Pricing

from $10.00 / 1,000 results

Domain Security Audit API | SSL Expiry, DMARC, Domain Expiry

Summary-first portfolio monitor for SSL expiry, DMARC/SPF/DKIM, domain expiry/ownership, and security headers with remediation-ready outputs.

Pricing

from $10.00 / 1,000 results

Rating

0.0

(0)

Developer

太郎山田

Actor stats

Bookmarked

Total users

Monthly active users

22 minutes ago

Last modified

Store Quickstart

Start with store-input.example.json for the free / starter smallest useful run: 2 domains in, one executive summary + remediation list out in the Apify OUTPUT record (or local output/result.json), plus per-domain dataset rows.
Then pick a template in store-input.templates.json:
- Free / starter lane
  - Starter Quickstart (2 Domains -> Summary + Remediation List) — fastest proof of value with no webhook or reputation key
- Paid expansion lanes
  - Portfolio Watch (Advanced Recurring | SSL, DMARC, Expiry, Headers) — broader scheduled sweeps across managed domains
  - Webhook Remediation Queue (Advanced Delivery) — send the executive summary + alert queue to your own endpoint
  - Renewal Watchlist (Recurring SSL + Domain Expiry) — focus on renewal windows and ownership drift
  - Security Audit + Web Risk (Advanced Add-on) — layer optional Google Web Risk on top

Key Features

🔗 URL-first workflow — Bulk-process thousands of URLs per run with parallel fetching
📊 Structured output — Every URL returns consistent, dataset-ready rows for downstream use
🛡️ Rate-limit aware — Exponential backoff and concurrency throttling keep you off block lists
📡 Webhook delivery — Push results to Slack, Discord, or any HTTP endpoint for real-time alerts
💰 No external APIs — Reads public data — zero API-key costs, zero vendor lock-in

Use Cases

Who	Why
Developers	Automate recurring data fetches without building custom scrapers
Data teams	Pipe structured output into analytics warehouses
Ops teams	Monitor changes via webhook alerts
Product managers	Track competitor/market signals without engineering time

Input

Field	Type	Default	Description
domains	array	prefilled	Free / starter quickstart: begin with 2-3 domains for a fast first success. Paid expansion: grow into larger recurring p
port	integer	`443`	Port used for SSL/TLS expiry and trust checks across the portfolio.
expiryWarningDays	integer	`30`	Flag certificates or domains that expire within this many days.
followRedirects	boolean	`true`	Follow redirects before scoring the final site's security headers.
checkDkim	boolean	`true`	Probe common selectors so the first run catches missing DKIM alongside SPF and DMARC.
dkimSelectors	array	—	Optional DKIM selectors to check instead of the built-in defaults.
delivery	string	`"dataset"`	Free / starter path: dataset keeps the first run low-friction and still writes the full summary to OUTPUT. Paid expansio
webhookUrl	string	—	Advanced delivery only: required when delivery is webhook. The payload includes the executive summary, flattened remedia

Input Example

{
  "domains": [
    "example.com",
    "github.com"
  ],
  "expiryWarningDays": 30,
  "delivery": "dataset",
  "snapshotKey": "domain-security-audit-quickstart",
  "concurrency": 2
}

Output

Field	Type	Description
`meta`	object
`alerts`	array
`results`	array
`alerts[].domain`	string
`alerts[].severity`	string
`alerts[].component`	string
`alerts[].type`	string
`alerts[].message`	string
`alerts[].policy`	null

