Free WHOIS API · RDAP-first · JSON

WHOIS API — structured JSON, RDAP-first, free tier.

Get the registrar, registration dates, nameservers, status codes, and registrant handle for any domain — in clean JSON, not regex-parsed text. RDAP-first with port-43 WHOIS fallback for legacy TLDs. No setup, no parsing.

Start free → See code examples Live sample (github.com)
1,000 free requests/mo No credit card required RDAP + port-43 fallback
Try it

See it work with any domain.

Type any domain to see the live WHOIS / RDAP response from the API. Free, no signup — rate-limited to 5 lookups/day per browser.

GET /domain/{d}/whois
Try: github.comstripe.comopenai.comapple.com 0 / 5 today 
// Click "Run lookup" to see the live API response for this endpoint
Want everything in one call?
Use /lookup/{domain} to get WHOIS + DNS + SSL + subdomains + email security in a single REST call. Same API key, same pricing, same response format — just bundled. Great for lead enrichment, fraud detection, full domain audits.
See the all-in-one endpoint →
Why this WHOIS API

RDAP-first, fallback-everywhere, JSON always.

Most WHOIS libraries return unstructured text you have to regex-parse, break on new TLDs, and force you to handle registry-specific quirks. This API does that work for you and gives back clean JSON.

RDAP-first protocol
Modern Registration Data Access Protocol (RDAP) is queried first. Returns structured data per registry: Verisign for .com/.net, PIR for .org, IdentityDigital for .info/.io, and registry-specific endpoints for ccTLDs.
Port-43 WHOIS fallback
Legacy TLDs that don't yet support RDAP (some ccTLDs, older registries) are queried via classic port-43 WHOIS. The response is normalized into the same JSON shape regardless of source.
No text parsing
Field names are normalized across registries. Registrar, created, updated, expires, nameservers, status — same keys every time. No registry-specific parsers in your code.
Cached for speed
Successful responses are cached in Redis for 1 hour to avoid hammering registry servers. Cached responses return in <100ms; fresh ones in 200-800ms depending on registry latency.
Works on all major TLDs
.com, .net, .org, .io, .ai, .dev, .app, .co, .me, .info, .biz, .us, .uk, .ca, .de, .fr, .nl, .au, and many more. Coverage expands as registries adopt RDAP.
Bundled with full domain intel
Get just WHOIS via /domain/{d}/whois, or grab WHOIS + DNS + SSL + subdomains + email security in a single /lookup/{d} call. Same API key, same pricing.
Response shape

Clean JSON. Normalized. Predictable.

Every WHOIS response follows the same shape, regardless of whether the data came from RDAP or port-43 fallback. Below: a real response for cloudflare.com.

GET /domain/cloudflare.com/whois 
{
  "domain": "cloudflare.com",
  "_source": "rdap.verisign.com",         // data source used
  "registrar": "Cloudflare, Inc.",
  "handle": "2241025_DOMAIN_COM-VRSN",
  "created": "2009-02-17T22:07:54Z",
  "updated": "2024-12-21T16:35:32Z",
  "expires": "2027-02-17T22:07:54Z",
  "nameservers": [
    "ns3.cloudflare.com",
    "ns4.cloudflare.com",
    "ns5.cloudflare.com",
    "ns6.cloudflare.com",
    "ns7.cloudflare.com"
  ],
  "status": [
    "clientDeleteProhibited",
    "clientTransferProhibited",
    "clientUpdateProhibited",
    "serverDeleteProhibited",
    "serverTransferProhibited",
    "serverUpdateProhibited"
  ]
}
Code examples

One line of HTTP. Any language.

Authenticate once with your RapidAPI key, then call GET /domain/{domain}/whois for any domain. Below: examples in cURL, Python, Node.js, and PHP.

curl "https://domain-intelligence-api.p.rapidapi.com/domain/cloudflare.com/whois" \
  -H "X-RapidAPI-Host: domain-intelligence-api.p.rapidapi.com" \
  -H "X-RapidAPI-Key: YOUR_RAPIDAPI_KEY"
import requests

domain = "cloudflare.com"
url = f"https://domain-intelligence-api.p.rapidapi.com/domain/{domain}/whois"
headers = {
    "X-RapidAPI-Host": "domain-intelligence-api.p.rapidapi.com",
    "X-RapidAPI-Key": "YOUR_RAPIDAPI_KEY",
}
r = requests.get(url, headers=headers, timeout=15)
data = r.json()
print(data["registrar"], "— expires", data["expires"])
// Node 18+ has built-in fetch — no import needed
const domain = "cloudflare.com";
const res = await fetch(
  `https://domain-intelligence-api.p.rapidapi.com/domain/${domain}/whois`,
  { headers: {
      "X-RapidAPI-Host": "domain-intelligence-api.p.rapidapi.com",
      "X-RapidAPI-Key": "YOUR_RAPIDAPI_KEY",
  }}
);
const data = await res.json();
console.log(data.registrar, "—", data.nameservers);
<?php
$domain = "cloudflare.com";
$ch = curl_init("https://domain-intelligence-api.p.rapidapi.com/domain/$domain/whois");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    "X-RapidAPI-Host: domain-intelligence-api.p.rapidapi.com",
    "X-RapidAPI-Key: YOUR_RAPIDAPI_KEY",
]);
$data = json_decode(curl_exec($ch), true);
curl_close($ch);
echo $data["registrar"] . " — created " . $data["created"];
Use cases

Common things people build with this WHOIS API.

