The Domain API provides comprehensive domain intelligence including DNS analysis, security threat detection, SSL certificate information, and subdomain discovery.
Authentication
All API requests require authentication. Include your API key in the request header:
X-API-Key: your_api_key_here
Production Endpoints
GET /api/v1/domain/{domain}
GET /api/v1/domain?url={url}
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
domain |
string | Conditional | The domain name to analyze (e.g., google.com). Required if url is not provided. |
url |
string | Conditional | A full URL to analyze (e.g., https://www.google.com/search). Required if domain is not provided. Must include http:// or https://. |
Response Field Descriptions
The API returns a JSON object with the following structure:
| Field | Type | Description |
|---|---|---|
domain_identity |
object | Core information about the domain's identity. |
classification |
object | Categorization of the domain's purpose (e.g., website, email). |
dns_records |
object | A collection of all retrieved DNS records for the domain. |
dns_analysis |
object | Analysis of key DNS security records like SPF, DMARC, and DKIM. |
tls_certificate |
object | Detailed information about the domain's SSL/TLS certificate. |
subdomain_analysis |
object | Results of subdomain discovery, including active and inactive lists. |
network_details |
object | IP addresses, mail servers, and nameservers associated with the domain. |
security_analysis |
object | Threat intelligence and risk assessment based on multiple security databases. |
metadata |
object | Information about the API request and data freshness. |
subdomain_analysis Object
| Field | Type | Description |
|---|---|---|
count |
number | The total number of unique subdomains found. |
active_subdomains |
array | A list of subdomains that have active DNS A records. |
inactive_subdomains |
array | A list of subdomains found in certificate transparency logs but that do not currently have DNS A records. |
resolved_ips |
object | A mapping of active subdomains to their resolved IPv4 addresses. |
classification.types Array
An array of strings describing the domain's purpose. Possible values include:
email: The domain has MX records and can receive email.website: The domain has A or AAAA records and likely hosts a website.dns: The domain has NS records and acts as a nameserver.active_website: The domain responds to HTTP requests with a 200 status.parked: The website content suggests it is a parked domain.developed: The website uses common web technologies.disposable_email: The domain is a known disposable email provider.
Example Response
{
"domain_identity": {
"domain": "google.com",
"punycode": "google.com",
"subdomain": null,
"domain_name": "google.com",
"tld": "com",
"is_subdomain": false,
"domain_hash": "d4c9d9027326271a89ce51fcaf328ed673f17be33469ff979e8ab8dd501e664f"
},
"classification": {
"types": ["email", "website", "dns", "active_website", "developed"]
},
"dns_records": {
"A": ["142.250.217.142"],
"AAAA": ["2800:3f0:4004:80a::200e"],
"MX": [{"exchange": "smtp.google.com", "priority": 10}],
"TXT": ["v=spf1 include:_spf.google.com ~all", "..."],
"NS": ["ns1.google.com", "ns2.google.com", "..."],
"SOA": {"nsname": "ns1.google.com", "hostmaster": "dns-admin.google.com", "..."},
"CAA": [{"critical": 0, "issue": "pki.goog"}]
},
"dns_analysis": {
"spf": {"record": "v=spf1 include:_spf.google.com ~all", "valid": true},
"dmarc": {"record": null, "valid": false},
"dkim": {"record": null, "valid": false},
"has_mx": true,
"has_caa": true,
"wildcard_cert": false,
"subdomain_takeover_risk": false
},
"tls_certificate": {
