API

API reference

Authentication, resource groups, streaming, and the conventions every DomainRadar endpoint follows.

Not verified yet

Everything the dashboard does goes through this API — base URL https://domainradar.api.norcube.com/app/v1.

The authoritative endpoint reference is the live Swagger UI served at /swagger/ on the DomainRadar service host.

Endpoint paths can change. Treat the Swagger spec as the source of truth; this page documents conventions.

Authentication

Authorization: Bearer <JWT>

Short-lived org-scoped session tokens with the DomainRadar audience, minted via the auth service — see Platform → Tokens. Long-lived API keys are coming soon (the dashboard already shows the placeholder page); today all API access is session-token based.

Resource groups

  • CheckPOST /check for a single domain: domain, mode (bloom | verified | info | full), optional maxAge (a Go duration like "24h" — the cache tolerance).
  • Bulk checks — create (POST /check/bulk with domains[], mode, maxAge), list, detail, cancel, delete; results via cursor-paginated GET .../results (filters: search, available, tld), CSV via GET .../export (same filters), and live streaming via GET .../stream.
  • Saved domains — save (domain, optional notes), unsave, and a richly filterable list (search, TLDs, availability, registrar, expiry date range, several sort orders).
  • Name generator — create jobs (description, category, style, maxLength, size), list/detail/delete, list a job's names (search/length filters), and POST .../check to fan selected names[] × tlds[] into a bulk check.
  • Brand Monitor — watcher CRUD (keyword, allowlist, notification email, min score, AI check, enabled), hits listing org-wide or per watcher (filters: watchers, score range, search), single-hit detail.

Streaming bulk results

curl -N -H "Authorization: Bearer $TOKEN" \
  "https://domainradar.api.norcube.com/app/v1/check/bulk/{id}/stream"

The response is Server-Sent Events: each data: event carries one domain-check result as JSON (the same shape the results endpoint returns), and a final done event closes the stream when the job reaches a terminal state. Subscribing mid-job is fine — the stream replays what already resolved, then continues live.

Conventions

  • Pagination is cursor-based: limit + cursor in, a next cursor out. Page-size caps vary by endpoint (lists 100, results/names 1000).
  • Async jobs (bulk checks, name generation) return 202 Accepted with the job object immediately; poll or stream for progress.
  • 404 means "not found or not yours" — cross-organization resources are indistinguishable from nonexistent ones by design.
  • Errors share the platform shape:
{
  "type": "VALIDATION_FAILED",
  "msg": "see fields",
  "fields": { "domain": "must contain a dot" },
  "timestamp": "2026-07-10T12:00:00Z"
}

Codes, rate limits, and the billing gate: Limits and errors.

On this page