name.com Core API Changelog

All notable changes to the name.com Core API will be documented here.

[v4 to Core 1.0] - 2025-05-12

name.com is launching a new Core API - a modern, RESTful API for managing domains, DNS records, and related services. It is the successor to the legacy v4 API.

Changed

Documentation format upgraded
- Now uses OpenAPI 3.1, allowing better tooling support and interactive documentation.
Internal implementation rebuilt
- The underlying codebase has been rewritten to support faster iteration, better error handling, and more consistent endpoint behavior.
Improved error messaging
- Legacy 500 Internal Server Error responses have been replaced with more appropriate and descriptive HTTP status codes.
  - Example: When account credit is insufficient, the response now returns 402 Payment Required instead of 500.
- 403 Forbidden responses were previously returned for both authentication errors, and actual issues where the attempted action was forbidden. Authentication errors will now correctly return 401 Unauthorized responses, and 403 Forbidden is reserved for actions that are actually forbidden.
Consistent default values in responses
- API responses now always return default values (e.g. false, 0, "") instead of omitting them.
  - Example: The Search API previously omitted purchasable: false; it is now explicitly returned.
Consistent and correct Content-Type headers in responses
- Previously, we had been returning Content-Type: text/html for all of our responses, even though the API returns JSON.
- This has been fixed, and we will now return Content-Type: application/json for all responses that are actually returning JSON.
- If endpoints are implemented that return other data types, the Content-Type header will accurately reflect the data returned
Consistent requirements for Content-Type headers in requests
- Previously, while our documentation indicated that the Content-Type: application/json header was required for all POST and PUT requests, this was not enforced.
- This is now enforced across all PUT, POST, PATCH requests. If the Content-Type: application/json header is missing, or contains a value other than application/json, you will receive a response of 415 Unsupported Media Type with an appropriate message body.
- Due to server implementations, this means that even POST requests that do not require an actual requst body (i.e. LockDomain) will require the correct Content-Type header.
  - Documentation for the affected APIs accurately reflects this requirement.
Deprecating several API endpoints for modifying a domain, in favor of a new UpdateDomain API
- The following endpoints are deprecated and will be removed in a future release of the API:
  - LockDomain
  - UnlockDomain
  - EnableAutorenew
  - DisableAutorenew
  - EnableWhoisPrivacy
  - DisableWhoisPrivacy
Please note, there are more changes overall that can be listed here, and migrating from v4 to Core v1 should be considered a “breaking” change.

Removed

SearchStream endpoint
- This endpoint has been removed for now and may return in a future version with a revised implementation.

Added

Domain Update Endpoint
- This new endpoint allows for updating the value for autorenew, Whois Privacy and locking. See DomainUpdate.

Overall

This release improves usability, DX/AX consistency, and future extensibility. v4 remains accessible, but we encourage new integrations to use the Core API v1.0.

[Core 1.0.1] - 2025-06-04

Fixed

Corrected an issue where the Create Transfer API was sometimes incorrectly returning a 500 Internal Error response with a message stating that there was currently a transfer processing.
- This has been fixed to correctly return a 409 Conflict response code, with a message stating A transfer is already processing for this domain.

[Core 1.0.2] - 2025-06-10

Fixed

Resolved an issue where requests failing authentication incorrectly returned a 500 Internal Server Error. The API now correctly returns a 401 Unauthorized response for all authentication failures.
Resolved an issue where invalid pagination parameter perPage=0 returned a 500 Internal Server Error. Paginated requests using perPage=0 now default to valid perPage=1000.

[Core 1.0.3] - 2025-06-17

Fixed

Resolved an issue where Domain Create requests would incorrectly result in a 500 Internal Server Error if a required contact phone number was omitted. The API now correctly returns a 400 Bad Request error with a descriptive message in this scenario.
Validation Enforcement: The following documented validation rules are now strictly enforced. Requests containing non-compliant data, which may have been inadvertently accepted previously, will now be correctly rejected with a 400 Bad Request error response.
- The phone and fax fields for contacts now strictly validates the E.164 format. The API documentation has been updated with the specific regex pattern (^\+[1-9]\d{7,14}$) used for this validation.
- The related examples in the documentation were also incorrect for the E.164 format and have been updated to be accurate.
- All fields designated for email addresses are now validated to ensure a valid format. Validation adheres to the addr-spec syntax in RFC 822, with common exceptions such as not supporting comments or whitespace folding.
- Enums have been added where appropriate to ensure only correct values are allowed in requests
- Additional validation was added, so that empty strings are rejected for fields like first_name, etc.