"subject": {"CN": "*.google.com"},
"issuer": {"C": "US", "O": "Google Trust Services", "CN": "GTS CA 1P5"},
"subject_alternative_names": ["*.google.com", "*.youtube.com", "..."],
"valid_from": "2025-07-22T09:25:15.000Z",
"valid_to": "2025-10-14T09:25:14.000Z",
"days_until_expiry": 56,
"is_expired": false,
"is_self_signed": false,
"protocol": "TLSv1.3"
},
"subdomain_analysis": {
"count": 5,
"active_subdomains": ["ads.google.com", "mail.google.com"],
"inactive_subdomains": ["test.google.com", "archive.google.com", "ftp.google.com"],
"resolved_ips": {
"ads.google.com": ["142.251.46.206"],
"mail.google.com": ["142.250.150.18"]
}
},
"network_details": {
"ip_addresses": {"ipv4": ["142.250.217.142"], "ipv6": ["2800:3f0:4004:80a::200e"]},
"mail_servers": [{"exchange": "smtp.google.com", "priority": 10}],
"nameservers": ["ns1.google.com", "ns2.google.com", "..."],
"hosting_provider": "gws"
},
"security_analysis": {
"is_malicious": false,
"threat_sources": [],
"risk_assessment": {
"risk_score": 0,
"threat_types": [],
"risk_level": "minimal"
},
"is_disposable_email": false
},
"metadata": {
"data_freshness": {"last_update_check": "2025-08-16T20:35:36.365Z"},
"timestamp": "2025-08-16T20:36:12.111Z",
"response_time_ms": 608,
"request_id": "req_1755376570968_90e36c5a"
}
}
Examples
cURL (Domain in Path)
curl -X GET "https://api.chapyapi.com/api/v1/domain/google.com" \
-H "X-API-Key: your_api_key_here"
cURL (URL as Query Parameter)
curl -X GET "https://api.chapyapi.com/api/v1/domain?url=https://www.google.com/search?q=chapybara" \
-H "X-API-Key: your_api_key_here"
JavaScript
const apiKey = 'your_api_key_here';
async function fetchDomainInfo(target) {
const isUrl = target.startsWith('http://') || target.startsWith('https://');
const endpoint = isUrl ? `/api/v1/domain?url=${encodeURIComponent(target)}` : `/api/v1/domain/${target}`;
const response = await fetch(`https://api.chapyapi.com${endpoint}`, {
headers: {
'X-API-Key': apiKey
}
});
const data = await response.json();
console.log(data);
}
fetchDomainInfo('google.com');
fetchDomainInfo('https://www.google.com/search?q=chapybara');
Python
import requests
api_key = "your_api_key_here"
def fetch_domain_info(target):
if target.startswith('http://') or target.startswith('https://'):
url = f"https://api.chapyapi.com/api/v1/domain?url={requests.utils.quote(target, safe='')}"
else:
url = f"https://api.chapyapi.com/api/v1/domain/{target}"
headers = {"X-API-Key": api_key}
response = requests.get(url, headers=headers)
data = response.json()
print(data)
fetch_domain_info("google.com")
fetch_domain_info("https://www.google.com/search?q=chapybara")
Error Handling
The API uses standard HTTP status codes and returns error details in JSON format.
| Status Code | Error Code | Description |
|---|---|---|
| 400 | VALIDATION_ERROR |
Invalid domain or URL format provided. |
| 401 | MISSING_API_KEY |
API key not provided. |
| 401 | INVALID_API_KEY |
API key is invalid, inactive, or expired. |
| 402 | QUOTA_EXCEEDED |
Your daily domain request quota has been reached. |
| 403 | ENDPOINT_FORBIDDEN |
Your API key is not permitted to access this endpoint. |
| 403 | FORBIDDEN |
Access to private/reserved/local IPs is blocked (SSRF protection). |
| 404 | NOT_FOUND |
The domain has no primary DNS records (A, AAAA, CNAME). |
| 429 | RATE_LIMIT_EXCEEDED |
Too many requests. Check X-RateLimit-Reset header. |
| 503 | SERVICE_INITIALIZING |
The service is starting up. Please try again shortly. |
| 503 | SERVICE_ERROR |
A downstream service (e.g., DNS) failed. |
Error Response Example
{
"error": "Invalid domain or URL format provided.",
"code": "VALIDATION_ERROR",
"requestId": "req_1755376570968_90e36c5a"
}