Get transfer-out auth code
GET /v1/domain-purchases/:id/auth-code — EPP/auth code for transferring the domain to another registrar.
GET /v1/domain-purchases/:id/auth-codeReturns the EPP/auth code the end-user needs to transfer the domain to another registrar (GoDaddy, Cloudflare, wherever they want).
Sensitive — treat the response like a password. Anyone with the auth code can move the domain out. Don't log it, don't store it, hand it to the end-user securely.
Request
curl https://api.domainee.dev/v1/domain-purchases/f8a0c1b9-…/auth-code \
-H "Authorization: Bearer $DOMAINEE_API_KEY"Response — 200 OK
{
"hostname": "janesbakery.com",
"authCode": "X8k!Q2pZv9Mn"
}Errors
| Code | Status | When |
|---|---|---|
not_found | 404 | Purchase doesn't exist in this workspace. |
| Registrar error | 502 | Some TLDs require the auth code be emailed to the registrant; Namecheap may decline to surface it via API for those. Surface the registrar's error in your UI. |
What happens after you hand it over
- Your end-user takes the auth code to the destination registrar.
- They initiate a transfer-in. The destination registrar contacts our registrar to verify the code.
- ICANN sends an email to the listed registrant asking them to approve the transfer (5-day window).
- If approved, the domain leaves Domainee's reseller account and moves to the destination. We mark our purchase row but the underlying domain is no longer managed here.
Side effects
- No charge.
- No DB write.
- The auth code is not cached — every call hits the registrar fresh.
Notes
- Most registrars require the domain to be unlocked before transfer. Namecheap defaults new domains to locked; you'll need to add an unlock-domain helper (or have the user email support) before transfer.
- This is the "escape hatch" — every customer of every SaaS deserves it. Even if you never expect anyone to transfer out, exposing this endpoint builds the trust that "I really do own this domain".