Domainee
Sign inGet started

RDAP

RDAP is the modern, REST/JSON replacement for WHOIS. Same domain registration data, parseable format, with auth and rate limits built in.

RDAP (Registration Data Access Protocol) is the modern replacement for the WHOIS protocol. It serves the same data (who registered a domain, when, with which registrar) but over HTTPS, in JSON, with authentication and rate-limiting built into the protocol.

Defined in RFCs 7480-7484, mandated by ICANN for all gTLDs since 2017.

The basic request

GET https://rdap.verisign.com/com/v1/domain/example.com
Accept: application/rdap+json

Response:

{
  "objectClassName": "domain",
  "handle": "...",
  "ldhName": "EXAMPLE.COM",
  "events": [
    { "eventAction": "registration", "eventDate": "1995-08-14T04:00:00Z" },
    { "eventAction": "expiration", "eventDate": "2026-08-13T04:00:00Z" }
  ],
  "nameservers": [
    { "ldhName": "a.iana-servers.net" }
  ],
  "status": ["client delete prohibited", "client transfer prohibited"]
}

Parseable. Standardized fields. No regex needed.

How discovery works

You don't memorize the RDAP URL for each TLD. You use the bootstrap registry at https://data.iana.org/rdap/dns.json. It maps each TLD to the RDAP base URL:

{
  "services": [
    [["com", "net"], ["https://rdap.verisign.com/com/v1/"]],
    [["org"], ["https://rdap.publicinterestregistry.org/rdap/"]],
    [["io"], ["https://rdap.identitydigital.services/rdap/"]],
    ...
  ]
}

Cache it for a day. Hit the right server for the TLD.

What it returns vs WHOIS

Both are subject to the same GDPR-driven redactions. Registrant contact details are usually hidden for individuals in the EU. RDAP, unlike WHOIS, can signal redaction explicitly in the response ("remarks": [{ "type": "object redacted due to authorization." }]), which is parser-friendly.

For authenticated queries (registrars, law enforcement), RDAP supports OAuth2-style authorization to unlock the redacted fields. WHOIS had no such mechanism.

Practical use in a SaaS

Two common needs:

  1. Domain availability check. RDAP returns 404 for unregistered domains. Hit RDAP first; fall back to WHOIS if the TLD's RDAP isn't up to date.
  2. Expiry tracking. Parse events[].eventDate where eventAction == "expiration". Trigger renewal reminders.

Most registrar APIs (Namecheap, Cloudflare, GoDaddy) wrap RDAP and WHOIS into a single domain-info endpoint. If you're integrated with a registrar, use their API. If you need cross-registrar lookups (e.g., for marketplace features), use RDAP with WHOIS fallback.

Want this handled for you? Start free with Domainee — 50 custom domains + 100 GB bandwidth, no card.