{
  "_meta": {
    "methodology_version": "0.1",
    "scale": "Sub-scores 0-10; overall 0-100 (weighted).",
    "last_updated": "2026-06-21",
    "basis": "v0.1 is a public-signal assessment. Sub-scores are derived from each registrar's published API documentation, pricing pages, and security/privacy policies as cited per registrar. They are an interpretation of those facts, not a fabricated rating, and they are NOT yet the result of an end-to-end live agent test (search -> register -> configure DNS). Independent live testing is a planned v0.2 upgrade. Any criterion we could not verify from a public source is recorded as null (unknown), not guessed.",
    "category_note": "No registrar in this set yet ships agent-native safety primitives for domain operations (per-token spend limits, human-approval flows, or one-click rollback of a registration/transfer). The whole category is early; agent-safety scores reflect general account controls (audit logs, 2FA, scoped tokens) rather than purpose-built delegation controls.",
    "disclosure": "Best-Domain-Registrars.com is operated within Just (Just Done LLC). Just Done LLC also operates Just Domain, a domain reseller. Just Domain is not included in this index. Every registrar here is scored by the same published methodology on the same public evidence; see /editorial-policy/.",
    "open_data": {
      "name": "Open Domain Data",
      "site": "https://opendomaindata.org",
      "note": "Open Domain Data is a sibling open-data project operated within Just (Just Done LLC). It publishes the neutral, versioned, machine-readable factual layer this index reads against — registrar API capabilities, agent-capability signals, DNS support, pricing and registry facts. Open Domain Data states facts (e.g. 'scoped tokens: yes'); it does not score, rank or recommend. This index interprets those facts. Per Open Domain Data's reuse terms, the datasets and versions each criterion is grounded in are listed below; sub-scores remain an editorial interpretation and also cite each registrar's primary documentation directly.",
      "datasets": [
        {
          "id": "agent_capability_signals",
          "version": "2026.05",
          "path": "/datasets/agent-capability-signals",
          "criteria": [
            "api_coverage",
            "auth_delegation",
            "agent_safety",
            "developer_experience",
            "agent_interface",
            "dns_infrastructure"
          ]
        },
        {
          "id": "registrar_api_capabilities",
          "version": "2026.05",
          "path": "/datasets/registrar-api-capabilities",
          "criteria": [
            "api_coverage",
            "auth_delegation",
            "developer_experience"
          ]
        },
        {
          "id": "tld_pricing",
          "version": "2026.06",
          "path": "/datasets/tld-pricing",
          "criteria": [
            "pricing_transparency"
          ]
        },
        {
          "id": "dns_capabilities",
          "version": "2026.05",
          "path": "/datasets/dns-capabilities",
          "criteria": [
            "dns_infrastructure"
          ]
        },
        {
          "id": "registrar_security_contacts",
          "version": "2026.05",
          "path": "/datasets/registrar-security-contacts",
          "criteria": [
            "privacy_compliance"
          ]
        },
        {
          "id": "registrars",
          "version": "2026.06",
          "path": "/datasets/registrars",
          "criteria": [
            "trust_signals"
          ]
        },
        {
          "id": "rdap_metadata",
          "version": "2026.05",
          "path": "/datasets/rdap-metadata",
          "criteria": [
            "trust_signals"
          ]
        }
      ],
      "criteria_without_open_dataset": [
        "support_quality"
      ]
    }
  },
  "criteria": [
    {
      "id": "api_coverage",
      "name": "API coverage",
      "weight": 18,
      "measures": "Breadth of programmatic operations: domain search/availability, registration, renewal, transfer, DNS records, contacts/WHOIS, billing, and bulk operations — and how openly that surface is accessible."
    },
    {
      "id": "auth_delegation",
      "name": "Authentication & delegation",
      "weight": 14,
      "measures": "OAuth support, scoped/least-privilege tokens, revocable and short-lived credentials, and the ability to delegate limited access to an agent rather than sharing full account keys."
    },
    {
      "id": "agent_safety",
      "name": "Agent safety",
      "weight": 12,
      "measures": "Controls that make delegation safe: audit logs, change history, human-approval flows, spend limits, and rollback. Scored against general account controls today; purpose-built delegation controls do not yet exist in this set."
    },
    {
      "id": "developer_experience",
      "name": "Developer experience",
      "weight": 12,
      "measures": "Public API docs, SDKs, a sandbox/test environment, documented rate limits, clear error codes, and webhooks for event-driven automation."
