HN Showcase
Back to browse
RDAP API – Normalized JSON for Domain/IP Lookups (Whois Replacement)

RDAP API – Normalized JSON for Domain/IP Lookups (Whois Replacement)

by boutetnico·Mar 2, 2026·2 points·0 comments
Visit ProjectView on HN

AI Analysis

●●●BangerSolve My ProblemSlick

Fixes WHOIS's broken successor: one endpoint, consistent schema, handles multi-server routing automatically.

Strengths
  • Genuine infrastructure problem solved: RDAP multiplexing (bootstrap registry lookup, registrar follow-up calls) eliminated with one API call.
  • Practical edge case handling: vcardArray parsing, per-server rate limits, unlisted ccTLD servers all abstracted away.
  • Fast execution and caching reduce latency vs. direct RDAP, removes upstream rate-limit friction for bulk operations.
Weaknesses
  • Paid service competing against free-but-broken direct RDAP access; adoption depends on dev awareness that direct RDAP is painful.
  • ICANN RDAP adoption is mandate-driven, not market-driven; TAM locked to regulated domain/IP operations (smaller than general API market).
Target Audience

Backend developers, security teams, and SaaS platforms needing domain/IP registration and abuse contact data at scale.

Similar To

WHOIS API providers (DomainTools, Whoisology) · Direct RDAP servers (IANA registry)

Post Description

I discovered RDAP while working on a hobby project where I needed to check if IP addresses were residential or not. RDAP was giving me more data than WHOIS, and it returns JSON instead of plain text. WHOIS is going away anyway. ICANN now requires RDAP for all gTLDs, and many registries are returning less data over port 43 or dropping it entirely. But RDAP is not easy to work with directly.

There is no single server. You have to check the IANA bootstrap registry to find which server handles each TLD, and some ccTLDs have working RDAP servers that are not even listed there. For .com and .net, the registry only has basic data. You need a second request to the registrar server to get contacts and abuse info. Then there is vcardArray, a deeply nested array-of-arrays format for contact data. And every server has its own rate limits.

I built an API that does all of that and gives you clean JSON back. One endpoint, same schema for every TLD. Here is what you get for google.com with ?follow=true (follows the registrar link automatically):

{ "domain": "google.com", "registrar": { "name": "MarkMonitor Inc.", "iana_id": "292" }, "dates": { "registered": "1997-09-15T04:00:00Z", "expires": "2028-09-14T04:00:00Z" }, "nameservers": ["ns1.google.com", "ns2.google.com", "ns3.google.com", "ns4.google.com"], "entities": { "registrant": { "organization": "Google LLC", "country_code": "US" } } }

You also get status codes, DNSSEC, abuse contacts, etc. There is a free lookup tool on the homepage to try it, no signup needed.

Supplemental servers. The IANA bootstrap only covers ~1,200 TLDs. I keep a list of 30 extra RDAP servers (for TLDs like .io, .de, .me, .us) that work but are not registered with IANA. Synced daily.

Registrar follow-through. For thin registries like .com, the registry only has dates and nameservers. The registrar has the rest on a different server. The API follows that link and merges both.

SDKs. Open source clients for Python, Node.js, PHP, Go and Java.

Responses are cached for 24 hours to reduce load on upstream RDAP servers.

This is my first SaaS, just launched. Would love honest feedback.

The API starts at $9/mo with a 7-day free trial.

Similar Projects