Introducing Server-to-Server OAuth to Secure API Integrations | WhoisXML API
Products APIs Data Feeds Web Tools Domain Research & Monitoring Enterprise Packages
WHOIS / WHOIS History
WHOIS / WHOIS History

Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.

DNS / DNS History
DNS / DNS History

Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.

IP Geolocation / IP Netblocks
IP Geolocation / IP Netblocks

Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Access our web-based solution to dig into and monitor all domain events of interest.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.

Research
Monitoring
White-Label
Enterprise API Packages
Enterprise API Packages

Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.

Security Intelligence (SI) Suite
Security Intelligence (SI) Suite

Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.

Premium API Services
Premium API Services

Enjoy priority data access with our premium API services topped with extra perks including dedicated team support, enterprise-grade infrastructure, and SLAs for full scalability and high performance.

WhoisXML API Internet Infrastructure
Internet Infrastructure

Unlock integrated intelligence on Internet properties and their ownership, infrastructure, and other attributes.

WhoisXML API Predictive Threat Intelligence
Predictive Threat Intelligence

Detect and block access to and from dangerous domain names before malicious actors can weaponize them. Contact us today for more information.

Multi-Level API User Administration Now Available - Manage individual API keys for team members in your organization.

Learn More
×
Contact Us

WhoisXML API Blog

Read other articles Download PDF

Introducing Server-to-Server OAuth to Secure API Integrations

We’re thrilled to announce the availability of Server-to-Server OAuth for all our API users. Using this authentication method helps developers build robust integrations without compromising security and efficiency.

Server-to-Server OAuth or two-legged OAuth eliminates user interaction for authentication, making it ideal for automated workflows. It simplifies API integration by allowing a server to directly request and manage access tokens. The authorization method is also designed to handle high-volume API requests, supporting application scalability.

Getting Started with Server-to-Server OAuth

Server-to-Server OAuth leverages a two-step process that involves generating an access token and then using it for API requests. 

Step 1: Generate an Access Token

The first step requires a Server-to-Server OAuth client to request an access token from the WhoisXML API authorization server. The request may look like this:

curl --location 'https://main.whoisxmlapi.com/oauth/token' \
--header 'Authorization: Bearer %base64_encoded_API_key%' \
--header 'Content-Type: application/json' \
--data '{
"grant_type": "access_token",
"expires_in": 7200
}'

As you can see, there are important fields to note, such as:

  • API key: You need to input your base64-encoded API key into the header.
  • Grant type: Make sure to use the accessToken grant type.
  • Token expiration: The token’s lifetime is 3600 (1 hour) by default, but it can be set to 1800 (30 minutes), 7200 (2 hours), or 10800 seconds (3 hours). You can specify this in the expires_in field.

Step 2: Use the Access Token

An access token will be returned as a result of the first step. See a sample response below.

{
"accessToken": "G2OIE2AKRCVDYFUJCV5PXXXXXXXXXXXX",
"expiresIn": 3600
}

When sending API requests, use the access token in the response (e.g., G2OIE2AKRCVDYFUJCV5PXXXXXXXXXXXX) instead of your API key in the apiKeyfield. As such, a WHOIS API GET request may look like this:

curl --location 'https://www.whoisxmlapi.com/whoisserver/WhoisService?domainName=google.com' \
--header 'Authorization: Bearer %accessToken%'

Meanwhile, a WHOIS API POST request would look like this:

curl --location 'https://www.whoisxmlapi.com/whoisserver/WhoisService' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer %accessToken%' \
--data '{
"domainName": "google.com"
}'

Is Server-to-Server OAuth Available for All APIs?

Yes, this feature is available for all of our APIs and is further explained on each API’s Server-to-Server OAuth pages, such as:

Wrapping Up

Server-to-Server OAuth does not require user interaction, so there is no refresh token. You can generate multiple access tokens and use them for all the products you have access to. These tokens become invalid when a new API key is generated.

To learn more about Server-to-Server OAuth, don’t hesitate to contact our sales team.

Related posts
Read other articles Download PDF
Try our WhoisXML API for free
Get started