Output Example

{
  "meta": {
    "executiveSummary": {
      "overallStatus": "attention_needed",
      "brief": "1 of 2 domains needs action. Highest-risk issue: 5 alert(s): DMARC record is missing.",
      "recommendedCadence": "daily",
      "topDomains": [
        {
          "domain": "example.com",
          "severity": "high",
          "trustScore": 41,
          "brief": "5 alert(s): DMARC record is missing."
        }
      ]
    },
    "runProfile": {
      "tier": "starter",
      "label": "Starter first-success path"
    },
    "usageAdvisories": {
      "summary": "1 usage/recovery advisory signal active for this run.",
      "signals": [
        {
          "id": "starter_portfolio_boundary",
          "limit": "3 domains in the starter quickstart"
        }
      ]
    },
    "upgradeSuggestions": [
      {
        "type": "schedule",
        "templateId": "portfolio_watch",
        "cadence": "daily",
        "title": "Promote this baseline to a recurring portfolio watch"
      }
    ],
    "nextWorkflow": {
      "type": "same_actor_template",
      "id": "action_needed_webhook",
      "title": "Next best step: Webhook Remediation Queue"
    }
  },
  "alerts": [
    {
      "domain": "example.com",
      "severity": "high",
      "component": "dns",
      "type": "dmarc_missing_or_weak",
      "message": "DMARC record is missing."
    },
    {
      "domain": "example.com",
      "severity": "high",
      "component": "rdap",
      "type": "domain_expiring_soon",
      "message": "Domain expires in 28 days"
    }
  ],
  "results": [
    {
      "domain": "example.com",
      "severity": "high",
      "recommendedActions": [
        "Publish an enforced DMARC policy (quarantine or reject) with aggregate reporting.",
        "Renew the domain registration before the expiry window closes.",
        "Add the missing critical security headers (HSTS, CSP, X-Content-Type-Options, X-Frame-Options)."
      ]
    }
  ]
}

API Usage

Run this actor programmatically using the Apify API. Replace YOUR_API_TOKEN with your token from Apify Console → Settings → Integrations.

cURL

curl -X POST "https://api.apify.com/v2/acts/taroyamada~domain-trust-monitor/run-sync-get-dataset-items?token=YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{ "domains": [ "example.com", "github.com" ], "expiryWarningDays": 30, "delivery": "dataset", "snapshotKey": "domain-security-audit-quickstart", "concurrency": 2 }'

Python

from apify_client import ApifyClient

client = ApifyClient("YOUR_API_TOKEN")
run = client.actor("taroyamada/domain-trust-monitor").call(run_input={
  "domains": [
    "example.com",
    "github.com"
  ],
  "expiryWarningDays": 30,
  "delivery": "dataset",
  "snapshotKey": "domain-security-audit-quickstart",
  "concurrency": 2
})

for item in client.dataset(run["defaultDatasetId"]).iterate_items():
    print(item)

JavaScript / Node.js

import { ApifyClient } from 'apify-client';

const client = new ApifyClient({ token: 'YOUR_API_TOKEN' });
const run = await client.actor('taroyamada/domain-trust-monitor').call({
  "domains": [
    "example.com",
    "github.com"
  ],
  "expiryWarningDays": 30,
  "delivery": "dataset",
  "snapshotKey": "domain-security-audit-quickstart",
  "concurrency": 2
});

const { items } = await client.dataset(run.defaultDatasetId).listItems();
console.log(items);

Tips & Limitations

Keep concurrency ≤ 5 when auditing production sites to avoid WAF rate-limit triggers.
Use webhook delivery for recurring cron runs — push only deltas to downstream systems.
Enable dryRun for cheap validation before committing to a paid cron schedule.
Results are dataset-first; use Apify API run-sync-get-dataset-items for instant JSON in CI pipelines.
Run a tiny URL count first, review the sample, then scale up — pay-per-event means you only pay for what you use.

FAQ

Is there a rate limit?

Built-in concurrency throttling keeps requests polite. For most public APIs this actor can run 1–10 parallel requests without issues.

What happens when the input URL is unreachable?

The actor records an error row with the failure reason — successful URLs keep processing.

Can I schedule recurring runs?

Yes — use Apify Schedules to run this actor on a cron (hourly, daily, weekly). Combine with webhook delivery for change alerts.

Does this actor respect robots.txt?

Yes — requests use a standard User-Agent and honor site rate limits. For aggressive audits, set a higher concurrency only on your own properties.

Can I integrate with Google Sheets or Airtable?

Use webhook delivery with a Zapier/Make/n8n catcher, or call the Apify REST API from Apps Script / Airtable automations.

