Public API
Get a domain check as pure JSON—no API key, no signup. We call it porcelain (after git --porcelain): machine-readable, stable output for scripts, CI, and automation.
Endpoint
GET request with a single query parameter:
https://httpsornot.com/api/porcelain?domain=<domain>Replace <domain> with the hostname to check (e.g. example.com). No https:// needed—we normalize it. The same endpoint is also available at /api/public/check?domain=....
Rate limit
30 requests per hour per IP on this public endpoint. No API key required. Responses may include RateLimit-* headers. If you exceed the limit, you’ll get 429 Too Many Requests.
OpenAPI specification
The OpenAPI file is a standard machine-readable description of this API: paths, parameters, response shapes, and errors. Tools like Postman, Insomnia, or codegen can import the JSON so you don’t have to guess fields. It also gives developers confidence that the contract is explicit—not only prose on a web page.
- Download
openapi.json(GET /api/openapi.json) - Open in Swagger Editor (loads the spec from this site)
Example
Run in your terminal:
curl "https://httpsornot.com/api/porcelain?domain=example.com"
Response is JSON: domain, httpRedirects, httpsWorks, sslCertificate, sslGrade, securityHeaders, redirectChain, checkedAt, and more. Same structure as the main checker.
CORS
Access-Control-Allow-Origin: * is set so you can call the API from browser scripts or other origins.
For bulk checks or higher limits, use the main tool on the homepage.