What is the AUTH or transfer code for a domain?

Anyone planning to transfer a domain name will need an Authorization Code (Auth Code) to verify ownership during the transaction. A domain name, whether it's a country code top-level domain (ccTLD) or an old and new generic domain (gTLD), is an intangible asset tied to the owner, not the provider who registers it on their behalf. Therefore, transferring a domain to a new provider or selling it on the market is legally permissible. The AUTH Code is crucial to ensure that this transfer cannot occur without prior verification and legitimization by the current owner.

What is the AUTH Code?

The AUTH code consists of six or more letters, numbers, and special characters arranged in a random order by an algorithm. It acts as a kind of password, used by a new provider to prove the current owner's consent for a transfer during a provider change. The combination of the code digits is unrelated to the domain address (Second Level Domain), even though different new generic domains can differ in structure - primarily in length - based on their ending. For security reasons, the calculation is not done automatically, for example during registration. Instead, the currently responsible registrar generates it upon request or if a customer cancels their domain.

In which situations is an AUTH code required?

For setting up and everyday administration of a domain, including configuring external nameservers in the Domain Name System (DNS), an AUTH code is not needed. Here, the website administrator authenticates themselves through other mechanisms such as logging into the registrar's customer area. The AUTH, Auth-Info, or Transfer Code is only used in the following three situations:

• Selling a domain
• Transferring a domain to a new provider
• Transferring ownership to a new owner as a gift

An AUTH code is also not required when changes only affect the webspace that new generic domains or ccTLDs point to - for example, when there are changes to the technical infrastructure but the responsible provider or registrar remains the same. Examples include moving web hosting without moving the domain to a different webspace, a Virtual Private Server, or a Dedicated Server. In this case, only the entries in the Domain Name System (DNS) - such as the A Record, AAAA Record, CNAME, or MX Record on the nameserver need to be adjusted.

How do I obtain an AUTH code?

Customers can request an AUTH code from their current registrar if they need to transfer the domain. This code is generated and usually delivered via email. The duration of the process depends on the providers involved and the specific new generic domains affected, typically ranging from a few hours to several days. In most cases, providers do not charge for this service, but they may sometimes require that the customer has already terminated their domain before requesting an AUTH code.

How to use the AUTH code?

To initiate a domain transfer, a new registrar or provider must be engaged to take over the registration. The new provider will request the AUTH code from their new customer and contact the old provider to submit a Connectivity Coordination Request (CCR). If all data is complete and the code provided is correct, the Network Information Center (NIC) managing the respective TLD will update its database. For the .de ccTLD, this is handled by DENIC, while new generic domains are managed by various administrators on a licensing basis for several decades.

What to consider with an AUTH code?

An AUTH code is strictly confidential and should never be shared with a third party. Additionally, it has a limited validity period for use, typically 30 days from the date of issue. If errors occur during the provider switch that prevent the domain transfer, the new provider usually contacts their customer to request a correction.

Photo: Jan Alexander on Pixabay