R RestEpp

RFC 5730 · REST + OpenAPI

REST for EPP. Any registry, one API.

RestEpp wraps the EPP domain registry protocol in clean REST + JSON. Check, register, and manage domains with a single curl call — no raw XML, no socket state machine.

Try it — live availability check

NIRA sandbox
Type a domain and press Check — this hits the live sandbox via GET /v1/domains/{domain}/availability.

Same operation, radically less code

Raw EPP means hand-built XML over a stateful TLS socket. RestEpp is one HTTP call.

Before — raw EPP ~40 lines, stateful
<?xml version="1.0" encoding="UTF-8"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
  <command>
    <login>
      <clID>your-registrar-id</clID>
      <pw>••••••••</pw>
      <svcs>
        <objURI>urn:ietf:params:xml:ns:domain-1.0</objURI>
        <objURI>urn:ietf:params:xml:ns:contact-1.0</objURI>
        <objURI>urn:ietf:params:xml:ns:host-1.0</objURI>
      </svcs>
    </login>
    <clTRID>abc-tx-1</clTRID>
  </command>
</epp>

// ...open a TLS socket, frame the message, wait for the
// reply, parse XML, THEN send a second <check> frame,
// wait, parse again — before you even know if it's free.
curl https://api.restepp.dev/v1/domains/example.com.ng/availability \
  -H "Authorization: Bearer re_live_..."

# { "domain": "example.com.ng", "available": true }
import { RestEpp } from "@restepp/client"; // generated from openapi.yaml

const client = new RestEpp({ apiKey: process.env.RESTEPP_KEY });
const { available } = await client.domains.availability("example.com.ng");
import requests

r = requests.get(
    "https://api.restepp.dev/v1/domains/example.com.ng/availability",
    headers={"Authorization": "Bearer re_live_..."},
)
print(r.json())

Everything EPP, none of the pain

One API surface for domains, contacts, hosts, and transfers — built on the same RFC 5730 primitives registries already speak.

OpenAPI-first

Every endpoint is generated from a single OpenAPI 3 spec — typed clients, validated requests/responses, and a live reference in sync with the server.

Credentials never stored

Your registry username and password are encoded into your API key with AES-256-GCM and decrypted per-request. We never persist them.

Warm-pool performance

A per-credential connection pool keeps EPP sockets alive across requests — one round trip instead of four (connect, login, command, and back).

Audit logging

Every billable call emits a structured audit record (requestId, keyId, credHash, outcome, latency) — filterable in your log pipeline.

Bring your own registry

Point RestEpp at any RFC 5730-compliant registry host. Not locked to a single TLD operator.

Generic EPP (RFC 5730)

Domains, contacts, hosts, transfers, and polling — the full command set, mapped to REST verbs and JSON.

RestEpp vs. the alternatives

An honest comparison — no strawmen. Raw EPP libraries and registrar reseller APIs both have their place.

  RestEpp Raw EPP libraries Registrar reseller APIs
Integration effort One REST call, typed clients from OpenAPI Hand-roll XML + TLS socket state machine Vendor-specific SDK per reseller
Transport REST / JSON over HTTPS Raw XML over persistent TLS sockets REST or SOAP, varies by vendor
Typed clients Generated from OpenAPI (TS, curl, more) None — you write your own XML mapping Sometimes, vendor-maintained
Credential storage Encoded into your key, never stored server-side You manage registry creds yourself Stored by the reseller
Multi-registry Any RFC 5730 registry, bring your own host Whatever you implement Locked to the reseller's supported registries
Session / connection handling Warm-pooled per credential, reused across calls You manage login/keepalive/reconnect Abstracted, but opaque
Audit / observability Structured audit log per billable call Whatever you build Varies, often minimal
Pricing model Free tier, flat annual Pro Cost of registry access only Markup per operation or per domain

How it works

1

Mint a key

Give RestEpp your registry credentials once. We validate them live, encode them into your key, and never store them.

2

Call REST

Send JSON over HTTPS to api.restepp.dev — no XML, no socket management.

3

We speak EPP

RestEpp translates your call to EPP over a warm, pooled connection to the registry and maps the reply back to JSON.

Your app RestEpp Registry (EPP)

Your registry password never touches our database.

API keys are minted with AES-256-GCM: your credential is encoded into the key itself, tamper-evident and decrypted per-request. Revoke a key and the credential is gone with it — read the key-design writeup.

Simple, predictable pricing

Free to start. One flat price for Pro. No per-operation markup.

Free

$0 /mo

For testing and low-volume integrations.

  • 10,000 API calls / month
  • All EPP operations
  • One registry credential per key
  • Community support
Get started
Most popular

Pro

$49 /yr

For production registrars and integrators.

  • Unlimited API calls
  • All EPP operations
  • Unlimited API keys
  • Usage analytics + audit log access
  • Email support
Get started

Enterprise

Contact us

For high-volume or custom-registry needs.

  • Volume pricing
  • Dedicated support
  • Custom registry onboarding
  • SLA
Contact sales

From the blog

Ship your registry integration this week

Free for the first 10,000 calls a month. No credit card required.

Get started free