    },
    {
      "id": "agent_interface",
      "name": "Agent-interface readiness",
      "weight": 12,
      "measures": "An official MCP or A2A interface, machine-readable pricing, machine-readable policies, and a published capability manifest an agent can read before acting."
    },
    {
      "id": "pricing_transparency",
      "name": "Pricing transparency",
      "weight": 10,
      "measures": "Public registration/renewal/transfer pricing, premium-domain handling, clarity of markup and add-on costs, and whether pricing is retrievable programmatically."
    },
    {
      "id": "dns_infrastructure",
      "name": "DNS & infrastructure",
      "weight": 8,
      "measures": "DNS management depth, DNSSEC, anycast performance, and whether DNS is fully manageable through the API."
    },
    {
      "id": "privacy_compliance",
      "name": "Privacy & compliance",
      "weight": 6,
      "measures": "Default WHOIS privacy, contact-data handling, account security (2FA / WebAuthn), and abuse handling."
    },
    {
      "id": "support_quality",
      "name": "Support quality",
      "weight": 4,
      "measures": "Support channels, availability, and the quality of developer/API support and documentation."
    },
    {
      "id": "trust_signals",
      "name": "Trust signals",
      "weight": 4,
      "measures": "ICANN accreditation, years in operation, parent company, scale, public status page, and security track record."
    }
  ],
  "registrars": [
    {
      "registrar_id": "cloudflare-registrar",
      "rank": 1,
      "overall": 78.7,
      "summary": "The most agent-ready registrar in the set today. Cloudflare's API uses scoped, revocable API tokens (least-privilege delegation), exposes account-level audit logs, ships a full DNS API on industry-leading anycast infrastructure, and prices domains at cost with no markup. Its weaknesses are agent-specific: registration via API is limited compared with full-service registrars, and there is no registrar-specific MCP tool or capability manifest yet.",
      "best_for": [
        "Developers delegating DNS and domain management to agents",
        "Least-privilege API access",
        "At-cost, predictable pricing"
      ],
      "not_ideal_for": [
        "Registering brand-new domains entirely via API",
        "Wide TLD coverage",
        "Non-technical first-time buyers"
      ],
      "scores": {
        "api_coverage": {
          "score": 7.5,
          "note": "Full domain management and DNS via the Cloudflare API; new-domain registration through the API is more limited than full-service registrars."
        },
        "auth_delegation": {
          "score": 9.5,
          "note": "Scoped API tokens with least-privilege permissions, revocable and time-bound — the strongest delegation model in the set. No consumer OAuth flow."
        },
        "agent_safety": {
          "score": 6,
          "note": "Account-level Audit Logs and strong 2FA (WebAuthn); no domain-specific approval flow, spend limit, or rollback."
        },
        "developer_experience": {
          "score": 8,
          "note": "Comprehensive docs, published OpenAPI, multiple SDKs, documented rate limits; no registrar sandbox and no registrar webhooks."
        },
        "agent_interface": {
          "score": 5,
          "note": "Official remote MCP servers exist for the Cloudflare platform (OAuth-based) but none registers domains; no machine-readable registrar pricing or capability manifest."
        },
        "pricing_transparency": {
          "score": 9.5,
          "note": "At-cost wholesale pricing, no markup, no upsells — among the most transparent in the industry."
        },
        "dns_infrastructure": {
          "score": 10,
          "note": "Industry-leading anycast DNS, DNSSEC, full DNS API."
        },
        "privacy_compliance": {
          "score": 9,
          "note": "WHOIS redaction by default; WebAuthn/security-key 2FA."
        },
        "support_quality": {
          "score": 6,
          "note": "Ticket and community support; phone only on Enterprise."
        },
        "trust_signals": {
          "score": 9.5,
          "note": "ICANN accredited, large public infrastructure company, public status page and transparency reports."
