Cloudflare Registrar is a cost price domain registrar offering cheap domain transfers and registrations. However, at one point you may need to transfer many domains out of Cloudflare Registrar to another registrar – offering discount domain transfer pricing or specials. This guide will show you how to bulk transfer out the domains via Cloudflare Registrar API via command line or scripting.
Cloudflare Registrar offers a GUI based dashboard method for unlocking your domain and obtaining your EPP or AUTH code. If you have a few domains that should suffice. However, if you have hundreds of domains within Cloudflare Registrar for your Cloudflare Account, manually unlocking and obtaining your EPP/AUTH code for each domain will be time consuming. Cloudflare Registrar API allows you to programmatically script the process for unlocking your domains and obtaining your EPP/AUTH codes. Note, if you are looking to bulk transfer domains into Cloudflare Registrar, check out the guide here.
However, there’s a few undocumented commands not listed in the current version of the documentation (as at February 28, 2021) for obtaining the EPP/AUTH code which I will outline below as well.
- Step 1. Obtain your Cloudflare Account Global API Key & Account ID
- Step 2. Install jq JSON Tool
- Step 3. Populating Variables On SSH Command Line/Shell Scripts
- Step 4. Bulk Unlock & Obtain EPP/AUTH Code For Cloudflare Domains
Step 1. Obtain your Cloudflare Account Global API Key & Account ID
Cloudflare Registrar API currently does not support Cloudflare API Tokens. So you will need to obtain your Cloudflare Account Global API Key from https://dash.cloudflare.com/profile/api-tokens. Then you’ll also need to obtain your Cloudflare Account ID via any of your domain’s dashboard right side column which lists your zone id and your account id. These two items will be used to populate variables on the SSH command line or via bash shell scripts you can write to run on Linux command line.
Step 2. Install jq JSON Tool
Install jq JSON tool which allows you to manipulate and filter Cloudflare Registrar API’s JSON output
yum -y install jq
or
apt-get install jq
Step 3. Populating Variables On SSH Command Line/Shell Scripts
You’ll need to populate the following variables with your Cloudflare Account ID, Cloudflare Account Global API Key, Cloudflare Account Email address and Cloudflare endpoint variables. Then on the command line in SSH session type or copy and paste them or set within your own shell scripts.
cfaccountid=your_cf_account_id cftoken=your_cf_global_api_token cfemail=your_cf_account_email_address endpoint=https://api.cloudflare.com/client/v4/ endpoint_target=accounts/$cfaccountid/registrar/domains
If you use curl command line to query Cloudflare Registrar API with this command below, you will return just all the domain names that are registered with Cloudflare Registrar.
curl -4sX GET "${endpoint}${endpoint_target}" -H "Content-Type:application/json" \ -H "X-Auth-Email: $cfemail" \ -H "X-Auth-Key: $cftoken" | jq -r '.result[].name' domain.com domain.net
Step 4. Bulk Unlock & Obtain EPP/AUTH Code For Cloudflare Domains
Here we’ll be using a bash shell for loop iterating through a list of domain names returned from Cloudflare Registrar API end point for https://api.cloudflare.com/client/v4/accounts/$cfaccountid/registrar/domains
and then unlocking each domain, resetting the EPP/AUTH code and then querying and printing out the domain name and EPP/AUTH code in a format that is ready for bulk domain registrar transfers to other domain registrars like Namesilo, Namecheap, Internet.bs, Porkbun and GoDaddy.
First we’ll populate the domains bash array
domains=($(curl -4sX GET "${endpoint}${endpoint_target}" -H "Content-Type:application/json" \ -H "X-Auth-Email: $cfemail" \ -H "X-Auth-Key: $cftoken" | jq -r '.result[].name'))
If you echo the output of the domains bash array, it would be something like below:
echo ${domains[@]} domain.com domain.net
Now the for loop that does all the domain unlocking and EPP/AUTH code retrieval. You’ll either be scripting this is a shell script or running the entire code as one command via copy and paste into SSH command line.