[Core 1.0.4] - 2025-06-24

Fixed

Resolved an issue on the List Domains endpoint where using certain optional filters could result in a 500 Internal Server Error or return an incorrectly filtered result set. The endpoint now reliably applies all filters and returns the correct data.

[Core 1.1.0] - 2025-07-14

Added the new Domain Info API. This new API will return general information about a specific TLD.
- If there are additional requirements to register a domain for that TLD, the additional requirements will also be returned.
- The formatting of the additional requirements has been optimized to allow dynamic form generation.

Changed

Several API descriptions were updated to use OpenApi v3.0 compatible structures. The API definitions in question used v3.1 constructs which several users reported issues with when using common code generation tools.
- These updated specifications contain the same actual data description, and should cause no functional changes to the API, just how the OpenApi specification describes the endpoints.
The description for the DomainTransferStatusChange webhook has been updated to include a list of the transfer statuses that trigger the webhook.

[Core 1.2.0] - 2025-07-18

Added

Added the new TLD Pricing API. This API gives users the ability to see a general price list for TLDs, with any account level pricing they may qualify for.

Changed

Several API responses have been updated to more accurately describe which parameters are required, and are therefore always returned in an API response.

[Core 1.2.1] - 2025-07-23

Fixed

Domain Info API now correctly returns empty objects () instead of empty arrays ([]) for relevant parameters as per specification.

[Core 1.2.2] - 2025-07-25

Changed

TLD Pricing API:
- Enforced duration parameter validation to align with API specification limits.
- Improved handling of tlds parameter:
  - Invalid or unsupported TLDs are now filtered out from the request.
  - If, after filtering, the tlds list becomes empty, the API will now return a 400 Bad Request response.

[Core 1.3.0] - 2025-08-07

Added

Added the new Zone Check API. Zone Check offers a rapid, preliminary check for domain availability by leveraging cached zone file data.
Added the ability to use Idempotency keys to ensure requests are not reprocessed on the Create Domain and Purchase Privacy APIs.
- Generate a unique ID for your request, (a UUID for example), and add an X-Idempotency-Key header to your requests to enable this feature for your requests.
- If a repeated request is made, the APIs will respond with a X-Idempotent-Replay header, that has a value of 1.
Improved documentation and examples for Domain Create requests. The updated documentation and examples now show how to correctly create an IDN domain via the API.
- IDN domains are domains that use non-ASCII characters

Fixed

The new TLD Pricing API was occasionally omitting some of the parameters marked as required in the responses. This has been fixed.
The Check Availability API now correctly returns a 422 Unprocessable Entity response when all provided domains contain unsupported TLDs, rather than malformed JSON with 2 objects.

Changed

The underlying implementation of the Check Availability API has been reworked to optimize as best as possible for speed.
- No other changes were made to the API, and it should continue to function as it did before, just faster.
Due to changes in ICANN policy regarding the “Company Name” (Organization) field, the related API documentation has been updated to reflect the new policy.
The 429 Rate Limited response has been updated in the OpenApi specification to indicate the message property is optional.

[Core 1.3.1] - 2025-08-25

Fixed

The createDomain API endpoint now returns a 400 Bad Request response instead of 403 Forbidden when a domain registration request fails due to missing or invalid registration requirements.

[Core 1.3.2] - 2025-09-08

Fixed

Transfer API Rate Limiting: Updated the Create Transfer API to support multiple transfer requests. The previous restriction limiting users to one transfer at a time has been removed. The 429 response is now returned for rate limiting scenarios only.
Pricing Error Handling: Added proper 422 Unprocessable Entity responses for internal pricing errors across multiple endpoints:
- Domain Create API now returns 422 when pricing information is temporarily unavailable.
- Domain Renew API now returns 422 when pricing information is temporarily unavailable.
- Domain Get Pricing API now returns 422 when pricing information is temporarily unavailable.
Premium Domain Validation: Enhanced error handling for premium domain operations:
- Domain Create API now provides clearer error messages when purchase price is required for premium domains.
- Domain Renew API now provides clearer error messages when purchase price is required for premium domains.
Domain Get Pricing API: Added missing 400 Bad Request response documentation for invalid parameters or malformed requests.