        }
      },
      "sources": [
        "https://developers.cloudflare.com/registrar/",
        "https://developers.cloudflare.com/api/",
        "https://developers.cloudflare.com/fundamentals/api/get-started/create-token/",
        "https://developers.cloudflare.com/agents/model-context-protocol/mcp-servers-for-cloudflare/"
      ],
      "last_checked": "2026-06-21"
    },
    {
      "registrar_id": "porkbun",
      "rank": 2,
      "overall": 63.2,
      "summary": "Strong on the fundamentals an agent needs: a clean JSON API covering domains and DNS, a public pricing endpoint (machine-readable pricing is rare), and transparent low prices. It loses ground on delegation (single API key + secret, no OAuth, no scoped tokens), on safety (no audit-log API), and on developer tooling (no sandbox, no webhooks, no official SDK).",
      "best_for": [
        "Agents that read live pricing programmatically",
        "Low, transparent prices",
        "Simple DNS automation"
      ],
      "not_ideal_for": [
        "Least-privilege delegation",
        "Audited, reversible automation",
        "Teams needing a sandbox"
      ],
      "scores": {
        "api_coverage": {
          "score": 8,
          "note": "JSON API covers domain registration/management, DNS, SSL, and a pricing endpoint."
        },
        "auth_delegation": {
          "score": 5,
          "note": "API key + secret with a per-domain API-access toggle (coarse scoping); no OAuth, no short-lived tokens."
        },
        "agent_safety": {
          "score": 3,
          "note": "2FA (TOTP) on the account; no audit-log API, approval flow, spend limit, or rollback."
        },
        "developer_experience": {
          "score": 6,
          "note": "Public docs and documented rate limits; no sandbox, no webhooks, no official SDK."
        },
        "agent_interface": {
          "score": 4,
          "note": "No official MCP; a public pricing endpoint provides genuinely machine-readable pricing, which most peers lack."
        },
        "pricing_transparency": {
          "score": 9.5,
          "note": "Low, transparent pricing with a programmatic pricing endpoint and no hidden fees."
        },
        "dns_infrastructure": {
          "score": 7.5,
          "note": "Free DNS with ALIAS records and DNSSEC, fully API-manageable."
        },
        "privacy_compliance": {
          "score": 8.5,
          "note": "Free WHOIS privacy by default; TOTP 2FA."
        },
        "support_quality": {
          "score": 6.5,
          "note": "Email and business-hours chat."
        },
        "trust_signals": {
          "score": 7.5,
          "note": "ICANN accredited, operating since 2014; smaller than legacy registrars."
        }
      },
      "sources": [
        "https://porkbun.com/api/json/v3/documentation"
      ],
      "last_checked": "2026-06-21"
    },
    {
      "registrar_id": "godaddy",
      "rank": 3,
      "overall": 60.4,
      "summary": "The only registrar in the set with an official MCP server — a read-only domain search/availability tool that needs no API key, which is a real agent-interface signal. The broader Domains API is full-featured with an OTE sandbox, but production access is gated (availability endpoints require accounts with 50+ domains since May 2024), and pricing carries upsells. Delegation and safety are standard, not agent-native.",
      "best_for": [
        "Agent-driven domain search and availability checks (official MCP)",
        "Largest TLD catalog",
        "Phone support"
      ],
      "not_ideal_for": [
        "Small accounts needing full production API access",
        "Lowest renewal pricing",
        "Upsell-free checkout"
      ],
      "scores": {
        "api_coverage": {
          "score": 6.5,
          "note": "Broad Domains/DNS/availability API, but production access is gated (availability endpoints require 50+ domains since 2024-05-01), reducing real-world agent usability for small accounts."
        },
        "auth_delegation": {
          "score": 4,
          "note": "API key + secret (sso-key); no OAuth, no scoped tokens."
        },
        "agent_safety": {
          "score": 3,
          "note": "2FA on the account; no domain-specific audit API, approval flow, spend limit, or rollback."
        },
        "developer_experience": {
          "score": 6.5,
          "note": "Strong docs, an OTE sandbox (api.ote-godaddy.com), and documented rate limits; no domain webhooks, and production gating adds friction."
        },
        "agent_interface": {
          "score": 7,
          "note": "Official GoDaddy Domains MCP server (read-only search/availability, no key required) — the strongest official agent interface in the set."
        },
        "pricing_transparency": {
          "score": 6,
          "note": "Public pricing, but promo-heavy with aggressive checkout upsells."
        },
        "dns_infrastructure": {
          "score": 7,
          "note": "Standard managed DNS, premium DNS as an upgrade; DNSSEC supported."
        },
        "privacy_compliance": {
          "score": 7.5,
          "note": "Free privacy (Domains by Proxy) on most TLDs; TOTP/SMS 2FA."
        },
        "support_quality": {
          "score": 9,
          "note": "24/7 phone and chat support."
