Doesn’t their API also require you to allow-list IPs, making it basically useless for dynamic DNS?
From www.namecheap.com/support/api/intro/ under “Whitelisting IP.”
Comment on PSA: GoDaddy gated their own API. DDNS users warned
catloaf@lemm.ee 4 months agoThat can’t be right. I only had two domains (one now) and I’ve been using the API just fine. And basically any purchase will clear those dollar amounts.
hedgehog@ttrpg.network 4 months ago
loudwhisper@infosec.pub 4 months ago
That’s a very interesting gotcha. They don’t seem to support address ranges either. Unless once you add the whitelist the requests still work from any address (their documentation is ambiguous). This is even more confusing.
catloaf@lemm.ee 4 months ago
Not sure. Personally I only use it for Let’s Encrypt DNS challenges.
loudwhisper@infosec.pub 4 months ago
I found it on their FAQ.
Yes, it is generally less restrictive, but… I have 4 domains, and now I have renewed all of them for the maximum amount. They will all expire after 2033. So unless I decide to add more domains (which is unlikely), I won’t spend a cent in the next ~9 years. I wonder if they really enforce it as it is written or they consider still the renewal an expense “split” over the duration.
Still, I really don’t understand. You can - and should - have proper rate limits on the API. You have API keys that uniquely identify the source, what is “the abuse” they are trying to prevent this way…?