RIPE Database docs
Sidebar Navigation

Introduction to the RIPE Database

RIPE Database Documentation Overview

Intended Audience

Conventions Used in the RIPE Database Documentation

What is the RIPE Database

Purpose and Content of the RIPE Database

History of the RIPE Database

Personal Data Database Management and Reponsabilities

RIPE Database Structure

Database Object

Primary and Secondary Objects

List of Primary Objects

List of Secondary Objects

The Attributes in Database Objects

Attribute Names

Attributes in an Object

Attribute Values

Attribute Properties

How to Organise Your Data

REST API Data model

RPSL Object Types

Descriptions of Primary Objects

Descriptions of Secondary Objects

Available Databases

RIPE Database

TEST Database

Release Candidate Database

Experimental Databases

Update Methods

RESTful API

Webupdates

Syncupdates

Email Updates

Updating Objects in the RIPE Database

Format of the Update Message

Accessing the Object Templates

Object Processing

Update Operations

Historical Data

Special Considerations for Object Creation

Garbage Collection

Dry run

Set Objects

Notifications

Acknowledgment Message

Notification Messages

Authorisation

Authorisation Model

Using the Authorisation Methods

Security of Data Using Authorisation

Protection of PERSON and ROLE Objects

Protection of AUT NUM Object Space

Protection of Address Space

Protection of Route Object Space

Protection of Reverse Delegation Objects

Protection of Objects with Hierarchical Names

Protecting Membership of a Set

Referencing an ORGANIZATION Object

Referencing an IRT Object

IRT Object

Force Delete Functionality

Request ENUM delegation

Request DNSSEC delegation

How to Query the RIPE Database

The Structure of a Query

Web Query Form

RESTful API Queries

Command Line Queries

Query Responses

Registration Data Access Protocol

Access to Personal Data

Types of Queries

Queries Using Primary and Lookup Keys

Queries for IP Networks

Queries for Autonomous Systems

More and Less Specific Lookups For Reverse Domains

Inverse Queries

Abuse Contacts

Grouping the RIPE Database Output

Filtering the Query Reponse

IRR Toolset Support

Persistent Connections and Keeping State

Getting All the Members of Set objects

Access Control for Queries

RIPE NCC Global Resource Service

Other Query Flags

Referenced Objects in Query Response

Historical Queries

Related Software and Tools

Geolocation in the RIPE Database

RIPE Database Mirror

Setup RIPE Database Mirror

Near Real Time Mirroring v3

Near Real Time Mirroring v4

Access to NRTM

Tables of Query Types Supported by the RIPE Database

How to Recover Access to a Maintainer Object

Installation and Development

Getting started on macOS

Getting started on Ubuntu Linux

Building whois

Configure MariaDB

Coding standard

Installation instructions

Database Support

Support Overview

Clean up of Unreferenced Data

Database Security

Configuring Reverse DNS

Database Business Rules

Highlighted Values in the RIPE Database

Create First Role Mntner

Removal of personal data

Release Notes

FAQ

Appendices

Appendix A Syntax of Object Attributes

Appendix B Copyright Statement

Appendix C RIPE Database Query Server Response Codes and Messages

Appendix-D--Route-Object-Creation-Flowchart

Appendix-E--Domain-Object-Creation-Flowchart

Appendix F Special Considerations for Object Types

Appendix G Object Types with Personal Data

Appendix H PGP Authentication Method

Appendix I Client Certificate Authentication

Appendix J Ripe Test Database

Appendix K API Keys

Glossary

Legal Information

RIPE Database Acceptable Use Policy

HTML Terms And Conditions

All Documentation Combined

On this page

Appendix K- API Keys ​

API keys are a way to authenticate updates in the RIPE database. They are associated with a user's RIPE NCC Access account, and are intended to help users script (automate) updates to the RIPE Database.

Introduction ​

API keys are a way to authenticate updates in the RIPE Database. They are associated with a user's RIPE NCC Access account, and are intended to help you script (automate) updates to the RIPE Database. If you only make updates using the web interface, then you don't need API keys!

Before authenticating with an API key, your RIPE NCC Access account must already be associated with the object mntner using an "auth:" SSO attribute.

