Registration Data Access Protocol

The Registration Data Access Protocol (RDAP) is a computer network communications protocol standardized by a working group at the Internet Engineering Task Force in 2015, after experimental developments and thorough discussions. It is a successor to the WHOIS protocol, used to look up relevant registration data from such Internet resources as domain names, IP addresses, and autonomous system numbers.

While WHOIS essentially retrieves free text, RDAP delivers data in a standard, machine-readable JSON format. In order to accomplish this goal, the output of all operative WHOIS servers was analyzed, taking a census of the labels they used. RDAP designers, many of whom are members of number or name registries, strove to keep the protocol as simple as possible, since complexity was considered one of the reasons why previous attempts, such as CRISP, failed. RDAP is based on RESTful web services, so that error codes, user identification, authentication, and access control can be delivered through HTTP.

The biggest delay in getting RDAP done turned out to be the bootstrap, figuring out where the server is for each top level domain, IP range, or ASN range. IANA agreed to host the bootstrap information in suitable registries, and publish it at a well-known location URLs in JSON format. Those registries started empty and will be gradually populated as registrants of domains and address spaces provide RDAP server information to IANA. For number registries, ARIN set up a public RDAP service which also features a bootstrap URL, similar to what they do for WHOIS. For name registries, ICANN requires RDAP compliance since 2013.

Number resources
RDAP databases for assigned IP numbers are maintained by five Regional Internet registries. ARIN maintains a bootstrap database. Thanks to the standard document format, tasks such as, for example, getting the abuse team address of a given IP number can be accomplished in a fully automated manner.

Name resources
RDAP databases for registered names are maintained after ICANN agreement. Name resources are much slower, as the number of registries under ICANN is huge. In addition, as the GDPR became enforceable, in May 2018, the problem of personal data divulged via WHOIS or RDAP slowed adoption further. To solve the conflict between GDPR and ICANN policies ICANN published a temporary specification according to which all contact details need to be redacted for privacy reasons if they fall under the GDPR, unless the contact explicitly allows publication. This includes email addresses, however the registrar has to offer an anonymized email address or a web form to allow forwarding of information to contacts. The registry RDAP/WHOIS response has to contain a notice that these options to contact the contacts are only available in the registrar RDAP/WHOIS.

To keep RDAP information accurate, registrars have to send a yearly Whois Data Reminder Policy (WDRP) notice to the registrant contact. This is commonly done via email containing all the RDAP information the registrar has and asking the registrant to update it immediately if it is incorrect, while at the same time reminding the registrant that incorrect RDAP information can lead to the deletion of the domain name. Additionally each registrar has to offer an abuse contact and after being informed about incorrect RDAP information has to make sure that it is corrected quickly or suspend the domain.

WHOIS Replacement
On January 19, 2023 ICANN opened voting on a global amendment to all its registry and registrar agreements. In it they defined a RDAP Ramp-Up Period of 180 days starting with the effectiveness of this amendment. 360 days after this period is defined as the WHOIS Services Sunset Date, after which it is not a requirement for registries and registrars to offer a WHOIS service and instead only a RDAP service is required. All voting thresholds were met within the 60 day voting period and the amendment will be submitted to the ICANN Board for approval and implementation.

Extensions
The RDAP protocol allows for extensions and IANA is maintaining a list of known RDAP extensions. Some of these extensions are RFCs like sorting and paging, others are just for specific TLDs.

Related Standards
Additionally ICANN has created 2 standards that need to be implemented by gTLD registries and registrars to have common output formats and require the implementation of some extensions.
 * STD 95
 * , HTTP Usage in the Registration Data Access Protocol (RDAP)
 * , Security Services for the Registration Data Access Protocol (RDAP)
 * , Extensible Provisioning Protocol (EPP) and Registration Data Access Protocol (RDAP) Status Mapping
 * , Registration Data Access Protocol (RDAP) Query Format
 * , JSON Responses for the Registration Data Access Protocol (RDAP)
 * , Finding the Authoritative Registration Data Access Protocol (RDAP) Service

Extensions

 * , Registration Data Access Protocol (RDAP) Query Parameters for Result Sorting and Paging
 * , Registration Data Access Protocol (RDAP) Object Tagging
 * , Registration Data Access Protocol (RDAP) Partial Response
 * , Redacted Fields in the Registration Data Access Protocol (RDAP) Response