Changed

Error Response Consistency: Improved error message consistency across domain-related endpoints with more descriptive error details for pricing-related issues.

[Core 1.4.0] - 2025-09-10

Changed

Domain Get Pricing API: When a pricing category is not currently available for a TLD, the corresponding price field will be returned as null instead of returning a 422 error response. This signals that name.com is not currently accepting purchases of that type for the passed TLD.
- Affected fields in the response: purchasePrice, renewalPrice, transferPrice.
- The fields remain required in the response object but may be null.

[Core 1.4.1] - 2025-09-12

Added

Expanded Status Information: The API definition for Transfer resources has been updated. The GET /transfers and GET /transfers/{id} endpoints now include a full list of all possible transfer statuses that may be returned. Previously, this information was only available in the Domain Transfer Status Change webhook.

Changed

Standardized Transfer Statuses: We’ve updated the status field in the GET /transfers and GET /transfers/{id} responses to use snake_case for easier programmatic use. This change aligns the API with the statuses sent by the Domain Transfer Status Change webhook.

Fixed

Create Domain: The Create Domain API was not correctly honoring the account setting for Automatic Advanced Security for new domain purchases. This has been fixed.

[Core 1.5.0] - 2025-09-15

Added

Added the new Download Premium Domain Lists API. This is an account restricted API endpoint, that will allow you to download lists of premium domains.

[Core 1.5.1] - 2025-09-23

Added

New parameters were added to the response for the Get Specific Tld Requirements endpoint. The response now includes hsts status, minDomainLength and minIdnDomainLength.
The API specification for the Subscribe To Notifications API has been updated to include the 409 Conflict response the API was already returning when attempting to subscribe to an event you have already subscribed to. The API was already returning this reponse, it was just missing from the specification.
The API specification for the Zone Check API has been updated to include the errors the API was already returning.

[Core 1.5.2] - 2025-09-23

Added

Enhanced TLD Information: The Domain Info API now returns additional TLD capabilities:
- supportsPrivacy: Indicates whether the TLD supports WHOIS Privacy
- requiresPreDelegation: Indicates whether the TLD requires pre-delegation (domains must be added to name servers before domain creation is completed)

[Core 1.6.0] - 2025-09-24

Changed

Improved Pricing Response Documentation: Updated the TLD Pricing response schema descriptions to clarify that null values for pricing fields indicate unavailability for specific TLD and duration combinations, rather than general TLD unavailability.
Enhanced DNS Record Error Handling: DNS Record Update operations now properly catch database duplicate record entry errors and return a 409 Conflict response instead of a generic server error.

[Core 1.7.0] - 2025-09-25

Added

New webhook: domain.lock.status_change
- Notifies when a domain lock status is added or removed.
- Payload schema uses registryStatuses to reflect current registry statuses after the change.
New APIs for contact verification have been added to the API ecosystem.
- These are account restricted APIs. If you would like to access them, please contact support.
- The new List Unverified Contacts API will allow users to query for a list of contacts that need to complete their ICANN mandated verification process.
- The new Verify Contact API will allow users to verify a contact.

[Core 1.8.0] - 2025-10-02

Added

The Contact model that is used in several places throughout the API has been updated to include the verification status of the contact.
The Create Domain API now returns a 451 Unavailable for Legal Reasons response for cases where domain registration and/or contact creation is restricted due to legal requirements or regulations.
The Create Domain API now returns detailed error messages when contact creation fails during domain registration. Users will now receive specific guidance about missing TLD requirements, invalid contact data, or other validation issues that were previously hidden behind generic error responses.
All webhooks now send the X-NAMECOM-SIGNATURE header. This HMAC signature is intended to allow you to authenticate that webhook requests were actually sent by name.com

Fixed

Contact Verification List: The Contact Verification List endpoint was returning incorrect createDate and verifyBy dates for some contacts.

[Core 1.8.1] - 2025-10-7

Fixed

The Get Specific Tld Requirements documentation was unclear on the expected format for punycode TLDs. The documentation has been updated to clarify that punycode is expected, not URL encoded params.

