Login & Security


All transactions are secured by SSL. The DMAPI server is using an official SSL certificate. Within the login procedure, the client is assigned an unique authorisation id ('Auth-Sid').


Username and Password

Every request (except login, of course) requires the presence of this Auth-Sid variable. An active session will expire after a period of inactivity (default: 1 hour).



In case you use a browser to access this interface, a session id will be set as a cookie, hence need not to be specified as Auth-Sid (unless cookies are not supported, or turned off). In any case, Auth-Sid has precedence if provided.


API Keys

Instead of using your user- and password credentials, you may also use so called 'API keys' for login. This way, you can create several DMAPI access facilities, which has several advantages:


Create your API keys in 'My Profile' in section 'Manage API access keys'


Example usage:


The result is the same as for "login"-request, you have to use the provided auth-sid for the subsequent actions.



Last update: 2019-12-18 16:26

Commonalities for all requests



This is the service address which has to be used for all requests:


This is how a request looks like:<name-of-request>?<name-of-parameter-1>=<value-of-parameter-1>



Header fields which are returned by most requests

Tracking Id Unique server-assigned tracking id, assigned to almost all requests 
Status-Code 0 if no error occured, otherwise other than 0
Status-Text Human readable error description
Result ACK or NACK (= "Acknowlegded" or "Not Acknowledged") 
Error May be returned if (and only if) the request was rejected, in this case reason(s) will be provided. Presence of this line in headers is indicative for that processing didn't take place.
Warning Indicative of non-fatal processing or validation problems
Proc-Id processing ID 
HTTP error codes 200 if everything is OK (request was accepted and processed or queued for processing), otherwise the reason will be provided in Error header lines (or, if this is absent, HTTP error code should be used).


IMPORTANT: Every request (except "login") requires the presence of the Auth-Sid variable ("Session ID"), which is returned by the "login" request (login). An active session will expire after some inactivity period (default: 1 hour).


In case you are using a browser to access this service, the session id will be set as a cookie, hence need not to be specified as Auth-Sid (unless cookies are not supported or turned off). In any case, Auth-Sid has precedence, if provided.


Requests consist of these parts:


Last update: 2019-12-18 16:27

Whois Privacy Services with DMAPI

Whois Privacy Services


Please find general details about Whois Privacy Services here: Whois Privacy Services

Privacy services are available for most generic top level domain names. The availablitiy of privacy services is indicated in's price list and domain search.


For requests "domain-register" and "domain-transfer-in-reseller", there exists an additional parameter "privacy":


For "domain-renew", the additional parameter privacy works similar:


To order privacy services for existing domains, the new request "domain-privacy-order"can be used:
    period=12 (in months, as usual)
    expyear=2016 (privacy expiration year, similar to domain renewal request)

    If neither period nor expyear is provided, then privacy is ordered for
    remaining domain lifetime, whatever it is.



The request "domain-set-property" allows to manage privacy services for domains which already do have a valid privacy service subscription:



Ordering domain with privacy:<your-current-session-id>


Renew domain and order privacy:<your-current-session-id>


Request incoming transfer and enable privacy:<your-current-session-id>


Temporarily disable privacy (assuming that it is active):<your-current-session-id>


Fetch real contact data from privacy protected domain:<your-current-session-id>


Last update: 2017-06-12 10:45

Differences to Email Gateway


The main differences in handling between DMAPI and Email Gateway at are:

NOTE: Not retrieved replies will be kept on the server for a period of 30 days, after this time,  only the status of specific request will be available (success or failure).

IMPORTANT: Please also note that the registration/renewal period is in MONTHS, NOT YEARS! This is to allow future micro-registrations.


Last update: 2016-04-04 13:43