        },
        "trust_signals": {
          "score": 9,
          "note": "ICANN accredited, operating since 1997, largest registrar by volume, public company, public status page."
        }
      },
      "sources": [
        "https://developer.godaddy.com/doc/endpoint/domains",
        "https://www.godaddy.com/help/how-do-i-access-domain-related-apis-42424",
        "https://developer.godaddy.com/mcp",
        "https://www.godaddy.com/resources/news/inside-the-godaddy-domains-mcp-server"
      ],
      "last_checked": "2026-06-21"
    },
    {
      "registrar_id": "namecheap",
      "rank": 4,
      "overall": 58.5,
      "summary": "A broad, mature API with a real sandbox, but the delegation model is dated: access is keyed to an allow-listed IP rather than OAuth or scoped tokens, which is awkward for agents running from dynamic infrastructure. Solid privacy, support, and trust; no official agent interface.",
      "best_for": [
        "Teams testing against a sandbox",
        "24/7 support",
        "Free WHOIS privacy"
      ],
      "not_ideal_for": [
        "Agents on dynamic IPs",
        "Least-privilege delegation",
        "Machine-readable pricing"
      ],
      "scores": {
        "api_coverage": {
          "score": 7.5,
          "note": "Broad legacy API across domains, DNS, SSL, and users."
        },
        "auth_delegation": {
          "score": 4,
          "note": "API key + allow-listed IP; no OAuth, no scoped tokens. IP allow-listing is a weak, infrastructure-bound control for agents."
        },
        "agent_safety": {
          "score": 3,
          "note": "2FA (TOTP/SMS); no audit-log API, approval flow, spend limit, or rollback."
        },
        "developer_experience": {
          "score": 6.5,
          "note": "Public docs, a sandbox (api.sandbox.namecheap.com), and documented rate limits; no webhooks, no official SDK."
        },
        "agent_interface": {
          "score": 2.5,
          "note": "No official MCP or capability manifest; no machine-readable pricing."
        },
        "pricing_transparency": {
          "score": 7.5,
          "note": "Public pricing; promotional first-year pricing adds some complexity."
        },
        "dns_infrastructure": {
          "score": 7,
          "note": "Solid managed DNS with templates, dynamic DNS, and DNSSEC, API-manageable."
        },
        "privacy_compliance": {
          "score": 8.5,
          "note": "Free WHOIS privacy on eligible domains; TOTP/SMS 2FA."
        },
        "support_quality": {
          "score": 8.5,
          "note": "24/7 live chat and ticketing."
        },
        "trust_signals": {
          "score": 8.5,
          "note": "ICANN accredited, operating since 2000, large established registrar."
        }
      },
      "sources": [
        "https://www.namecheap.com/support/api/intro/"
      ],
      "last_checked": "2026-06-21"
    },
    {
      "registrar_id": "dynadot",
      "rank": 5,
      "overall": 56.7,
      "summary": "A capable API (legacy + REST) with a sandbox and strong bulk tooling for portfolio holders, but a hard concurrency constraint — only one API request at a time per account — limits agent throughput. Delegation and safety are standard; no official agent interface.",
      "best_for": [
        "Bulk and portfolio automation",
        "Sandbox testing",
        "Competitive pricing"
      ],
      "not_ideal_for": [
        "High-concurrency agents",
        "Least-privilege delegation",
        "Polished non-technical UX"
      ],
      "scores": {
        "api_coverage": {
          "score": 7.5,
          "note": "Legacy + RESTful API covering domains, DNS, and bulk operations (up to 100 domains/request)."
        },
        "auth_delegation": {
          "score": 4,
          "note": "API key + secret (x-signature for REST); no OAuth, no scoped tokens."
        },
        "agent_safety": {
          "score": 3,
          "note": "2FA; no audit-log API, approval flow, spend limit, or rollback. One-request-at-a-time limit constrains automation."
        },
        "developer_experience": {
          "score": 6,
          "note": "Public docs and a sandbox (api-sandbox.dynadot.com); rate limits vary by account tier and only one concurrent request is allowed."
        },
        "agent_interface": {
          "score": 2.5,
          "note": "No official MCP or capability manifest; no machine-readable pricing."
        },
        "pricing_transparency": {
          "score": 8,
          "note": "Public, competitive pricing with limited upsell."
        },
        "dns_infrastructure": {
          "score": 6.5,
          "note": "Functional DNS with DNSSEC; not anycast-class performance."