To start using API keys, go to the Web query page, login to RIPE NCC Access, and go to the API keys page on the left-hand menu. https://apps.db.ripe.net/db-web-ui/api-keys

Create a New Database Key ​

On the API keys page, click on "Create a new Database key".

  • Enter a key name (required) : a short description of how the key will be used.
  • Enter an expiration date (required) : when does the API key stop working. Keys are time-limited for security reasons and are valid up to a year in the future.
  • Enter a maintainer (optional) : if you have added your RIPE NCC Access account to more than one maintainer, you can restrict the API key to only work with one specified maintainer.

Then click on "Create a key".

When the key is created you'll see a popup.

The API key is composed of two parts. You can either use it combined in a single HTTP Authorization header, or separately as a username and password using your HTTP client.

Make sure to copy down either the combined header value or the username and password. The password will only be shown to you once. The username will be used subsequently as the key id.

List Database Keys ​

After closing the popup, the new key appears in a list, including:

  • Name (the text you entered describing the key)
  • Key ID (the generated username part of the key)
  • Last Used (the last time the key was used to successfully authenticate an update)
  • Expiration date (the date on which the key expires and can no longer be used)
  • Details (any other attributes such as the maintainer if entered)

Authenticated Queries using an API Key ​

To authenticate using an API key, you must first associate your RIPE NCC Access account with a maintainer using an auth: SSO attribute. Then you can authenticate queries and updates as your RIPE NCC account using the newly created API key.

You need to authenticate a database query if you want to update a maintainer, so you can read the entire object including auth: attributes unfiltered. The entire mntner object is returned, including all auth: attributes and no "Filtered" comment.

For example:

bash
$ curl -v --header "Accept: application/xml" \
 --header "Authorization: Basic NkhEVORLSFFETVBHVUE5VFpJQjVSRFVCOlc2R2FFdDJTa1Ry
Rk84eGgyRXFGVTRQaA==" \
 https://rest.db.ripe.net/ripe/mntner/shryane-mnt?unfiltered

Authenticated Updates using an API Key ​

We will now update a person object that is used as a "tech-c:" attribute by the maintainer.

First query for the unfiltered person object. You don't need to authenticate this step.

bash
$ curl -o output https://rest.db.ripe.net/ripe/person/ES7554-RIPE?unfiltered

Then edit the "output" file and make a change to the person object.

Then make the update in the database.

For example:

bash
$ curl -v \
  --header "Authorization: Basic NkhEVORLSFFETVBHVUE5VFpJQjVSRFVCOlc2R2FFdDJTa1Ry
Rk84eGgyRXFGVTRQaA==" \
 -X PUT -d @output \
 --header "Content-type: application/xml" \
 https://rest.db.ripe.net/ripe/person/ES7554-RIPE

The person object is updated successfully if the response is 200 OK.

Revoking an API Key ​

If you suspect that an API key has been compromised - e.g. if anyone else could know what it is - then it's safest to revoke the key and create a new one.

To do this, find the API key on the page and click on the "Revoke" button.

As soon as you revoke a key it cannot be used to authenticate queries or updates in the RIPE database.

JSON Example ​

By default, the Whois REST API uses XML format. However you can also use API keys with JSON formatted objects. Either use the ".json" filename extension at the end of the URL path, and/or specify the "application/json" content type.

First query for an object to be updated with a JSON response, for example :

bash
$ curl -v --header "Accept: application/json" \
 -o output \
 https://rest.db.ripe.net/ripe/person/ES7554-RIPE.json?unfiltered

Then edit the "output" file and make a change to the object.

Then make the update in the database specifying JSON formatted data, for example :

bash
$ curl -v \
  --header "Authorization: Basic NkhEVORLSFFETVBHVUE5VFpJQjVSRFVCOlc2R2FFdDJTa1Ry
Rk84eGgyRXFGVTRQaA==" \
 -X PUT -d @output \
 --header "Content-type: application/json" \
 https://rest.db.ripe.net/ripe/person/ES7554-RIPE.json

Last updated:

Pager
Previous pageAppendix J Ripe Test Database
Next pageGlossary