# Purchase Privacy Adds or renews WHOIS privacy protection for a domain. This is used to ensure personal contact details remain hidden from public WHOIS lookups. If WHOIS privacy is already enabled, this will extend the protection. If it’s not yet active, this will both purchase and enable the service. This is a billable action unless covered by a bundled privacy plan. Endpoint: POST /core/v1/domains/{domainName}:purchasePrivacy Version: 1.3.1 Security: BasicAuth ## Path parameters: - `domainName` (string, required) DomainName is the domain to purchase Whois Privacy for. ## Header parameters: - `X-Idempotency-Key` (string) A unique string (e.g., a UUID v4) to make the request idempotent. This key ensures that if the request is retried, the operation will not be performed multiple times. Subsequent requests with the same key will return the original result. Example: "083910ef-04e4-4bd1-a0bf-3737fe005ca8" ## Request fields (application/json): - `purchasePrice` (number) PurchasePrice is the (prorated) amount you expect to pay. - `years` (integer) Years is the number of years you wish to purchase Whois Privacy for. Years defaults to 1 and cannot be more then the domain expiration date. ## Response 200 fields (application/json): - `domain` (object) The response format for a domain. - `domain.domainName` (string, required) The punycode-encoded value of the domain name. Example: "example.com" - `domain.createDate` (string, required) The date and time when the domain was created at the registry. Example: "2023-01-15T14:30:00Z" - `domain.expireDate` (string, required) The date and time when the domain will expire. Example: "2025-01-15T14:30:00Z" - `domain.autorenewEnabled` (boolean, required) Indicates whether the domain is set to renew automatically before expiration. Example: true - `domain.locked` (boolean, required) Indicates if the domain is locked, preventing transfers to another registrar. Example: true - `domain.privacyEnabled` (boolean, required) Indicates if Whois Privacy is enabled for this domain. Example: true - `domain.contacts` (object, required) Contacts stores the contact information for the roles related to domains. - `domain.contacts.admin` (object) Contact contains all relevant contact data for a domain registrant. - `domain.contacts.admin.firstName` (string, required) First name of the contact. Example: "John" - `domain.contacts.admin.lastName` (string, required) Last name of the contact. Example: "Doe" - `domain.contacts.admin.companyName` (string,null) Company name of the contact. Leave blank if the contact is an individual, as some registries may assume it is a corporate entity otherwise. Example: "Example Inc." - `domain.contacts.admin.address1` (string, required) The first line of the contact's address. Example: "123 Main Street" - `domain.contacts.admin.address2` (string,null) The second line of the contact's address (optional). Example: "Suite 400" - `domain.contacts.admin.city` (string, required) City of the contact's address. Example: "New York" - `domain.contacts.admin.state` (string, required) State or Province of the contact's address. Example: "NY" - `domain.contacts.admin.zip` (string, required) ZIP or Postal Code of the contact's address. Example: "10001" - `domain.contacts.admin.country` (string, required) Country code for the contact's address. Must be an ISO 3166-1 alpha-2 country code. Example: "US" - `domain.contacts.admin.email` (string, required) Email address of the contact. Must be a valid email format. The validation is performed against the syntax in [RFC 822](https://datatracker.ietf.org/doc/html/rfc822) Example: "john.doe@example.com" - `domain.contacts.admin.phone` (string, required) Phone number of the contact. Should follow the E.164 international format: "+[country code][number]". Example: "+15551234567" - `domain.contacts.admin.fax` (string,null) Fax number of the contact. Should follow the E.164 international format: "+[country code][number]". Example: "+15557654321" - `domain.contacts.billing` (object) Contact contains all relevant contact data for a domain registrant. - `domain.contacts.registrant` (object) Contact contains all relevant contact data for a domain registrant. - `domain.contacts.registrant.companyName` (string,null) Company name of the contact. Leave blank if the contact is an individual. Please be advised that ICANN policy links the "Company Name" field (Organization) in your domain's contact details to its legal ownership. If this field contains information, the listed organization is considered the legal "Registered Name Holder" (domain owner). Example: "Example Inc." - `domain.contacts.tech` (object) Contact contains all relevant contact data for a domain registrant. - `domain.nameservers` (array, required) The list of nameservers assigned to this domain. If unspecified, it defaults to the account's default nameservers. Example: ["ns1.example.com","ns2.example.com"] - `domain.renewalPrice` (number, required) The cost to renew the domain. This may be required for the RenewDomain operation. Example: 12.99 - `order` (integer, required) Order is an identifier for this purchase. - `totalPaid` (number, required) TotalPaid is the total amount paid, including VAT. Example: 4.99 ## Response 401 fields (application/json): - `message` (string, required) A human-readable message providing more details about the error Example: "Unauthorized" ## Response 402 fields (application/json): - `message` (string, required) A human-readable message providing more details about the error Example: "Payment failed" - `details` (string,null) Additional context or information about the error Example: "Insufficient Funds" ## Response 409 fields (application/json): - `message` (string) Example: "Idempotency key has been reused for a different request" ## Response 415 fields (application/json): - `message` (string, required) A human-readable message providing more details about the error Example: "The 'Content-Type' header must be 'application/json' for this request." ## Response 429 fields (application/json): - `message` (string) A human-readable message providing more details about the error Example: "Rate Limit Exceeded" ## Response 500 fields (application/json): - `message` (string, required) A human-readable message providing more details about the error. Example: "Internal Server Error" - `details` (string,null) Additional context or information about the error. Example: "Something went wrong."