        },
        "privacy_compliance": {
          "score": 8,
          "note": "Free WHOIS privacy; TOTP/SMS 2FA."
        },
        "support_quality": {
          "score": 6.5,
          "note": "Email and business-hours chat."
        },
        "trust_signals": {
          "score": 8,
          "note": "ICANN accredited, operating since 2002."
        }
      },
      "sources": [
        "https://www.dynadot.com/domain/api",
        "https://www.dynadot.com/domain/api-commands",
        "https://www.dynadot.com/help/question/api-sandbox"
      ],
      "last_checked": "2026-06-21"
    },
    {
      "registrar_id": "spaceship",
      "rank": 6,
      "overall": 54.9,
      "summary": "A modern, newer registrar with a clean public API (documented at docs.spaceship.dev) and documented rate limits, covering domains and DNS. The surface is still maturing — no sandbox is documented and no official agent interface exists — and the brand has the shortest track record in the set.",
      "best_for": [
        "Modern DNS automation",
        "Competitive pricing",
        "Clean account UX"
      ],
      "not_ideal_for": [
        "Long track record requirements",
        "Least-privilege delegation",
        "Sandbox-first development"
      ],
      "scores": {
        "api_coverage": {
          "score": 6.5,
          "note": "Public API covering domains and DNS; surface is newer and still expanding."
        },
        "auth_delegation": {
          "score": 4,
          "note": "X-API-Key + X-API-Secret headers; no OAuth, no scoped tokens."
        },
        "agent_safety": {
          "score": 3,
          "note": "2FA; no audit-log API, approval flow, spend limit, or rollback."
        },
        "developer_experience": {
          "score": 6,
          "note": "Public docs with documented rate limits; no sandbox documented. A community Terraform provider exists."
        },
        "agent_interface": {
          "score": 2.5,
          "note": "No official MCP or capability manifest; no machine-readable pricing."
        },
        "pricing_transparency": {
          "score": 8,
          "note": "Competitive, transparent pricing."
        },
        "dns_infrastructure": {
          "score": 7,
          "note": "Modern DNS panel, API-manageable."
        },
        "privacy_compliance": {
          "score": 8,
          "note": "Free WHOIS privacy; TOTP 2FA."
        },
        "support_quality": {
          "score": 7,
          "note": "Chat and email."
        },
        "trust_signals": {
          "score": 6.5,
          "note": "ICANN accredited but launched 2023 (shortest track record); affiliated with Namecheap's group."
        }
      },
      "sources": [
        "https://docs.spaceship.dev/"
      ],
      "last_checked": "2026-06-21"
    },
    {
      "registrar_id": "squarespace-domains",
      "rank": 7,
      "overall": 27.8,
      "summary": "Not built for delegation. Squarespace Domains has no public domain API, so an agent cannot search, register, transfer, or manage DNS programmatically. It scores well only on the non-API basics (free privacy, public pricing) but is unsuitable for agentic workflows today.",
      "best_for": [
        "Squarespace site owners managing domains by hand",
        "Simple, polished manual UX"
      ],
      "not_ideal_for": [
        "Any agent or programmatic workflow",
        "DNS power users",
        "Developers"
      ],
      "scores": {
        "api_coverage": {
          "score": 1,
          "note": "No public domain API."
        },
        "auth_delegation": {
          "score": 1,
          "note": "No API, so no programmatic delegation is possible."
        },
        "agent_safety": {
          "score": 1,
          "note": "No API to delegate; account 2FA only."
        },
        "developer_experience": {
          "score": 1.5,
          "note": "No public API, docs, or sandbox for domain operations."
        },
        "agent_interface": {
          "score": 1,
          "note": "No official MCP, manifest, or machine-readable pricing."
        },
        "pricing_transparency": {
          "score": 7,
          "note": "Public pricing on the website."
        },
        "dns_infrastructure": {
          "score": 4,
          "note": "Basic managed DNS, no API access."
        },
        "privacy_compliance": {
          "score": 8,
          "note": "Free WHOIS privacy; 2FA."
        },
        "support_quality": {
          "score": 6,
          "note": "Email and chat via the Squarespace account."
        },
        "trust_signals": {
          "score": 7.5,
          "note": "ICANN accredited; operated by Squarespace (public company), inherited the former Google Domains base."
        }
      },
      "sources": [
        "https://www.squarespace.com/domains"
      ],
      "last_checked": "2026-06-21"
    }
  ]
}