WHOIS.TD API

A public REST API for querying domain WHOIS records, IP addresses, ASN information, and Atomicals Realm names. JSON responses, no API key required.

Operational REST / JSON No Auth Required CORS Enabled

Base URL

GET https://whois.td/api.php

All API requests are made via GET. No authentication, API keys, or tokens are needed. Rate limiting is applied per client IP.

Lookup Endpoint

GET /api.php?q={query}

Performs a WHOIS lookup for the given query string. The API automatically detects the query type (domain, IPv4/v6, ASN, or Realm name) and routes to the appropriate upstream WHOIS server.

Query Parameters

Parameter	Type	Required	Description
`q`	string	Required	The query string. Accepts domain names (`example.com`), IPv4/v6 addresses (`8.8.8.8`), ASN numbers (`as13335` or `13335`), and Realm names (`+satoshi`). Max 255 characters.
`raw`	boolean	Optional	Set to `1` to include the raw WHOIS server response text in `data.raw`. Omitted by default to reduce payload size.
`server`	string	Optional	Override the WHOIS server used for the lookup (domain queries only). Example: `whois.verisign-grs.com`.

Response Format

All responses are returned as JSON with Content-Type: application/json; charset=UTF-8.

Response Fields

Field	Type	Description
`ok`	boolean	`true` if the lookup succeeded.
`code`	integer	HTTP status code (mirrored in body for convenience).
`query`	string	The normalized input query.
`normalizedQuery`	string	Final query string after IDN conversion, case normalization, etc.
`type`	string	Detected query type: `domain`, `ip`, `asn`, `realm`, or `unknown`.
`tld`	string	Top-level domain (domain queries only).
`isIDN`	boolean	`true` if the query was an internationalized domain name.
`data`	object	Structured lookup result. See below.
`data.currSer`	string	The WHOIS server that was queried.
`data.info`	object	Parsed WHOIS fields (registrar, dates, DNS, status, etc.).
`data.raw`	string	Raw WHOIS response text (only when `raw=1`).
`msg`	string	`"ok"` on success, or a human-readable error message.
`timestamp`	string	ISO 8601 UTC timestamp of the response.

Note: Empty or null fields are omitted from the response to keep payloads compact.

Examples

Domain Lookup

curl

curl "https://whois.td/api.php?q=example.com"

Response

{
  "ok": true,
  "code": 200,
  "query": "example.com",
  "type": "domain",
  "tld": "com",
  "data": {
    "currSer": "whois.verisign-grs.com",
    "info": {
      "registrar": { "registrar": "RESERVED-Internet Assigned Numbers Authority" },
      "create": 808372800,
      "expire": 1786593600,
      "status": ["clientDeleteProhibited", "clientTransferProhibited"],
      "dns": ["ELLIOTT.NS.CLOUDFLARE.COM", "HERA.NS.CLOUDFLARE.COM"],
      "dnssec": true
    }
  },
  "msg": "ok",
  "timestamp": "2026-03-11T00:00:00+00:00"
}

IP Address

curl

curl "https://whois.td/api.php?q=8.8.8.8&raw=1"

ASN

curl

curl "https://whois.td/api.php?q=as13335"

Realm Name (Atomicals Protocol)

curl

curl "https://whois.td/api.php?q=%2Bsatoshi"

Realm queries: Prefix the name with + (URL-encoded as %2B). The API proxies to realm.fan and returns structured Atomical data.

JavaScript (fetch)

JavaScript

const res = await fetch('https://whois.td/api.php?q=example.com');
const data = await res.json();

if (data.ok) {
  console.log(data.data.info);  // parsed WHOIS fields
} else {
  console.error(data.msg);
}

Python

import requests

r = requests.get("https://whois.td/api.php", params={"q": "example.com"})
data = r.json()

if data["ok"]:
    info = data["data"]["info"]
    print(f"Registrar: {info.get('registrar', {}).get('registrar')}")
    print(f"DNS: {', '.join(info.get('dns', []))}")

Rate Limits

Rate limiting is enforced per client IP address using a sliding window. No API key is required; limits apply uniformly.

requests / minute

240

requests / hour

When a limit is exceeded, the API returns 429 Too Many Requests with a Retry-After header indicating when the window resets (in seconds).

429 Response

{
  "ok": false,
  "code": 429,
  "msg": "Rate limit exceeded. Please slow down.",
  "retryAfter": 23,
  "timestamp": "2026-03-11T00:00:00+00:00"
}

Status Codes

200

Lookup succeeded. WHOIS data found.

400

Bad request. Missing or invalid q parameter.

404

No match. The queried name was not found.

405

Method not allowed. Only GET is accepted.

429

Rate limit exceeded. Wait and retry.

Response Headers

Every response includes rate-limit metadata headers:

Header	Description
`X-RateLimit-Limit`	Maximum requests allowed in the current window.
`X-RateLimit-Remaining`	Requests remaining before throttling.
`X-RateLimit-Reset`	Unix timestamp when the current window resets.
`X-RateLimit-Scope`	Which window triggered the limit (`minute` or `hour`).
`Retry-After`	Seconds to wait before retrying (only on `429` responses).

Fair Use Policy

This is a free, public API. To keep it available for everyone:

Use it for site integrations, lightweight scripts, and moderate backend calls.
Do not use it for high-concurrency bulk scanning or zone enumeration.
Implement client-side caching for repeated queries. WHOIS data rarely changes within minutes.
Respect Retry-After headers — aggressive retries may result in extended throttling.

Abuse policy: IPs exhibiting abusive patterns (automated scraping, brute-force enumeration) may be temporarily or permanently blocked without notice.

CORS

The API sets Access-Control-Allow-Origin: * on all responses. You can call it directly from browser-side JavaScript without a proxy. OPTIONS preflight requests are handled automatically.