What is RDAP?

The RDAP updates this data access process by introducing new technical features and specific access control options, which better protect users’ personal data and ensure better interoperability.

Historically, the WHOIS protocol has been the primary tool for accessing registration data for domains, server IP addresses, and other digital resources. Although widespread, this protocol is old and not designed to meet modern data security needs.
It works by returning all record data indiscriminately, without encryption, and often without regard for the privacy of certain items.
This can cause problems because the information displayed may include sensitive personal data.
The RDAP is positioned as the successor to WHOIS as a protocol for accessing registration information. It allows for better management of registration data according to the person making the request and provides more selective access control to any sensitive info. This protocol introduces several major advantages: 

• Increased security: RDAP uses HTTPS protocol to encrypt the information transmitted, unlike WHOIS, which relies on unsecure connections;
• Standardization and structure: RDAP responses are provided in JSON, a readable and easily integrable format for modern systems;
• Access control and compliance: the RDAP enables domain name registries or structures such as ICANN to adapt the elements displayed according to the rights of the client, thus meeting legal obligations in terms of privacy protection.

As such, the RDAP responds to modern security challenges by providing a structure for controlled access to registration information, all in a unified way that is understandable to the machines.

There are several reasons why the RDAP was created to replace WHOIS, particularly because of the many security and compliance issues involved.

— Respect for confidentiality: with the implementation of regulations such as the GDPR, it has become essential to protect personal information and restrict its access.
— Data uniformity: Whois suffers from lack of uniformity. Each registry and domain name registrar uses different formats and fields for the information. RDAP, on the other hand, imposes a standardized format (JSON), making it easier to integrate it into external systems.
— Connection security: RDAP requires the use of HTTPS to ensure connection security, which protects the transmitted elements against interception and modification. This encryption is essential to guarantee the security of exchanges between RDAP servers and internet users.
In response to the limitations of WHOIS and data security requirements, the IETF has developed the RDAP to provide a more secure solution that can be adapted to the needs of different stakeholders, while complying with applicable laws.

How does RDAP work?

RDAP works through HTTP(S) requests, which return information in JavaScript Object Notation (JSON) format. It is both human-readable and easily operated by servers, making it easy to integrate data into automated systems.

The process of accessing via RDAP involves several key steps:

— HTTP(S) request: A user, such as a browser or application, sends an HTTP or HTTPS request to the RDAP server that holds the registration information;
— Return data in JSON: The data is returned in a standardized JSON format, allowing systems to easily integrate it. Depending on the client’s authentication and authorization, some sensitive information may be hidden;
— Data filtering: RDAP servers can apply filters to restrict the display of certain items to the client without specific rights, which is an improvement over Whois. You can choose which information is displayed.

Thanks to this process, the RDAP service ensures better data security by offering flexible and secure access for different categories of users, while facilitating the transmission of information. They also benefit from an improved search experience, as ODAP provides more structured navigation, with fields and data ordered according to context.

Access to information has yet to be defined

Despite its progress, the PDAR has not yet achieved full uniformity in terms of data access and the implementation of global standards. This is partly due to differences in security laws between countries. The IETF and ICANN are still working on harmonizing access practices in order to better adapt to the various legislations.

In addition, registrars and domain name registries still need to adapt their systems to fully integrate the latest version of the RDAP (version 2024 versus the current version 2019) and its access control features. To ensure adequate access while protecting personal information, discussions are underway to establish clear guidelines for implementing this protocol.

The worldwide roll-out of the RDAP also required coordination efforts between regulatory authorities, registrars and end users to establish clear rules on access to registration data. The new version of the PDAR came into force on January 28, 2025. The definition of these rules should strike a balance between security needs, transparency and legal constraints. A confidential solution could then be offered, while ensuring access to the necessary information for some authorized entities.

The RDAP follows specific rules (RFCs) that ensure continuity in data readability:

· RFC 7480: Use of HTTP in the Recording Data Access Protocol (RDAP);

· RFC 7481: security services for the Registration Data Access Protocol (RDAP);

· RFC 7482: Record Data Access Protocol (RDAP) query format;

· RFC 7483: JSON responses for Registration Data Access Protocol (RDAP);

· RFC 7484: Search for the authorized Recording Data Access Service (RDAP);

· RFC 7485: Inventory and analyze Whois registration objects.

RDAP is a major step forward in web resource management, offering a secure, WHOIS-compliant alternative. Its implementation is part of a dynamic to protect privacy, optimize data interoperability and modernize systems for accessing registration information.

Who can access the information via RDAP?

The RDAP is accessible to all, but it has access control that allows authorized entities (Law Enforcement Authorities or LEAs) to access more detailed data, while limiting standard users’ access to only the necessary information.

The RDAP offers significant advantages over the initial WHOIS form, particularly in terms of security, legal compliance and ease of integration for different players in the domain name sector.
For registrars and domain name registries, the RDAP simplifies the management of registration information. This helps prevent privacy breaches and facilitates compliance, reducing legal risks.
Cybersecurity authorities and organizations also benefit from more targeted and secure access to information critical to their investigations. Thanks to RDAP’s filtering and security protocol, they can access relevant data without exposing unnecessary information. The ability to obtain structured information in JSON also facilitates automated analysis and integration with their own system and servers, optimizing the efficiency of search and standby operations.
End users benefit from a more secure and structured interface, which limits access to non-essential information and protects the privacy of domain owners. It is possible to view basic data without access to sensitive personal details, making the process more privacy-friendly.
In short, the RDAP allows each player to access relevant data according to their profile and needs, while ensuring the security and confidentiality of registration information.

Why does RDAP replace WHOIS?

The RDAP was created to meet WHOIS limitations in terms of security, privacy and data format. This includes better access management, a JSON structure, and increased regulatory compatibility, such as the GDPR.

How does RDAP improve security?

RDAP uses HTTPS protocol to encrypt transmitted elements, unlike WHOIS, which works without security.

What are the main differences between RDAP and WHOIS?

The RDAP offers secure connections (HTTPS), structured JSON responses and better compliance with laws. WHOIS, on the other hand, is more vulnerable to security breaches and does not offer access restrictions.

How does access control work in RDAP?

Access control in RDAP is based on user rights. Unauthenticated users have access to limited information, while authenticated users, such as authorities, can access more complete data based on their permissions.