API or Method to Check Whether a Netlify Subdomain Is Claimable

As part of Kubernetes security tooling, we scan DNS mappings that point to Netlify in order to identify dangling DNS records.

During this process, we noticed that performing a GET request on Netlify subdomains does not help differentiate between claimable and non-claimable project names.

For example, both of the following return 404:

1. kubernetes.netlify.app

2. projectnamewhichdoesntexistsolongrandom.netlify.app

However:

• The second domain is claimable

• The first domain is not claimable

From an external perspective, both behave identically (HTTP 404), which makes it difficult to reliably detect dangling records.

Is there any public API, endpoint, or supported mechanism that allows us to determine whether a given *.netlify.app project name is claimable or already reserved/owned?

This would greatly help in accurately detecting and mitigating potential subdomain takeover risks.

Thank you.

You can try sending a POST request to Netlify API to create a site with a custom subdomain. If the subdomain is available, the site would be createdm otherwise you’d get an error.

Or instead of creating a new site everytime, you can have a dummy site in place and simply use the API to update its name.