I'm just looking through the eNom API and I've noticed that everything is done through HTTP GET calls to the enom site, including sending your reseller id and password. How is this secure? Couldn't anyone intercept your reseller id and password during one of those calls and login to your account?

I'm sure I must be missing something since so many people use this system so I'd love for someone to set me straight on this.

Thanks,
Aral

I'm sure I must be missing something since so many people use this system Never assume that if "so many use something" it must be good. There is plenty of popular software out there that should die an evil death...

No I didn't say anything about MS or Outlook or PC Charge or IE or .... well anyway I didn't say anything about any of that so don't sue me!

lol, Deb, you're right and I completely agree with everything that you haven't said :)

Would you group enom with those-that-shall-not-be-mentioned?

I have not personally used enom so my comment was more general in nature.

There! Now they can't sue me either :stickout

The other option is to use the com file.

Adam

ooops! I posted to the wrong thread.

Does it use HTTP or HTTPS?

yes, it's unsafe if you use HTTP, but you can also switch to HTTPS.... Enom offers both protocols for reseller API ;)

Thanks for all your responses! I didn't know eNom offered https -- no problem then... they really should have better documentation :)

try

telnet reseller.enom.com 80

and then

telnet reseller.enom.com 443

443 port is open :) So I am assuming they support it:)

Right I am in the right thread this time (I think). ffeingol alerted me to the fact that enom now have a massive pdf file for the API documentation online. I am about to go dl it myself because I am going to do this damned domain name sale site I've been sitting on for the last six months :stickout

I did post a similar question a while back in the domain names forum. Some good person pointed out to me that for a secure connection to the API you use https:// and you POST the data rather than send it in the query string ala GET.

Having fiddled around with PDQ, register rocket, et al. working out what I wanted to do, it is my general observation that the way enom writes their scripts, you can send the data either using GET or POST methods - they both work.

:)

Do Namecheap and Registerfly use their custom built application? Are they communicate directly with enom or there is some kind of manual interaction? Anyone know this?

Originally posted by zoli
Do Namecheap and Registerfly use their custom built application? Are they communicate directly with enom or there is some kind of manual interaction? Anyone know this?

they are using API thru http/https I believe...

Thanks Apollo, anyone have something already implemented?
Apollo, I just found 2 great domain names today through your deleteddomains.com site. What do you think about these names? They are obviously domain registration related:

nameneed.com
nameall.com

Are they worth something?

unfortunately, I do not own deleteddomains, I own the one with one d...

Probably not much....thought...

Enom uses SSL , you have to do a post to their API or turn on SSL in the com object they have for download or implement your own SSL with openSSL. Anybody who is sending login or password should use SSL.

Swede

Hey Swede,

Thanks. The problem is with their documentation. The PDF API docs mentioned in the thread make no mention of access and the one document that does, the information on writing your own client that came with the same PHP application, states that you can only access the eNom interface via GET (and, of course, no mention is made of HTTPS or POST.)

They should really update their docs!

Aral