Public API

Get a domain check as pure JSON—no API key, no signup. We call it porcelain (after git --porcelain): machine-readable, stable output for scripts, CI, and automation.

Endpoint

GET request with a single query parameter:

https://httpsornot.com/api/porcelain?domain=<domain>

Replace <domain> with the hostname to check (e.g. example.com). No https:// needed—we normalize it. The same endpoint is also available at /api/public/check?domain=....

Rate limit

30 requests per hour per IP on this public endpoint. No API key required. Responses may include RateLimit-* headers. If you exceed the limit, you’ll get 429 Too Many Requests.

OpenAPI specification

The OpenAPI file is a standard machine-readable description of this API: paths, parameters, response shapes, and errors. Tools like Postman, Insomnia, or codegen can import the JSON so you don’t have to guess fields. It also gives developers confidence that the contract is explicit—not only prose on a web page.

Example

Run in your terminal:

curl "https://httpsornot.com/api/porcelain?domain=example.com"

Response is JSON: domain, httpRedirects, httpsWorks, sslCertificate, sslGrade, securityHeaders, redirectChain, checkedAt, and more. Same structure as the main checker.

CORS

Access-Control-Allow-Origin: * is set so you can call the API from browser scripts or other origins.

For bulk checks or higher limits, use the main tool on the homepage.