URL/Link Tools cluster — explore related Apify tools:

🔗 URL Health Checker — Bulk-check HTTP status codes, redirects, SSL validity, and response times for thousands of URLs.
🔗 Broken Link Checker — Crawl websites to find broken links, 404 errors, and dead URLs.
🔗 URL Unshortener — Expand bit.
🏷️ Meta Tag Analyzer — Analyze meta tags, Open Graph, Twitter Cards, JSON-LD, and hreflang for any URL.
📚 Wayback Machine Checker — Check if URLs are archived on the Wayback Machine and find closest snapshots by date.
Sitemap Analyzer API | sitemap.xml SEO Audit — Analyze sitemap.
Schema.org Validator API | JSON-LD + Microdata — Validate JSON-LD and Microdata across multiple pages, score markup quality, and flag missing or malformed Schema.
Site Governance Monitor | Robots, Sitemap & Schema — Recurring robots.
RDAP Domain Monitor API | Ownership + Expiry — Monitor domain registration data via RDAP and track expiry, registrar, nameserver, and ownership changes in structured rows.

Cost

Pay Per Event:

actor-start: $0.01 (flat fee per run)
dataset-item: $0.003 per output item

Example: 1,000 items = $0.01 + (1,000 × $0.003) = $3.01

No subscription required — you only pay for what you use.

RDAP Domain Monitor API | Ownership + Expiry

taroyamada/rdap-domain-monitor

Monitor domain registration data via RDAP and track expiry, registrar, nameserver, and ownership changes in structured rows.

太郎山田

Supernet WHOIS Lookup

superlativetech/supernet-whois-lookup

WHOIS domain registration data for any domain. Registrar, expiry dates, domain age, registrant, nameservers, DNSSEC. Domain ownership enrichment for lead scoring, expiry monitoring, fraud detection, and due diligence. Batch thousands or query one instantly via Standby API.

Superlative

🔒 SSL Certificate Checker — Bulk Expiry Monitor

nexgendata/ssl-certificate-checker

Monitor SSL certificate expiry dates, issuers & security configs across all your domains. Get alerts before certs expire. Bulk scanning for agencies & enterprises. Pay per check.

Stephan Corbeil

DNS / SPF / DKIM / DMARC Audit API

taroyamada/dns-dmarc-security-checker

Audit SPF, DKIM, DMARC, and MX in bulk with grades, fix-ready recommendations, and recurring email-security monitoring.

太郎山田

SSL Certificate Monitor API | Expiry + Issuer Changes

taroyamada/ssl-certificate-monitor

Check SSL/TLS certificates in bulk, detect expiry and issuer changes, and emit alert-ready rows for ops and SEO teams.

太郎山田

Domain Lookup

greip/domain-lookup

Lookup and analyze domain names and retrieve detailed information including security status, email authentication records (SPF, DMARC, DKIM, MX, BIMI), creation date, and risk assessment. Perfect for domain verification, fraud prevention, and security analysis.

Greip

Domain Intelligence Scraper

benthepythondev/domain-intelligence-scraper

Extract domain registration data including age, expiry dates, registrar, nameservers, and DNSSEC status using free RDAP/WHOIS APIs. Perfect for SEO, lead generation, and security research

ben

WHOIS Domain Lookup — Registrar, Expiry & DNSSEC

ryanclinton/whois-domain-lookup

Look up WHOIS and RDAP registration data for any domain in bulk. Get registrar details, creation and expiry dates, nameservers, domain age, registrant info, DNSSEC status, and EPP status codes -- all without needing any API key.

ryan clinton

DNS Lookup | Scrape Domain Records & Security Intelligence

datascoutapi/dns-lookup

DNS lookup scrapes 22 data points including 10 DNS records (A, AAAA, MX, TXT, NS, CNAME, SOA, SRV, PTR, CAA) + email security analysis ( SPF/DKIM/DMARC), SSL certificate checker, domain monitoring. Processes 100 domains per batch with security scoring.

halam

DNS Record Lookup — MX, SPF, DMARC & Email Security Checks

ryanclinton/dns-record-lookup

Look up DNS records for any domain in bulk -- A, AAAA, MX, NS, TXT, CNAME, and SOA -- with built-in email security analysis for SPF, DMARC, and DKIM. Process hundreds of domains in parallel, get structured JSON output, and integrate results into any pipeline via the Apify API.

ryan clinton