It will loop through the above domains bash array and for each domain name returned it will:
- unlock the domain and save CF API output to log file
${d}-unlock.log
where${d}
is your domain name. - will save domain’s reset EPP/AUTH code to log file at
${d}-reset-auth.log
where${d}
is your domain name. This and the next step are not outlined in current Cloudflare Registrar API documentation which only outlines how to unlock the domain. - save full domain registrar info to
${d}-get-auth.log
log where${d}
is your domain name and - only the domain and EPP/AUTH code properly formatted in
${d}-get-auth-summary.log
where${d}
is your domain name. - these logs will be all saved in same working directory you run the commands from or run your shell script from
for d in ${domains[@]}; do domain=$d endpoint=https://api.cloudflare.com/client/v4/ endpoint_target=accounts/$cfaccountid/registrar/domains/$d # unlock echo echo "unlock: $d" echo curl -4sX PUT "${endpoint}${endpoint_target}" -H "Content-Type:application/json" \ -H "X-Auth-Email: $cfemail" \ -H "X-Auth-Key: $cftoken" --data '{"locked":false}' | tee ${d}-unlock.log | jq echo "saved: ${d}-unlock.log" # reset auth code echo "reset auth code: $d" echo curl -4sX PUT "${endpoint}${endpoint_target}" -H "Content-Type:application/json" \ -H "X-Auth-Email: $cfemail" \ -H "X-Auth-Key: $cftoken" --data-raw '{"reset_auth_code":true}' | tee ${d}-reset-auth.log | jq echo "saved: ${d}-reset-auth.log" # obtain auth code echo "obtain auth code: $d" echo curl -4sX GET "${endpoint}${endpoint_target}" -H "Content-Type:application/json" \ -H "X-Auth-Email: $cfemail" \ -H "X-Auth-Key: $cftoken" | tee ${d}-get-auth.log | jq -r '.result | "\(.name) \(.auth_code)"' | tee ${d}-get-auth-summary.log echo "saved: ${d}-get-auth.log" done
Example output from for loop which iterated over domain.com and domain.net domains.
unlock: domain.com { "result": { "message": "Domain updates complete!" }, "success": true, "errors": [], "messages": [] } saved: domain.com-unlock.log reset auth code: domain.com { "result": { "message": "Domain updates complete!" }, "success": true, "errors": [], "messages": [] } saved: domain.com-reset-auth.log obtain auth code: domain.com domain.com 3-2-HP0-oIbu-9Hb saved: domain.com-get-auth.log unlock: domain.net { "result": { "message": "Domain updates complete!" }, "success": true, "errors": [], "messages": [] } saved: domain.net-unlock.log reset auth code: domain.net { "result": { "message": "Domain updates complete!" }, "success": true, "errors": [], "messages": [] } saved: domain.net-reset-auth.log obtain auth code: domain.net domain.net iZY-ErqP--6n2-50 saved: domain.net-get-auth.log
Now each domain would of saved a log file named ${d}-get-auth-summary.log
. You can concatenate them to show all domains and their EPP/AUTH code in a format you can use to bulk domain transfer to another domain registrar like Namesilo, Namecheap, Internet.bs, Porkbun and GoDaddy.
ls -lrt *-get-auth-summary.log -rw-r--r-- 1 root root 33 Feb 28 08:00 domain.com-get-auth-summary.log -rw-r--r-- 1 root root 33 Feb 28 08:00 domain.net-get-auth-summary.log
cat *-get-auth-summary.log domain.com 3-2-HP0-oIbu-9Hb domain.net iZY-ErqP--6n2-50
If in future you need to transfer domains back to Cloudflare Domain Registrar, you can also use the Cloudflare API to do such as outlined in examples for Namecheap and Namesilo transfer to Cloudflare Registrar here. I’ll update this guide with further examples in the future so check back frequently.