# SSL Certificate API > Check any website's SSL/TLS certificate as an API. Pass a domain and the service performs a live TLS handshake and returns the certificate's subject and issuer, the validity window, the exact number of days until it expires, whether it is currently valid and trusted by a standard CA chain, the negotiated TLS protocol, serial number, SHA-256 fingerprint, key size and the full list of Subject Alternative Names (SANs). A lean expiry endpoint returns a simple ok / expiring_soon / expired status, perfect for uptime and certificate-expiry monitoring, dashboards, CI checks and security tooling. Self-contained — no third-party service. IP addresses and internal hosts are not supported. ## Authentication All requests require your oanor API key in the `x-oanor-key` header. Get one at https://www.oanor.com/developer/keys. ```bash curl -H "x-oanor-key: oanor_live_…" "https://api.oanor.com/sslcheck-api/..." ``` ## Pricing - **Free** (Free) — 3,420 calls/Mo, 2 req/s - **Starter** ($4/Mo) — 47,600 calls/Mo, 8 req/s - **Pro** ($12/Mo) — 236,000 calls/Mo, 20 req/s - **Mega** ($33/Mo) — 1,188,000 calls/Mo, 50 req/s ## Endpoints ### SSL #### `GET /v1/check` — Full certificate details for a domain **Parameters:** - `domain` (query, required, string) — Domain to check, e.g. github.com Example: `github.com` - `port` (query, optional, string) — TLS port (default 443) Example: `443` **Example:** ```bash curl -H "x-oanor-key: $KEY" \ "https://api.oanor.com/sslcheck-api/v1/check?domain=github.com&port=443" ``` **Response:** ```json { "data": { "certificate": { "port": 443, "domain": "github.com", "issuer": { "common_name": "Sectigo Public Server Authentication CA DV E36", "organization": "Sectigo Limited" }, "expired": false, "subject": { "common_name": "github.com", "organization": null }, "key_bits": 256, "valid_to": "2026-08-02T23:59:59.000Z", "valid_from": "2026-05-05T00:00:00.000Z", "chain_error": null, "self_signed": false, "tls_protocol": "TLSv1.3", "chain_trusted": true, "not_yet_valid": false, "serial_number": "E7CECC3B13FB3B7B8A46EA8CD0AEB71C", "days_remaining": 63, "subject_alt_names": [ "github.com", "www.github.com" ], "fingerprint_sha256": "A7:B8:10:34:CD:43:95:51:C5:0A:29:B5:43:55:25:4A:84:94:2A:0A:99:0C:1A:9E:12:85:6C:85:5B:64:B6:5F" } }, "meta": { "timestamp": "2026-05-31T11:14:11.369Z", "request_id": "7b0203c0-d89b-4ed1-94ff-48d095c6e455" }, "status": "ok", "message": "Certificate checked", "success": true } ``` #### `GET /v1/expiry` — Lean expiry status (for monitoring) **Parameters:** - `domain` (query, required, string) — Domain to check, e.g. github.com Example: `github.com` - `port` (query, optional, string) — TLS port (default 443) Example: `443` **Example:** ```bash curl -H "x-oanor-key: $KEY" \ "https://api.oanor.com/sslcheck-api/v1/expiry?domain=github.com&port=443" ``` **Response:** ```json { "data": { "port": 443, "domain": "github.com", "status": "ok", "expired": false, "valid_to": "2026-08-02T23:59:59.000Z", "chain_trusted": true, "days_remaining": 63 }, "meta": { "timestamp": "2026-05-31T11:14:11.456Z", "request_id": "8e2ff3ee-b942-44e3-8fc3-9da17b20f312" }, "status": "ok", "message": "Expiry checked", "success": true } ``` ### Meta #### `GET /v1/meta` — Service info **Example:** ```bash curl -H "x-oanor-key: $KEY" \ "https://api.oanor.com/sslcheck-api/v1/meta" ``` **Response:** ```json { "data": { "note": "Inspect any HTTPS host's TLS certificate by direct handshake. /v1/check?domain= returns the full certificate (issuer, subject, validity, days remaining, SANs, chain trust, fingerprint); /v1/expiry?domain= returns a lean expiry status (ok / expiring_soon / expired) for monitoring. IP addresses and internal hosts are not supported.", "service": "SSL/TLS certificate checker", "endpoints": [ "/v1/check", "/v1/expiry", "/v1/meta" ] }, "meta": { "timestamp": "2026-05-31T11:14:11.534Z", "request_id": "ef6f16fe-6405-4634-866c-006a0e36f698" }, "status": "ok", "message": "Meta retrieved", "success": true } ``` --- Marketplace page: https://www.oanor.com/api/sslcheck-api OpenAPI spec: https://www.oanor.com/api/sslcheck-api/openapi.json