The most common workflows that benefit from programmatic WHOIS access. Free tier covers most of them comfortably.

Domain ownership verification
Legal, brand, or M&A teams checking who owns a domain. Pull registrar + nameservers + creation date in one call to build an internal "domain ownership" dashboard or trigger a review when registration changes.
Sales lead enrichment
When a new lead enters your CRM, enrich the company domain with WHOIS data. Registration age signals company maturity; nameservers hint at tech stack (Cloudflare, AWS Route 53, Google Cloud DNS, etc.) for better segmentation.
Fraud and phishing detection
Freshly registered domains are a phishing red flag. Check the registration date of any domain users link to from your platform; flag or sandbox domains created in the last 30 days, or those with suspicious registrars.
Brand and trademark monitoring
Watch lookalike domain registrations against your brand. Combined with subdomain enumeration, you can detect newly created infrastructure mimicking your brand within days of registration.
Domain expiry tracking
Track the expiration of domains you care about — your own portfolio, competitors' domains, or domains in a backorder list. Run a daily script that alerts when expiry is within 30 days.
Abuse and compliance reporting
Trust & safety teams investigating abusive domains need the registrar (for abuse contact escalation) and registration status flags. Both come back in a single call, no manual registry-by-registry lookup.
Pricing

Pay only for what you use.

Billed monthly via RapidAPI. Same pricing across all endpoints (WHOIS, DNS, SSL, subdomains, email security, and the bundled /lookup). Cancel anytime.

BASIC
$0/mo
For evaluation, side projects, and low-volume monitoring.
  • 1,000 requests / month
  • All endpoints included
  • No credit card required
Start free
Most popular
PRO
$9.99/mo
For production apps doing real volume. Sweet spot for most teams.
  • 50,000 requests / month
  • Higher rate limits
  • Email support
Choose PRO
ULTRA
$39.99/mo
For SaaS platforms with embedded domain features.
  • 500,000 requests / month
  • SLA: 99.9% uptime
  • Priority support
Choose ULTRA
MEGA
$149.99/mo
For data platforms, security vendors, and high-volume workloads.
  • 5,000,000 requests / month
  • Highest concurrency
  • Dedicated support
Choose MEGA
FAQ

Frequently asked questions.

Quick answers to the things developers usually ask before integrating.

Is your WHOIS API free?+
Yes. The free tier includes 1,000 requests per month with no credit card required. Paid tiers start at $9.99/mo for 50,000 requests if you need higher volume.
What is the difference between RDAP and WHOIS?+
RDAP (Registration Data Access Protocol) is the modern successor to legacy WHOIS. RDAP returns structured JSON, supports authentication and rate limiting, and is officially adopted by ICANN. Legacy WHOIS returns unstructured text over port 43. Our API uses RDAP first and falls back to port-43 WHOIS for TLDs that don't support RDAP — you get the same JSON shape either way.
Which TLDs are supported?+
All major TLDs (.com, .net, .org, .io, .ai, .dev, .app, .co, .me, .info, .biz, etc.) are supported via RDAP. Many ccTLDs (.uk, .de, .fr, .nl, .au, .ca, .us) and legacy TLDs are covered via port-43 WHOIS fallback. The API handles registry-specific quirks like Verisign for .com/.net, Public Interest Registry for .org, and IdentityDigital for .info/.io automatically.
Can I get the registrant email and phone?+
Mostly no — and not because of our API. Since GDPR (2018) and the ICANN Temporary Specification, registrars redact personally identifiable information from public WHOIS/RDAP records by default. Our API returns whatever the registry publishes; if PII is available it's included, if redacted we return what's published. For PII access you'd need to file a formal request with the registrar's abuse contact.
How fresh is the WHOIS data?+
Live by default. Each request triggers a fresh RDAP query (or port-43 WHOIS fallback) against the authoritative registry. We cache successful responses for 1 hour to reduce upstream load and improve response time, but the data you receive is at most 1 hour stale and typically minutes-fresh for the first caller of a given domain.
What's the rate limit?+
Rate limits depend on your plan. Free tier: 1,000 requests per month. Pro: 50,000 per month. Ultra: 500,000 per month. Mega: 5,000,000 per month. Per-second rate limits are generous on all tiers (the monthly request count is the meaningful constraint, not per-second throughput).
Do I need to parse text responses?+
No. The API always returns clean JSON regardless of whether it used RDAP or port-43 WHOIS internally. Field names are normalized across registries — you get the same response shape for a .com domain as for a .info or .io domain. No regex parsing, no registry-specific code paths.
How does this compare to WhoisXMLAPI, DomainTools, or JsonWHOIS?+
All four return WHOIS data. The meaningful differences: pricing (we have a real free tier with no card required; DomainTools starts at $99/mo, WhoisXMLAPI's free tier is heavily limited), modernness (RDAP-first vs legacy WHOIS-only), and bundling (our /lookup endpoint also returns DNS, SSL, subdomains, and email security in the same call). Best fit depends on your volume and whether you need WHOIS alone or full domain intelligence.

Ship a WHOIS feature this afternoon.

Free tier · No credit card · All endpoints included

Get your API key →