FREE TIER · 27 ENDPOINTS · NO CARD

DomainScan API — one REST surface for WHOIS, DNS, IP intelligence, SSL, security headers, email auth and AI-powered analysis.

Every tool on DomainScan is exposed as a JSON REST endpoint. Authenticate with a bearer token (or call anonymously with reduced quota), pass a query string, get a structured response. 27 endpoints across 3 categories — Domain, Network/IP, Security — with one consistent envelope, one set of error codes and one rate-limit model. Free tier ships with 100 API credits per month.

01 · OVERVIEW

What you get on a single REST surface

Six things every endpoint shares — pick one tool, learn the patterns once, every other endpoint behaves the same way:

JSON-only responses (Envelope)

Every successful response is `{ success: true, data: {...} }`. Every error is `{ success: false, error: { code, message, details? } }` with a stable machine-readable code. No XML, no SOAP, no surprises.

Bearer-token auth (or anonymous) (Auth)

Pass `Authorization: Bearer ds_live_…` for higher quotas, multi-key isolation and per-key usage analytics. Or call without a key — anonymous traffic gets 20 req/min, 200 req/day per IP.

Predictable rate limits (Limits)

X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset on every response. 429 with Retry-After when you hit the cap. Plan-based per-minute and per-day caps with documented burst allowance.

Credit-based billing (Cost)

Most endpoints cost 1 credit. A few expensive ones (Domain Health composite, Domain Snapshot, DNS Propagation) cost 2–5 credits. Credit weight is fixed and documented per endpoint.

Date-pinned versioning (Stability)

Endpoints carry date-based version tags (e.g. v2026-05-15). STABLE tier guarantees backward compatibility within the major version. BETA may change. DEPRECATED removals are announced months ahead.

Edge-cached results (Performance)

Many endpoints cache idempotent results at the edge (24h TTL). Pass `cache=false` when you need a fresh upstream call. Median cached response: under 50ms anywhere in the world.

02 · CATEGORIES

27 endpoints, 3 categories

All endpoints live under `https://api.domainscan.in/api/v1/`. Group by category:

Domain (12 endpoints) (WHOIS · DNS · Email)

Domain Lookup (WHOIS/RDAP), DNS Query (A/MX/TXT/CNAME/…), DNS Resolver List, Reverse DNS (PTR), DNS Propagation, Domain Health (composite score), Nameserver Details, Domain Snapshot (Playwright), SPF, DMARC, DKIM, AI Readiness.

Network / IP (9 endpoints) (Geo · Routing · Ports)

My IP, IP Lookup (geo/ISP/ASN), IP ISP, Port Scan, Ping, Traceroute, Common Ports Sweep, Subnet/CIDR Calculator, Reverse IP (shared-host).

Security (6 endpoints) (TLS · Headers · Reputation)

SSL Info (cert + grade), SSL Chain (intermediates), Blacklist (DNSBL/reputation), MAC Info (OUI), MAC Vendor search, Security Headers (HSTS/CSP/XFO).

Coming soon (Roadmap)

Subdomain enumeration (Pro+), Dark-web monitoring (Business), Bulk lookups (POST endpoints) and webhook callbacks for long-running snapshots.

03 · QUICKSTART

First successful call in 60 seconds

Zero setup needed for read-only endpoints. Call anonymously to test, then create a free account when you need higher quotas:

cURL — anonymous WHOIS lookup
curl 'https://api.domainscan.in/api/v1/domain/lookup?domain=google.com'
cURL — authenticated request
curl 'https://api.domainscan.in/api/v1/security/ssl-info?domain=github.com' \
  -H 'Authorization: Bearer ds_live_YOUR_KEY'
JavaScript fetch — DNS query
const res = await fetch(
  'https://api.domainscan.in/api/v1/domain/dns?domain=cloudflare.com&type=MX',
  { headers: { Authorization: 'Bearer ds_live_YOUR_KEY' } }
);
const { data } = await res.json();
console.log(data);
Response envelope
{
  "success": true,
  "data": {
    "domain": "google.com",
    "tld": "com",
    "details": {
      "dates": { "creationDate": "1997-09-15T04:00:00.000Z" },
      "registrar": { "name": "MarkMonitor Inc.", "ianaId": "292" }
    }
  }
}
04 · AUTH

Authentication and key management

Bearer tokens with a `ds_live_` prefix. Anonymous calls work too — at lower quotas.

  • Anonymous No header. Per-IP rate limit (20 req/min, 200 req/day). Best for evaluation, learning the surface, browser-based experiments.
  • Authenticated Authorization: Bearer ds_live_…. Limits scale to the account plan. Multiple keys per account on Pro and Business — issue one per environment or service.
  • Key rotation Generate a new key in the dashboard, deploy it, then revoke the old key. Active keys are listed with last-used timestamp and usage breakdown.
  • Compromised key Revoke immediately from the dashboard. All in-flight requests on the revoked key fail with 401 within seconds. New keys can be issued without downtime on Pro+.
05 · ERRORS

Errors you should handle and how

Standard HTTP status codes paired with stable machine-readable codes. Always check `success: false` plus the `error.code` field:

  • 400 VALIDATION_ERROR A required parameter is missing or malformed. Inspect error.details for the bad fields. Fix at the client side — retrying without changes won't help.
  • 401 UNAUTHORIZED Missing, expired or revoked token. Re-authenticate. Anonymous requests do not return 401 — they fall back to per-IP quotas.
  • 404 NOT_FOUND The resource does not exist (e.g. domain unregistered, IP not allocated). Treat as authoritative — don't retry.
  • 429 RATE_LIMITED You hit the per-minute or per-day cap. Inspect Retry-After header for the suggested wait (seconds). Implement exponential backoff.
  • 503 UPSTREAM_UNAVAILABLE An external service we depend on is temporarily down (registry, blacklist, certificate authority). Retry with backoff — usually clears within seconds.
  • 500 INTERNAL_ERROR Bug on our side. Worth reporting via /contact with the request ID returned in error.details.requestId.
06 · USE CASES

What teams build with this

Common patterns across our paid customers:

Customer onboarding checks (SaaS)

When a B2B customer adds their domain to your platform, run /domain/health and /security/ssl-info to flag config issues before they file support tickets.

Phishing & abuse triage (Security)

Feed suspicious URLs into /domain/lookup + /ip/lookup + /security/blacklist + /security/ssl-info to surface fresh registrations, hostile ASNs and cert-issuer anomalies in one call chain.

Internal dev productivity (DevTools)

Wrap the API in a Slack bot or CLI so engineers can ask 'is example.com on Spamhaus' or 'what's the TLS grade of this customer' without leaving their editor.

Bulk monitoring (Operations)

Schedule daily /domain/health and /security/ssl-info runs across every domain in your portfolio. Trigger Pagerduty when scores drop or certs approach expiry.

AI assistants & agents (GenAI)

Expose endpoints as tools to your own LLM agent (LangChain, OpenAI tools, MCP). Or call our Prism AI directly with /ai/prism/chat — it orchestrates the entire catalog for you.

Marketing & competitive intel (Growth)

Run /domain/snapshot on competitor pages weekly to track design changes. Use /ip/reverse-ip to map a competitor's hosting footprint.