Every successful response is `{ success: true, data: {...} }`. Every error is `{ success: false, error: { code, message, details? } }` with a stable machine-readable code. No XML, no SOAP, no surprises.
DomainScan API — one REST surface for WHOIS, DNS, IP intelligence, SSL, security headers, email auth and AI-powered analysis.
Every tool on DomainScan is exposed as a JSON REST endpoint. Authenticate with a bearer token (or call anonymously with reduced quota), pass a query string, get a structured response. 27 endpoints across 3 categories — Domain, Network/IP, Security — with one consistent envelope, one set of error codes and one rate-limit model. Free tier ships with 100 API credits per month.
What you get on a single REST surface
Six things every endpoint shares — pick one tool, learn the patterns once, every other endpoint behaves the same way:
Pass `Authorization: Bearer ds_live_…` for higher quotas, multi-key isolation and per-key usage analytics. Or call without a key — anonymous traffic gets 20 req/min, 200 req/day per IP.
X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset on every response. 429 with Retry-After when you hit the cap. Plan-based per-minute and per-day caps with documented burst allowance.
Most endpoints cost 1 credit. A few expensive ones (Domain Health composite, Domain Snapshot, DNS Propagation) cost 2–5 credits. Credit weight is fixed and documented per endpoint.
Endpoints carry date-based version tags (e.g. v2026-05-15). STABLE tier guarantees backward compatibility within the major version. BETA may change. DEPRECATED removals are announced months ahead.
Many endpoints cache idempotent results at the edge (24h TTL). Pass `cache=false` when you need a fresh upstream call. Median cached response: under 50ms anywhere in the world.
27 endpoints, 3 categories
All endpoints live under `https://api.domainscan.in/api/v1/`. Group by category:
Domain Lookup (WHOIS/RDAP), DNS Query (A/MX/TXT/CNAME/…), DNS Resolver List, Reverse DNS (PTR), DNS Propagation, Domain Health (composite score), Nameserver Details, Domain Snapshot (Playwright), SPF, DMARC, DKIM, AI Readiness.
My IP, IP Lookup (geo/ISP/ASN), IP ISP, Port Scan, Ping, Traceroute, Common Ports Sweep, Subnet/CIDR Calculator, Reverse IP (shared-host).
SSL Info (cert + grade), SSL Chain (intermediates), Blacklist (DNSBL/reputation), MAC Info (OUI), MAC Vendor search, Security Headers (HSTS/CSP/XFO).
Subdomain enumeration (Pro+), Dark-web monitoring (Business), Bulk lookups (POST endpoints) and webhook callbacks for long-running snapshots.
First successful call in 60 seconds
Zero setup needed for read-only endpoints. Call anonymously to test, then create a free account when you need higher quotas:
curl 'https://api.domainscan.in/api/v1/domain/lookup?domain=google.com'curl 'https://api.domainscan.in/api/v1/security/ssl-info?domain=github.com' \
-H 'Authorization: Bearer ds_live_YOUR_KEY'const res = await fetch(
'https://api.domainscan.in/api/v1/domain/dns?domain=cloudflare.com&type=MX',
{ headers: { Authorization: 'Bearer ds_live_YOUR_KEY' } }
);
const { data } = await res.json();
console.log(data);{
"success": true,
"data": {
"domain": "google.com",
"tld": "com",
"details": {
"dates": { "creationDate": "1997-09-15T04:00:00.000Z" },
"registrar": { "name": "MarkMonitor Inc.", "ianaId": "292" }
}
}
}Authentication and key management
Bearer tokens with a `ds_live_` prefix. Anonymous calls work too — at lower quotas.
- Anonymous No header. Per-IP rate limit (20 req/min, 200 req/day). Best for evaluation, learning the surface, browser-based experiments.
- Authenticated Authorization: Bearer ds_live_…. Limits scale to the account plan. Multiple keys per account on Pro and Business — issue one per environment or service.
- Key rotation Generate a new key in the dashboard, deploy it, then revoke the old key. Active keys are listed with last-used timestamp and usage breakdown.
- Compromised key Revoke immediately from the dashboard. All in-flight requests on the revoked key fail with 401 within seconds. New keys can be issued without downtime on Pro+.
Errors you should handle and how
Standard HTTP status codes paired with stable machine-readable codes. Always check `success: false` plus the `error.code` field:
- 400 VALIDATION_ERROR A required parameter is missing or malformed. Inspect error.details for the bad fields. Fix at the client side — retrying without changes won't help.
- 401 UNAUTHORIZED Missing, expired or revoked token. Re-authenticate. Anonymous requests do not return 401 — they fall back to per-IP quotas.
- 404 NOT_FOUND The resource does not exist (e.g. domain unregistered, IP not allocated). Treat as authoritative — don't retry.
- 429 RATE_LIMITED You hit the per-minute or per-day cap. Inspect Retry-After header for the suggested wait (seconds). Implement exponential backoff.
- 503 UPSTREAM_UNAVAILABLE An external service we depend on is temporarily down (registry, blacklist, certificate authority). Retry with backoff — usually clears within seconds.
- 500 INTERNAL_ERROR Bug on our side. Worth reporting via /contact with the request ID returned in error.details.requestId.
What teams build with this
Common patterns across our paid customers:
When a B2B customer adds their domain to your platform, run /domain/health and /security/ssl-info to flag config issues before they file support tickets.
Feed suspicious URLs into /domain/lookup + /ip/lookup + /security/blacklist + /security/ssl-info to surface fresh registrations, hostile ASNs and cert-issuer anomalies in one call chain.
Wrap the API in a Slack bot or CLI so engineers can ask 'is example.com on Spamhaus' or 'what's the TLS grade of this customer' without leaving their editor.
Schedule daily /domain/health and /security/ssl-info runs across every domain in your portfolio. Trigger Pagerduty when scores drop or certs approach expiry.
Expose endpoints as tools to your own LLM agent (LangChain, OpenAI tools, MCP). Or call our Prism AI directly with /ai/prism/chat — it orchestrates the entire catalog for you.
Run /domain/snapshot on competitor pages weekly to track design changes. Use /ip/reverse-ip to map a competitor's hosting footprint.