Skip to main content

Registrar Data Escrow Reporting FAQ

1. What is RRI?

The Registration Reporting Interfaces (RRI) system is a RESTful API with support for HTTP Basic Authentication. RRI is made available by ICANN to registry operators, Data Escrow Agents (DEAs), and registrars to fulfill and monitor applicable reporting requirements.

2. What functionality has been added to RRI?

The RRI update from September 2018 allows Registrar DEAs to provide notifications to ICANN regarding data escrow deposits received from ICANN-accredited registrars.

A registrar will be able to use RRI to monitor its data escrow reporting status as well as obtain details about the deposit verification notifications that ICANN has received from its DEA. Additionally, registrars have the option to provide their own notifications to ICANN about the data escrow deposits they have made with their DEA.

Additional information on how to use this functionality is available in the formal specification at

3. What do the result codes in the RRI data escrow notifications mean?

The result codes defined in section 2.2 of the RRI specification at are used to identify different ways in which a data escrow deposit does not conform with the Registrar Data Escrow Specifications.

A mapping of the result codes used by the DEAs with the corresponding requirements from the Registrar Data Escrow Specifications is available at

4. Who is the Registrar Data Escrow reporting functionality for?

The added functionality is intended for use by Registrar DEAs, as well as ICANN-accredited registrars.

5. Are there any changes to the functionality for Registry Operators and Registry Data Escrow Agents in RRI with the Registrar Data Escrow reporting updates?

RRI functionality available to registry operators and Registry DEAs remains unaffected by the Registrar Data Escrow reporting functionality.

6. I am an ICANN-accredited registrar. Am I required to use the Registrar Data Escrow reporting service in RRI?

There is no requirement for ICANN-accredited registrars under the 2013 RAA to use RRI. Registrars that are interested in using RRI may request access credentials voluntarily.

However, use of this service requires registrars to provide their own notifications to RRI about the data escrow deposits they have made, as defined in the "Registrar Reporting" section of the formal specification at

7. How do I get access to RRI?

To receive production credentials for the RRI system, please have the Registrar Primary Contact send a request to and provide the following information:

  • The IPv6 and IPv4 prefixes used to connect to the production RRI system. These prefixes will be whitelisted to provide access to the production environment.
  • Bcrypt(10) version 2a hash of the password that will be used. The password used to generate this hash must be between 16 and 64 random characters.
  • Supported characters are letters (a-z, A-Z), digits (0-9), and the following special characters:
    • space, ! # $ % & ( ) * + - . / : < > = ? @ [ ] ^ _ | { }

8. How can I get a Bcrypt hash?

Bcrypt is a widely known algorithm. Libraries and online tools are available online that may be used to generate the hash of the password that needs to be used.

9. How can I test the functionality available in RRI?

ICANN currently hosts an Operational Test and Evaluation (OT&E) environment of RRI exclusively for end user testing. This environment can be used to gain familiarity with the available interfaces, as well as to test system integration with RRI.

To gain access to the RRI OT&E environment, please email a request to and include the registrar name and IANA ID, a contact email address, and the list of IP addresses or address ranges that will be used to connect to RRI for testing.

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."