Free & Open Source WHOIS Lookup Service
No-CORS, no auth API that's publicly available or easily self-hostable
π who-dat.as93.net
Contents
who-dat is a self-hostable domain lookup service that turns the mess of RDAP and WHOIS into one clean JSON API. It does the hard parts you can't do in a browser or get consistently elsewhere: discovering the right RDAP server per-TLD via IANA bootstrap, parsing nested jCard contact data, and normalizing every registry's output into one shape. It queries RDAP first, falls back to WHOIS, and returns a single consistent result.
TL;DR Get the RDAP/WHOIS records for any site:
curl https://who-dat.as93.net/example.com
For detailed request + response schemas, and to try the API out, you can reference the spec
The base URL for the public API is who-dat.as93.net
If you're self-hosting (recommended) then replace this with your own base URL.
- URL:
/v1/whois/[domain](the bare/[domain]shorthand also works) - Method:
GET - Query Params:
?raw=truereturns the original RDAP JSON or WHOIS text instead of the normalized response - Success Response:
- Code: 200 (the lookup succeeded, whether or not the domain is registered)
- Content: Normalized WHOIS/RDAP data as JSON; the
isRegisteredfield indicates registration status.
- Error Response (uniform envelope:
{ "error": { "code", "message", "query" } }):- 400 - invalid or unparseable domain
- 429 - rate limited (includes a
Retry-Afterheader) - 501 - no RDAP or WHOIS source for that TLD
- 502 / 504 - upstream registry error or timeout
- Sample Call:
curl https://who-dat.as93.net/example.comfetch('https://who-dat.as93.net/example.com')
.then(response => response.json())
.then(data => console.log(data))
.catch(error => console.error('Error:', error));import requests
response = requests.get('https://who-dat.as93.net/example.com')
if response.status_code == 200:
print(response.json())
else:
print("Error:", response.status_code)- URL:
/multi - Method:
GET - Query Params:
- domains: A comma-separated list of domains.
- Success Response:
- Code: 200
- Content:
{ "results": [ ... ] }- an array of normalized results, one per domain.
- Error Response:
- Code: 400 BAD REQUEST
- Content:
{ "error": { "code": "INVALID_DOMAIN", "message": "missing domains parameter" } }
- Sample Call:
curl "https://who-dat.as93.net/multi?domains=example.com,example.net"
This is the quickest and easiest way to get up-and-running. Simply fork the repository, then login to Vercel (using GitHub), and after importing your fork, it will be deployed! There's no additional config or keys needed, and it should work just fine on the free plan.
Alternatively, just hit the button below for 1-click deploy π
The light-weight Docker image is published to DockerHub (hub.docker.com/r/lissy93/who-dat), as well as GHCR (here).
Providing you've got Docker installed, you can get everything by running:
docker run -p 8080:8080 --dns 8.8.8.8 --dns 8.8.4.4 lissy93/who-dat
Head to the Releases Tab, download and extract the pre-built executable for your system, then run it.
Example
If you're using the command line, you can do something like this
Don't forget to update (v1.0) with the version number you want, and (linux-amd64) with your system's architecture.
# Download the binary for your system (from releases tab)
wget https://github.com/Lissy93/who-dat/releases/download/v0.9/who-dat-v0.9-linux-amd64.tar.gz -O ./who-dat.tar.gz
# Extract the compressed file
tar -xzvf who-dat.tar.gz
# Make it executable
chmod +x who-dat
# Run Who-Dat!
./who-dat(Or, if you're a Microsoft fanboy, you can just double-click the who-dat.exe after extracting in Windows Explorer)
Follow the setup instructions in the Development section.
Then run go build -o who-dat ./cmd/server to generate the binary for your system.
You'll then be able to execute the newly built ./who-dat file directly to start the application.
There's a few optional environmental variables that you can set to configure certain features, limits and usage.
Authentication is optional, and can be enabled by setting the AUTH_KEY environment variable.
Once enabled, all API requests must include the key in the Authorization header, and unauthenticated requests will respond with a 403.
curl -H "Authorization: Bearer <your-secret-key>" https://who-dat.yourdomain.com/example.comLookups are cached in-memory so repeated requests don't re-hit the registry. Caching is on by default, with a 1 hour TTL.
Set ENABLE_CACHE=false to turn it off, or CACHE_TTL_SECONDS to change how long results are kept. Cached responses have meta.cached set to true.
If you're running on Vercel, CDN_CACHE_TTL_SECONDS (default 3600) and CDN_CACHE_SWR_SECONDS (default 86400) set the shared-CDN Cache-Control, so repeat lookups are served from the edge without re-invoking the function.
Requests can be rate-limited per-IP using a token bucket. It's off by default when self-hosting, but the public instance allows 30 requests/minute with a burst of 10. Set RATE_PER_MINUTE (use 0 to disable) and RATE_BURST to configure it. Clients that exceed the limit get a 429 with a Retry-After header.
To exempt trusted clients from the limit without locking down the whole API, set API_KEYS to a comma-separated list of keys, and have those clients send one in the Authorization header. (This is separate from AUTH_KEY, which makes the entire API private.)
Each upstream RDAP/WHOIS lookup has a 5 second timeout. Set LOOKUP_TIMEOUT_SECONDS to change it. Requests that time out respond with a 504.
The /multi endpoint accepts up to 10 domains per request by default. Set MAX_DOMAINS to raise or lower this.
Prerequisites: You'll need Go installed. You will likley also want Git and/or Docker. The frontend is plain HTML/Alpine.js embedded into the binary, so there's no Node build step.
git clone git@github.com:Lissy93/who-dat.git
cd who-dat
go mod downloadThen run go run ./cmd/server
Alternativley, build the Docker container with docker build -t who-dat .
There's a very simple frontend included in the app. This is built with Alpine.js, so is super light-weight, and only adds about 17kb to the total executable. The web interface is used to view WHOIS records for a given domain, and also hosts the API documentation.
Contributions of any kind are welcome (and would be much appreciated!). Be sure to follow our Code of Conduct.
Not a coder? You can still help, by raising bugs you find, updating docs, or consider sponsoring me on GitHub
We've got a (non-Microsoft) mirror of this repository hosted on CodeBerg, at codeberg.org/alicia/who-dat
Lissy93/Who-Dat is licensed under MIT Β© Alicia Sykes 2024 - present.
For information, see TLDR Legal > MIT
Expand License
The MIT License (MIT)
Copyright (c) Alicia Sykes <alicia@omg.com>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sub-license, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished
to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included install
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANT ABILITY, FITNESS FOR A
PARTICULAR PURPOSE AND NON INFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Β© Alicia Sykes 2026
Licensed under MIT
Thanks for visiting :)
