Important update 1: Email Support is being transitioned to Webforms. Click here for more information.

Connecting to the Enom API: IP Allowlisting & Authentication

Before the Enom API will accept your requests, two things must be in place: the IP address you call from must be allowlisted, and every call must carry valid credentials. This article walks you through allowlisting your server, authenticating a request, and finding the command you need so you can make your first successful live call.

How Enom API authentication works

The Enom API is available to reseller accounts. You authenticate each request by passing your account credentials as parameters in the call itself — there is no separate login step or session. As a security control, Enom only accepts API requests from IP addresses you have allowlisted, which prevents anyone who obtains your credentials from submitting requests from an unknown server.

You can authenticate with your account password or with a generated API token. Tokens are the recommended approach: you can issue more than one, give different users their own token, and revoke a token without changing your account password.

Before you begin

  • An active Enom reseller account. API access is a reseller-only feature.
  • The static IP address of your server. The allowlist requires a static IP. If your environment uses a wildcard or dynamic range, you will need to request allowlisting through support.
  • Your credentials decided. Choose whether you will authenticate with your account password or a generated token. See Managing Your API Access for creating tokens.
  • A test account (recommended). Validate your calls in the sandbox first — see Setting Up and Using Your API Test Account (Sandbox).

Step 1: Allowlist your server IP(s)

Add the static IP your API calls originate from to your account's allowlist for the live environment.

  1. Sign in to your enom.com account.
  2. Select the Resellers drop-down menu.
  3. Choose Manage, then API.
  4. Enter your IP and click Add.

Allowlist the exact static IP your requests come from. If you receive an IP-related error, use the IP shown in the error message — it may differ from your local machine's IP (for example, when calls route through a server or NAT gateway). For a wildcard IP or range, submit a verified support request and Enom will allowlist it for you.

Step 2: Authenticate a request

Authenticate by including your credentials and the standard parameters in the call. Every call needs, at minimum, the command name, your login ID, your password or token, and a response type.

  1. Assemble the standard parameters:
    • command — the command name (for example, check or GetBalance).
    • uid — your username / login ID.
    • pw — your account password, or your API token.
    • responsetype — the format you want results in: XML, HTML, or Text.
    • Plus any command-specific parameters (such as sld and tld for a domain).
  2. Build the call. A live call follows this pattern:
    https://reseller.enom.com/interface.asp?command=GetBalance&uid=yourloginid&pw=yourtoken&responsetype=xml
  3. Issue the call from your code, or paste it into a browser tab and press Enter. A successful call returns the requested data; an unsuccessful one returns an error and an error count. For details on reading results, see Understanding API Calls and Responses.

Response formats

Set responsetype to control the output. Most integrations use XML for reliable parsing; HTML and Text are also available.

responsetypeUse
xmlMachine-readable output for programmatic parsing.
htmlOutput formatted for display in a browser.
textPlain-text key/value output.

Step 3: Find commands in the command catalog

Enom publishes a catalog of 300+ commands with their required parameters and sample responses. Use it to find the exact command and parameter names for the action you want.

  1. Open the Enom API documentation at api.enom.com/docs.
  2. Browse to the relevant guide — for example, the Domains, SSL, or Email API guide — and locate your command.
  3. Note the required parameters for that command, add them to your authenticated call, and test.

Protect and rotate your credentials. Treat your password and tokens like secrets: do not embed them in client-side code or commit them to source control. Prefer tokens over your account password, issue a separate token per integration or user, and rotate or revoke any token that may have been exposed.

Next steps

Questions? Contact Enom Support.

How helpful was this article?

Thanks for your feedback!

Do you still need help? If so please submit a request here.