Everyone

OpenSRS (Tucows)

How to configure and use the OpenSRS registrar module in Commerce, including API key generation, OPS XML format, and HMAC-MD5 authentication.

Last updated 1776211200
  • Connection Test
  • Setup Checklist
  • Notes
  • Related

    • Overview

    OpenSRS is the wholesale/white-label registrar arm of Tucows, targeting larger resellers and registrar platforms. It uses a custom XML-based protocol (OPS XML) with double HMAC-MD5 request signing. Commerce fully handles the signing and XML construction.

    Credential Fields

    Field Description
    Username Your OpenSRS reseller username
    Private Key The API private key generated in your OpenSRS profile
    Sandbox Toggle on to use the OpenSRS test environment

    Getting Your Credentials

    1. Log in to your OpenSRS reseller account at opensrs.com.
    2. Go to Profile → API Access.
    3. Click Generate Private Key (or copy the existing one).
    4. Your account login username is the API username.

    Sandbox vs Production

    Environment API Endpoint
    Sandbox https://horizon.opensrs.net:55443
    Production https://rr-n1-tor.opensrs.net:55443

    Note the non-standard port 55443 — ensure this port is open outbound from your Commerce server. Request a sandbox account from OpenSRS support if you don't already have one.

    API Protocol

    • Transport: HTTPS POST
    • Request format: Custom OPS XML envelope (see below)
    • Response format: OPS XML
    • Authentication: X-Username and X-Signature HTTP headers

    OPS XML Envelope Structure

    <?xml version='1.0' encoding='UTF-8' standalone='no'?>
<!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'>
<OPS_envelope>
  <header>
    <version>0.9</version>
  </header>
  <body>
    <data_block>
      <dt_assoc>
        <item key="protocol">XCP</item>
        <item key="action">LOOKUP</item>
        <item key="object">DOMAIN</item>
        ...
      </dt_assoc>
    </data_block>
  </body>
</OPS_envelope>

    Signature Computation

    OpenSRS uses a double HMAC-MD5 signature over the raw XML request body:

    signature = MD5( MD5(body + private_key) + private_key )

    This is computed on the raw XML string (not URL-encoded). Commerce handles this automatically.

    Success Detection

    The parsed response's is_success field equals '1' on success. Any other value (or a missing field) is treated as failure.

    Connection Test

    Commerce sends a QUERY action for a domain availability check. A valid response (regardless of availability result) confirms credentials and connectivity.

    Setup Checklist

    1. Go to Admin → Settings → Registrar → OpenSRS.
    2. Enter your username and private key.
    3. Toggle Sandbox on if using a test account.
    4. Click Test Connection — confirm success.
    5. Save.
    6. Populate the TLD Manager with OpenSRS's TLD catalog and retail prices.

    Notes

    • OpenSRS targets volume resellers and larger registrar backends. If you're managing fewer than a few hundred domains, Enom or Namecheap may be more practical.
    • The private key must be at least 22 characters — shorter keys are rejected by the API.
    • OpenSRS's sandbox is separate from production and does not share account state.

    Related

    Previous
    ← Enom (Tucows)
    Next
    Namecheap →