Product · API · Data

Changelog

Every update, fix, and new feature shipped to MarketXY — platform, API, and data. Updated with every release.

Latest Release
v2.4.1
April 14, 2026
2 NEW3 FIX1 IMPROVE
2026
v2.4.1April 14, 2026LatestStable
new
Abuse score field on IP Lookup responses
IP Lookup responses now include an abuse_score field (0–100) sourced from AbuseIPDB, refreshed every 24 hours. Available on all plans.
GET /ip/{address}
new
Subdomain cursor-based pagination
Subdomain endpoints now support cursor-based pagination for domains with 10,000+ subdomains, replacing the previous offset-based approach which was unreliable at scale.
GET /domain/{domain}/subdomains
fix
WHOIS timezone offset corrected for ccTLD domains
Fixed expires_at and created_at returning incorrect timezone offsets for ccTLD domains (.de, .uk, .fr, .nl). All dates now consistently returned as UTC.
GET /whois/{domain}
fix
Bulk endpoint 429 rate limit not returning Retry-After header
Rate-limited bulk requests now correctly include the Retry-After header with the number of seconds until the rate limit resets.
POST /domain/bulk
improve
Scam detection response time reduced by 38%
Blacklist aggregation pipeline optimisation reduced median scam detection response time from 340ms to 210ms. 99th percentile improved from 1.2s to 780ms.
GET /domain/{domain}/score
v2.4.0March 12, 2026Stable
new
Company Intelligence endpoints
Two new endpoints for company domain portfolio mapping. Look up any company by name and retrieve all associated domains, IP ranges, and SSL certificates. Available on Pro and Enterprise plans.
GET /company/{name}GET /company/{name}/domains
new
Webhook notifications for domain events
Subscribe to real-time HTTP callbacks for domain events: status_change, expiry_alert, blacklist_added, blacklist_removed, and registrant_change.
Dashboard → Webhooks
new
ASN reverse lookup — domains by ASN
New endpoint returns all domains hosted on a given Autonomous System Number. Useful for mapping cloud provider footprints and threat actor infrastructure.
GET /asn/{asn}/domains
security
API key scope restrictions now enforced
API keys can now be scoped to specific endpoint groups (domain, whois, ip, bulk). Requests to endpoints outside a key's scope now return 403 instead of 200. Update your key scopes in the dashboard.
Dashboard → API Keys
v2.3.0January 15, 2026Breaking
breaking
WHOIS date fields renamed to ISO 8601 standard
Date fields renamed for consistency: created → created_at, expires → expires_at, updated → updated_at. Old field names removed. Update your field references before upgrading.
GET /whois/{domain}
new
Domain score breakdown endpoint
New endpoint returns individual score components: SSL validity, blacklist status, domain age, SEO health, content quality, and risk score — each as a separate 0–10 value.
GET /domain/{domain}/score
new
NRD (Newly Registered Domain) monitoring feed
Real-time feed of newly registered domains, updated every 15 minutes. Filter by TLD, country, registrar, or keyword. Available on Enterprise plans.
GET /nrd/feed
2025
v2.2.0October 3, 2025Stable
new
SSL certificate full chain endpoint
Returns the complete SSL certificate chain including leaf certificate, intermediates, issuer, SANs, validity period, and cipher suite. Supports historical certificate lookup.
GET /domain/{domain}/ssl
improve
Expanded blacklist coverage — 3 new feeds added
Added URLhaus, Phishing Army, and OpenPhish Premium to the blacklist aggregation pipeline. Total blacklist sources now: 13. Scam detection coverage improved by ~18%.
GET /domain/{domain}/score
fix
DNS MX records returning duplicate entries
Fixed a deduplication bug causing MX record responses to include the same mail server multiple times when a domain used both IPv4 and IPv6 MX records.
GET /dns/{domain}
v2.1.0July 22, 2025Stable
new
Typosquatting detection — lookalike domain scoring
New typosquat object in domain responses identifies whether a domain is a lookalike of a known brand, including the target brand, similarity score, and attack type (homoglyph, transposition, addition, omission).
GET /domain/{domain}
improve
Free plan rate limit increased from 100 to 500 req/day
Free plan daily request limit increased 5× to 500 requests per day. Rate limit per minute unchanged at 10 req/min. No action needed — applies automatically to all free accounts.
v2.0.0April 1, 2025Breaking
breaking
API base URL changed to /v2
All endpoints now use the /v2 prefix. The /v1 API will continue to receive security fixes only until December 31, 2025, after which it will be retired. Migrate to v2 at your earliest convenience.
breaking
Authentication header changed from Bearer to X-API-Key
API key authentication now uses the X-API-Key header instead of Authorization: Bearer. Both are accepted during the migration window until v1 retirement.
new
Unified domain response — all data in one call
The v2 domain endpoint returns WHOIS, DNS, SSL, score, IP, and subdomains in a single response using the include parameter. Eliminates the need for multiple API calls per domain.
GET /v2/domain/{domain}?include=whois,dns,ssl
2024 (v1.x)
v1.x Archive2024EOL Dec 2025
eol
v1 API reached end-of-life — December 31, 2025
The v1 API has been retired. All requests to /v1/ endpoints now return 410 Gone. Please migrate to the v2 API. See our migration guide for full details.
API Version History
Support status and sunset dates for all API versions
VersionReleasedStatusSupport UntilNotes
v2.4Mar 2026CurrentActiveCompany Intelligence, Webhooks, ASN reverse lookup
v2.3Jan 2026SupportedJan 2027Score breakdown, NRD feed, date field rename
v2.2Oct 2025SupportedOct 2026SSL chain, expanded blacklists, MX fix
v2.0–2.1Apr–Jul 2025DeprecatedApr 2026Still functional, upgrade strongly recommended
v1.x2022–2024End of LifeDec 31, 2025Returns 410 Gone. Migrate to v2 immediately.