Home In Norwegian Web search Log in
Domain handling
Guidelines Tools Error messages from the system
The registration system The registrar scheme Frequently asked questions

More about authenticaton codes and one-time tokens

The authentication code (AuthInfo) protects a domain against unwanted registrar transfers. The code can only be set and changed by the sponsoring registrar. Other registrars can see that an authentication code has been set, but they cannot see the actual code.

Protecting the domain like this is optional. There are no technical hindraces that block the transfer of a domain that has no authentication code, but according to the domain name policy, all transfers must have the holder's permission.

Setting the authentication code


Inform the domain holder of the consequences of setting an authentication code, e.g. that he must keep track of the code and that he must keep his contact information updated at all times.
Get the holder's confirmation that he wants to set an authentication code.
Make sure that the holder's email address and mobile phone number are correct and will reach the holder, as these are the contact points we will use if we have to send a one-time token directly to the holder.
Set the authentication code.
Give the code to the holder.

One-time tokens

As the registrar you must provide the domain holder with the authentication code promptly, and within 5 working days at the latest. This applies independently of any disputes between the holder and the registrar. If you cannot provide the code, e.g. due to computer malfunction or bankrupcy, the holder can have a one-time token sent directly from the registry in order to transfer to a new registrar.

When neither authentication code or one-time token apply

If all the contact addresses are invalid and the one-time token cannot reach the holder, there is a manual fallback procedure. Please note that this procedure incurs a cost of NOK 200 that the new registrar must cover (billed separately from the monthly invoices).

Have the holder's contact person document that he has disposal over the domain on behalf of the holder. The following documentation must be provided:

  • a copy of the certificate of incorporation ('firmaattest') from the Brønnøysund Register Centre, and
  • a copy of the ID of one of the persons named on the 'firmaattest' as authorised to sign on behalf of the organization (blank out the personal identification number ('fødselsnummer'))
  • individuals: a copy of an approved ID card, like passport or driver licence (blank out the personal identification number ('fødselsnummer'))
Send the documentation to us at info@norid.no with a notice of which domain name this concerns. Provide your registrar ID and the email address the one-time token is to be sent to.
When we have checked the documentation and added the new email address to the legal contact's contact object, you can start the EPP request for a one-time token and complete the transfer normally.

Last modified 9 June 2011
UNINETT Norid AS   •   NO-7465 TRONDHEIM   •   Phone +47 07355   •   Fax +47 73 55 79 99   •   info@norid.no