← All posts
tutorialdomain

How to build a domain lookup tool: WHOIS, DNS, SSL, and security checks

Mahesh Naidu·5 min read

/domainhas 24 endpoints, and they split into roughly three groups: registration lookup, DNS/email configuration, and security posture checks. Here's the shape of each.

Registration lookup — WHOIS and RDAP are the same call under the hood

/whois and /rdapboth resolve through the same RDAP lookup function internally — RDAP (Registration Data Access Protocol) is the modern, structured-JSON successor to the old text-based WHOIS protocol, and rdap.org provides a unified lookup across registries. We expose both paths because “WHOIS” is still the term most developers search for, even though the data underneath is RDAP.

fetch("https://aplicious.com/api/v1/domain/whois?domain=google.com", {
  headers: { "X-API-Key": "lapi_live_••••" },
});

/age and /registrar-info build on the same lookup — domain age is a real, commonly-used trust signal (a domain registered yesterday is a different risk profile than one registered in 2010).

DNS and email configuration

/dns and /dns-records return the full record set for a domain. /spf-check, /dmarc-check, and /email-config verify the email-authentication records specifically — whether a domain has SPF and DMARC set up correctly, which is the first thing to check before trusting that mail claiming to come from a domain actually does.

Security posture

/ssl-check verifies certificate validity and expiry. /header-security checks for security headers (CSP, HSTS, X-Frame-Options) on the live site. /reputation and /subdomain-scanround out a basic security audit — useful if you're building a “how secure is this domain” tool rather than just a registration lookup.

Putting together a domain report

async function domainReport(domain: string) {
  const headers = { "X-API-Key": process.env.APLICIOUS_KEY! };
  const base = "https://aplicious.com/api/v1/domain";

  const [whois, dns, ssl, spf, dmarc] = await Promise.all([
    fetch(`${base}/whois?domain=${domain}`, { headers }).then(r => r.json()),
    fetch(`${base}/dns?domain=${domain}`, { headers }).then(r => r.json()),
    fetch(`${base}/ssl-check?domain=${domain}`, { headers }).then(r => r.json()),
    fetch(`${base}/spf-check?domain=${domain}`, { headers }).then(r => r.json()),
    fetch(`${base}/dmarc-check?domain=${domain}`, { headers }).then(r => r.json()),
  ]);

  return { whois: whois.data, dns: dns.data, ssl: ssl.data, spf: spf.data, dmarc: dmarc.data };
}

Five calls, one key, one rate-limit budget — registration, DNS, and security posture in a single report.

Try APlicious free
One key. 34 live namespaces. 500 free calls per month — no credit card required.
Get your free API key →
← Back to all posts