PHP library for the Epik API

[7363824]

Hey everyone,

I am working on a PHP library to interface with the Epik API. I am planning to release my work on Github. There are a lot of different methods available in Epik's API and I don't expect to have all of them implemented on initial release, so what features would you actually want and use so I can focus on those first?

Update: initial release is here, and yes it supports Composer just require "x7media\epik-api".

https://github.com/x7media/epik-api

 

[7363824]

I see that domain push via api between 2 epik accounts is not available.
Although ,it is pretty stratight forward to do...


All I see, you have a POST to https://registrar.epik.com/domain/my-domains-transfers-dialog that is used to get the email of the account that you want to push a domain to and then afterwards another POST to https://registrar.epik.com/domain/transfer-ownership with the id of the domain and email.

I guess you can hack your way into even if official API is not there

Then you'd also have to authenticate using your username and password to do so. I would stay away from that personally.

I got some progress, I can send requests for some basic domain management, marketplace listing management, checking pricing, initiating and getting status of transfers implemented.

But it still just returns the raw response from the api so I want to cleanup my response and error handling then I think it'll be at a point to make an initial release.

@Sufyan Alani Any chance of getting a cheatsheet of possible errors the api may respond with?

 

[cipcip]

Then you'd also have to authenticate using your username and password to do so. I would stay away from that personally.

You know that in the header of an API request you can also take the cookie and use it in any type of program like Postman for example, or if you are using firefox, directly from the browser right ?!

So simple regular auth, is not a 100% bullet proof solution.

Thanks,
Cristian

 

[Save Breach]

I guess you can hack your way into even if official API is not there
Although this can be considered a security flaw as it does not require any type of signature or auth. As long as you know the domain id, you can push. Haven't tested the solution, but this should be it.

@Rob Monster

Nope, its not a security issue. Simply because there's proper access control between domains which you don't own, so, you need the auth cookie (or, effectively compromise their account, in which scenario) for carrying out the transfer. Tested it out

 

[Save Breach]

Off-Topic: I did find something different while playing around, not sure if its a security issue, but apparently, its possible to extract any (Epik) domain ID, if you know the domain name... (haven't fully tested it, but will try to make a PoC) if @Rob Monster considers that a security issue, I can report it to them

 

[Sufyan Alani]

Then you'd also have to authenticate using your username and password to do so. I would stay away from that personally.

I got some progress, I can send requests for some basic domain management, marketplace listing management, checking pricing, initiating and getting status of transfers implemented.

But it still just returns the raw response from the api so I want to cleanup my response and error handling then I think it'll be at a point to make an initial release.

@Sufyan Alani Any chance of getting a cheatsheet of possible errors the api may respond with?

I'll see if there such a cheat sheet in hand, and pass it over to you if available.

 

[7363824]

Just an update for everyone, It seems to be stable and in a releasable state, I am just putting together some markdown docs to show how to use it and will probably have it released tomorrow if not tonight.

The current version supports:

Checking availability of a domain
Enabling and disabling AutoRenew
Obtaining the AuthCode
Showing the details of a domain name
Listing the domain names in your account
Locking and unlocking a domain
Renewing a domain
Initiating a transfer
Getting the status of a transfer
Viewing marketplace status for a domain
Adding/Editing a marketplace listing
Removing a marketplace listing
Getting all prices
Getting prices for a specific TLD

 

[cipcip]

Just an update for everyone, It seems to be stable and in a releasable state, I am just putting together some markdown docs to show how to use it and will probably have it released tomorrow if not tonight.

The current version supports:

Checking availability of a domain
Enabling and disabling AutoRenew
Obtaining the AuthCode
Showing the details of a domain name
Listing the domain names in your account
Locking and unlocking a domain
Renewing a domain
Initiating a transfer
Getting the status of a transfer
Viewing marketplace status for a domain
Adding/Editing a marketplace listing
Removing a marketplace listing
Getting all prices
Getting prices for a specific TLD

Seems like you had a lot of time today to work on this :D

Thank you,
Cristian

 

[7363824]

https://github.com/x7media/epik-api

 

[7363824]

Just update this library it now also includes:

Restarting a stalled transfer (shoutout to Epik's great support for helping to get that working)
Redeeming a domain in the Redemption Grace Period
Purchasing a domain from the Epik Marketplace
Registering a new domain
Getting and Setting NameServers
Management of DNS Host Records for those using Epik's DNS

While I try to test each new method before release because there is no test environment for the Epik API I can only test against my real account, so I have not tested making a purchase from the marketplace or redeeming a domain. So if you get a chance to use either of those I'd suggest manually checking that it was completed until others can confirm they are working as expected.

It should only take 1 or 2 more releases to get the rest of the functionality from the API included.

 

[7363824]

Agree, regarding offering external domains. Let me see if this is doable. No promises, but I'll check for you (fingers crossed).

I just took a quick look at it, and yes, I see "GET auth code" is there.

I'll check the possibility of adding that account-to-account push (probably based on using auth-code as well), and get back to you!

@Sufyan Alani Just curious if you have any word on these? I am particularly interested in the push for my own use so I could automate delivery of a domain upon purchase from my own site.