shadom.co Domain API
A REST API for domain lookups and monitoring: WHOIS/RDAP lookup, a monitored domains list, and alerts, all authenticated with a single API key.
Authentication
Every endpoint accepts an API key. Generate one from the API Key page in your dashboard, then send it as a bearer token:
Authorization: Bearer sk_your_key_hereAPI key auth does not require CSRF tokens. Browser sessions can also call the API with a cookie, but mutating requests (POST, DELETE) then require an X-CSRF-Token header. API key management (generating or revoking a key) is cookie-auth only, so you cannot rotate a key using itself.
Endpoints
WHOIS/RDAP lookup for any domain. Does not require monitoring.
Rate limit: 20 requests/minute per user
List all domains you are monitoring.
Rate limit: none
Add a domain to monitoring.
Rate limit: 10 additions/hour per user
Detailed info for a monitored domain: latest snapshot and event history.
Rate limit: none
Trigger a manual WHOIS/RDAP check for a monitored domain.
Rate limit: 30 checks/hour per user
Remove a domain from monitoring (deletes its snapshots, events, and alerts).
Rate limit: none
List alerts for your account. Filter by type or unread status.
Rate limit: none
Mark all alerts as read.
Rate limit: none
Example: cURL
# WHOIS/RDAP lookup
curl -H "Authorization: Bearer sk_your_key_here" \
"https://shadom.co/api/domains/lookup?domain=example.com"
# List monitored domains
curl -H "Authorization: Bearer sk_your_key_here" \
https://shadom.co/api/domains
# Add a domain to monitoring
curl -X POST -H "Authorization: Bearer sk_your_key_here" \
-H "Content-Type: application/json" \
-d '{"domain":"example.com"}' \
https://shadom.co/api/domainsErrors
Errors follow a consistent shape: { "error": "..." }. A 429 response includes a Retry-After header telling you how long to wait before the rate limit resets.
More ways to integrate
Building an AI agent instead of a script? The shadom.co MCP server exposes the same domain data as tools for Claude and other MCP clients. For the full endpoint reference with request/response examples, see the in-app API documentation.
Read the full API docsFrequently asked questions
Is there a free API?
Yes. The shadom.co API is available on the free plan, the same plan that covers up to 100 monitored domains. There is no separate paid API tier and no credit card required to generate a key.
How do I get an API key?
Log in to your dashboard, open the API Key page, and generate one. The raw key is shown once, so store it securely. You can regenerate or revoke it at any time from the same page.
What are the rate limits?
The domain lookup endpoint (GET /api/domains/lookup) allows 20 requests per minute per user. Adding domains to monitoring is limited to 10 additions per hour, and manual re-checks of a monitored domain to 30 checks per hour. Responses that exceed a limit return 429 with a Retry-After header.
Does the API support WHOIS and RDAP lookups?
Yes. GET /api/domains/lookup queries live RDAP with WHOIS fallback for any domain, registered or not, and does not require the domain to be monitored first.