SSL certificate analysis for any domain — issuer, grade, expiry — paid per call via x402.
What it does
The `/domain/ssl` endpoint is part of the Domain Intelligence API hosted at domain.hugen.tokyo. It performs SSL/TLS certificate analysis on a given domain and returns structured results including the certificate issuer, whether the certificate is expired, an overall SSL grade, and whether SSL is present. The endpoint accepts a single required query parameter (`domain`) and returns JSON.
This endpoint is one of 7 individual domain intelligence checks available on the API (WHOIS, DNS, SSL, tech stack, security headers, subdomains, redirects), plus a combined `/domain/full` endpoint that runs all checks in parallel. Each endpoint is paid via the x402 protocol at $0.01 USDC per call on the Base network. The probe's 402 challenge confirms the endpoint is live and includes a sample SSL response showing fields like `has_ssl`, `grade`, `certificate.issuer`, and `certificate.is_expired`.
Alternative access methods are available: an MCP gateway at mcp.hugen.tokyo, API key access with a free $0.05 credit via discovery.hugen.tokyo, and a Python SDK (`x402-pay`). The OpenAPI spec (v3.1) is published but response schemas for the paid endpoints are empty (no detailed field definitions), so the exact response structure must be inferred from the sample in the 402 challenge.
Capabilities
Use cases
- —Automated SSL monitoring to detect expired or misconfigured certificates
- —Security audits verifying TLS configuration across a portfolio of domains
- —CI/CD pipeline checks ensuring production domains maintain valid SSL
- —Agent-driven domain reconnaissance gathering certificate metadata
Fit
Best for
- —Quick per-domain SSL certificate inspection without infrastructure setup
- —AI agents needing structured SSL data via a pay-per-call model
- —Lightweight certificate monitoring where a full scanning platform is overkill
Not for
- —Bulk scanning of thousands of domains (per-call pricing adds up)
- —Deep TLS vulnerability scanning (cipher suite enumeration, protocol downgrade testing)
- —Free or unauthenticated SSL checks (payment is required per call)
Quick start
pip install x402-pay
import x402_pay
r = x402_pay.get('https://domain.hugen.tokyo/domain/ssl?domain=example.com')
print(r.json())Example
Response
{
"grade": "A",
"has_ssl": true,
"certificate": {
"issuer": {
"organizationName": "Let's Encrypt"
},
"is_expired": false
}
}Endpoint
Quality
The endpoint is confirmed live via a 402 challenge that includes a sample response. OpenAPI spec is present but response schemas for paid endpoints are empty. No dedicated docs page beyond the auto-generated Swagger UI. Pricing is clear ($0.01 USDC on Base). The response structure is inferred from the 402 challenge sample rather than a formal schema.
Warnings
- —Response schema is empty in the OpenAPI spec; field structure inferred from the 402 challenge sample only.
- —No detailed documentation beyond auto-generated Swagger UI.
- —Sample response in 402 challenge may not represent the full response shape.
Citations
- —The API provides 7 domain intelligence checks: WHOIS, DNS, SSL, tech stack, security headers, subdomains, redirectshttps://domain.hugen.tokyo/docs
- —Payment is $0.01 USDC on Base per callhttps://domain.hugen.tokyo/domain/ssl
- —Alternative access via MCP gateway, API key, and Python SDKhttps://domain.hugen.tokyo/domain/ssl
- —OpenAPI spec version 3.1.0, title Domain Intelligence APIhttps://domain.hugen.tokyo/docs