WhoisXML API MCP Server: Enable AI Tools to Call APIs

Use Cases

• Enable LLMs to fetch real-time intelligence

  LLMs can’t access real-time data natively. The MCP server allows them to retrieve up-to-date WHOIS, DNS, SSL certificate and threat intelligence data on demand to power cybersecurity investigations or SOC workflows.

• Prepare external attack surface audits

  With one query specifying a domain, LLMs can use the MCP server to gather subdomains and WHOIS ownership details, as well as perform reverse IP lookups and more to build an inventory of the organization’s exposed assets.

• Investigate malicious infrastructure

  The MCP server gives LLMs access to reverse WHOIS, related domains, or historical DNS data instantly – with the ability to pivot off the results to build complete infrastructure reports.

• Add natural language interfaces to your threat hunting tools

  With MCP, you can embed an LLM that understands natural language and triggers API-based lookups on demand into your tool—transforming prompts like “Show all domains registered with this email” into real investigations.

Frequently Asked Questions

What is an MCP server?

An MCP server is a modular system that acts as a bridge between a large language model (LLM) and APIs. MCP stands for Model Context Protocol – a protocol developed by Anthropic in 2024. MCP servers allow the LLM to delegate tasks that it cannot perform on its own to external tools via APIs. It receives structured calls (often from a model’s tool-use or function-calling capabilities), executes API requests or computations, and returns the results in a format the model can understand. This architecture enables LLMs to interact with external systems, databases, and services in a secure, controllable, and scalable manner.

In the case of WhoisXML API, our MCP server allows you to enable LLMs that support the MCP protocol to access our APIs, run API requests, and receive responses. LLMs then process the JSON or XML response and return the information you were looking for.

Which APIs are integrated into your MCP Server?

Currently, WhoisXML API’s MCP server works with the following APIs:

• WHOIS API
• Website Categorization API
• Email Verification API
• Reverse WHOIS API
• WHOIS History API
• Subdomain Lookup API
• Domains & Subdomains Discovery API
• DNS lookup API
• DNS Chronicle API
• Reverse IP API
• Reverse MX API
• Reverse NS API
• Reverse DNS API
• IP Geolocation API
• IP Netblocks API
• SSL Certificates API
• Threat Intelligence API

We are working on integrating other APIs with the MCP server as well.

Is the MCP server free to use?

Yes, the MCP server itself is available for free, you only need to pay for the API credits that you use. You get some free credits upon signup which should be enough to test the MCP server out.

Do I need an API key to call the APIs with the MCP server?

Yes, you do – the LLMs would use the same API key you use to run API queries. The API key is the only parameter you need to configure in the MCP server. You can find yours in yours at the top of the "My products" page.

How can I install your MCP server?

We’ve documented the process of installation in our documentation. It’s easy and wouldn’t take more than a few minutes of your time. After installation, you’ll need to configure the LLM that you’re using so that it is aware of the existence of the MCP server. This process is also detailed in the documentation.

Are my existing API credits valid to use with the MCP server?

Absolutely, you can think of the MCP server as just another way to run API calls through an LLM interface. As such, credits bought to use the MCP server are fully functional for using the APIs outside the MCP server.