS": {
            "type": "array",
            "items": { "type": "string", "example": "fish.ns.cloudflare.com" }
          },
          "SOA": {
            "type": "object",
            "properties": {
              "nsname": { "type": "string", "example": "fish.ns.cloudflare.com" },
              "hostmaster": { "type": "string", "example": "dns.cloudflare.com" },
              "serial": { "type": "integer", "example": 2287007851 },
              "refresh": { "type": "integer", "example": 10000 },
              "retry": { "type": "integer", "example": 2400 },
              "expire": { "type": "integer", "example": 604800 },
              "minttl": { "type": "integer", "example": 3600 }
            }
          },
          "TXT": {
            "type": "array",
            "items": { "type": "string", "example": "v=spf1 include:_spf.google.com ~all" }
          },
          "DMARC": {
            "type": "array",
            "items": { "type": "string", "example": "v=DMARC1; p=reject; rua=mailto:dmarc-reports@whoisjson.com" }
          },
          "BIMI": {
            "type": "array",
            "items": { "type": "string", "example": "v=BIMI1; l=https://whoisjson.com/logo.svg; a=self" }
          },
          "MTASTS": {
            "type": "array",
            "items": { "type": "string", "example": "v=STSv1; id=20250301000000Z" }
          },
          "TLSRPT": {
            "type": "array",
            "items": { "type": "string", "example": "v=TLSRPTv1; rua=mailto:tls-reports@whoisjson.com" }
          }
        }
      },
      "SSL-Cert-Check": {
        "type": "object",
        "properties": {
          "domain": { "type": "string", "example": "whoisjson.com" },
          "issuer": {
            "type": "object",
            "properties": {
              "C": { "type": "string", "example": "US" },
              "O": { "type": "string", "example": "Let's Encrypt" },
              "CN": { "type": "string", "example": "R3" }
            }
          },
          "valid_from": { "type": "string", "example": "2024-04-01T12:58:12.000Z" },
          "valid_to": { "type": "string", "example": "2024-06-30T12:58:11.000Z" },
          "valid": { "type": "boolean", "example": true },
          "details": {
            "type": "object",
            "properties": {
              "subject": {
                "type": "object",
                "properties": {
                  "CN": { "type": "string", "example": "whoisjson.com" }
                }
              },
              "issuer": {
                "type": "object",
                "properties": {
                  "C": { "type": "string", "example": "US" },
                  "O": { "type": "string", "example": "Let's Encrypt" },
                  "CN": { "type": "string", "example": "R3" }
                }
              },
              "subjectaltname": { "type": "string", "example": "DNS:whoisjson.com, DNS:www.whoisjson.com" },
              "ca": { "type": "boolean", "example": false },
              "modulus": { "type": "string", "example": "D614368313A15BF69116B613C8632E..." },
              "bits": { "type": "integer", "example": 2048 },
              "exponent": { "type": "string", "example": "65537" },
              "pubkey": {
                "type": "object",
                "properties": {
                  "type": { "type": "string", "example": "Buffer" },
                  "data": { "type": "array", "items": { "type": "integer" } }
                }
              },
              "valid_from": { "type": "string", "example": "Apr  1 12:58:12 2024 GMT" },
              "valid_to": { "type": "string", "example": "Jun 30 12:58:11 2024 GMT" },
              "fingerprint": { "type": "string", "example": "33:9F:69:28:A0:88:62:C7:80:EB:D5:A5:06:8C:97:0A:87:35:AF:BE" },
              "fingerprint256": { "type": "string", "example": "85:70:14:19:D2:F6:ED:7A:9E:22:1C..." },
              "fingerprint512": { "type": "string", "example": "13:0F:5C:96:BD:D9:6F:24:A7:F3:C9:36..." },
              "ext_key_usage": {
                "type": "array",
                "items": { "type": "string", "example": "1.3.6.1.5.5.7.3.1" }
              },
              "serialNumber": { "type": "string", "example": "03213ECA313DE36923BDF7C3FFB02AFA12ED" },
              "raw": {
                "type": "object",
                "properties": {
                  "type": { "type": "string", "example": "Buffer" },
                  "data": { "type": "array", "items": { "type": "integer" } }
                }
              }
            }
          }
        }
      },
      "DomainAvailability": {
        "type": "object",
        "properties": {
          "domain": { "type": "string", "example": "example.com" },
          "available": { "type": "boolean", "example": true }
        }
      },
      "SubdomainDiscovery": {
        "type": "object",
        "properties": {
          "domain": { "type": "string", "example": "discord.com" },
          "wildcard_detected": { "type": "boolean", "example": false },
          "wildcard_ip": {
            "type": "array",
            "description": "Only present when wildcard_detected is true.",
            "items": { "type": "string" }
          },
          "total_found": { "type": "integer", "example": 8 },
          "scan_time_ms": { "type": "integer", "example": 845 },
          "subdomains": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "subdomain": { "type": "string", "example": "canary.discord.com" },
                "type": { "type": "string", "enum": ["A", "CNAME"], "example": "A" },
                "ips": {
                  "type": "array",
                  "items": { "type": "string" },
                  "example": ["162.159.138.232", "162.159.128.233"]
                },
                "status": { "type": "string", "example": "active" }
              }
            }
          }
        }
      },
      "EmailDomainIntelligence": {
        "type": "object",
        "properties": {
          "domain": { "type": "string", "example": "example.com" },
          "domainCategory": {
            "type": "string",
            "enum": ["business", "freemail", "disposable", "unknown"],
            "example": "business"
          },
          "riskScore": { "type": "integer", "minimum": 0, "maximum": 100, "example": 25 },
          "riskLevel": { "type": "string", "enum": ["low", "medium", "high", "critical"], "example": "medium" },
          "recommendation": { "type": "string", "enum": ["accept", "review", "reject"], "example": "review" },
          "routing": {
            "type": "object",
            "properties": {
              "suggestedAction": {
                "type": "string",
                "enum": ["allow", "verify_email", "step_up_verification", "require_business_email", "manual_review", "block"],
                "example": "verify_email"
              },
              "confidence": { "type": "string", "enum": ["low", "medium", "high"], "example": "medium" }
            }
          },
          "signals": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "code": { "type": "string", "example": "DOMAIN_AGE_LT_30_DAYS" },
                "severity": { "type": "string", "example": "high" },
                "scoreImpact": { "type": "integer", "example": 30 },
                "message": { "type": "string" }
              }
            }
          },
          "checks": { "type": "object" },
          "meta": {
            "type": "object",
            "properties": {
              "scoringVersion": { "type": "string", "example": "2026-07-06" },
              "cached": { "type": "boolean" },
              "skippedLookups": { "type": "boolean" }
            }
          }
        }
      }
    },
    "securitySchemes": {
      "ApiKeyAuth": {
        "type": "apiKey",
        "name": "Authorization",
        "in": "header",
        "description": "Use `TOKEN=YOUR_API_KEY` as the Authorization header value."
      }
    }
  },
  "security": [
    { "ApiKeyAuth": [] }
  ]
}