[Core 1.8.2] - 2025-10-10

Fixed

The Create Domain API now correctly abides privacyEnabled parameter. Previously, the method would override user’s explicit false choice with account default when account default was true. Now correctly uses account default only when user doesn’t specify privacyEnabled parameter.

[Core 1.9.0] - 2025-10-14

Added

The Get Specific TLD Requirements API has been updated to include a new parameter: registryOperator.
Webhook HMAC Header Documentation: The X-NAMECOM-SIGNATURE header is now properly displayed in the API documentation for all webhook endpoints.

Fixed

We fixed an issue where certain required fields were incorrectly being accepted as empty or missing. Request validation now correctly enforces the constraints described in the API documentation.

[Core 1.9.1] - 2025-10-15

Updated

Updated Webhook documentation from 4xx & 5xx to 4XX & 5XX response codes

API Home

Getting Started

v4 To Core API Migration Guide

Core API Overview

FAQ/Troubleshooting

name.com Core API Reference

Core API Changelog

HMAC Signature Verification

​name.com Core API Changelog

​[v4 to Core 1.0] - 2025-05-12

​Changed

​Removed

​Added

​Overall

​[Core 1.0.1] - 2025-06-04

​Fixed

​[Core 1.0.2] - 2025-06-10

​Fixed

​[Core 1.0.3] - 2025-06-17

​Fixed

​[Core 1.0.4] - 2025-06-24

​Fixed

​[Core 1.1.0] - 2025-07-14

​Changed

​[Core 1.2.0] - 2025-07-18

​Added

​Changed

​[Core 1.2.1] - 2025-07-23

​Fixed

​[Core 1.2.2] - 2025-07-25

​Changed

​[Core 1.3.0] - 2025-08-07

​Added

​Fixed

​Changed

​[Core 1.3.1] - 2025-08-25

​Fixed

​[Core 1.3.2] - 2025-09-08

​Fixed

​Changed

​[Core 1.4.0] - 2025-09-10

​Changed

​[Core 1.4.1] - 2025-09-12

​Added

​Changed

​Fixed

​[Core 1.5.0] - 2025-09-15

​Added

​[Core 1.5.1] - 2025-09-23

​Added

​[Core 1.5.2] - 2025-09-23

​Added

​[Core 1.6.0] - 2025-09-24

​Changed

​[Core 1.7.0] - 2025-09-25

​Added

​[Core 1.8.0] - 2025-10-02

​Added

​Fixed

​[Core 1.8.1] - 2025-10-7

​Fixed

​[Core 1.8.2] - 2025-10-10

​Fixed

​[Core 1.9.0] - 2025-10-14

​Added

​Fixed

​[Core 1.9.1] - 2025-10-15

​Updated

name.com Core API Changelog

[v4 to Core 1.0] - 2025-05-12

Changed

Removed

Added

Overall

[Core 1.0.1] - 2025-06-04

Fixed

[Core 1.0.2] - 2025-06-10

Fixed

[Core 1.0.3] - 2025-06-17

Fixed

[Core 1.0.4] - 2025-06-24

Fixed

[Core 1.1.0] - 2025-07-14

Changed

[Core 1.2.0] - 2025-07-18

Added

Changed

[Core 1.2.1] - 2025-07-23

Fixed

[Core 1.2.2] - 2025-07-25

Changed

[Core 1.3.0] - 2025-08-07

Added

Fixed

Changed

[Core 1.3.1] - 2025-08-25

Fixed

[Core 1.3.2] - 2025-09-08

Fixed

Changed

[Core 1.4.0] - 2025-09-10

Changed

[Core 1.4.1] - 2025-09-12

Added

Changed

Fixed

[Core 1.5.0] - 2025-09-15

Added

[Core 1.5.1] - 2025-09-23

Added

[Core 1.5.2] - 2025-09-23

Added

[Core 1.6.0] - 2025-09-24

Changed

[Core 1.7.0] - 2025-09-25

Added

[Core 1.8.0] - 2025-10-02

Added

Fixed

[Core 1.8.1] - 2025-10-7

Fixed

[Core 1.8.2] - 2025-10-10

Fixed

[Core 1.9.0] - 2025-10-14

Added

Fixed

[Core 1.9.1] - 2025-10-15

Updated