More about transfer codes and one-time tokens

The transfer code (AuthInfo) protects a domain against unwanted registrar transfers. The code can only be set and changed by the sponsoring registrar. Other registrars can see that a transfer code has been set, but they cannot see the actual code.

Setting the transfer code

  1. Inform the domain holder of what a transfer code is and what it means for them, e.g. that they must keep track of the code and that they must keep their contact information updated at all times.
  2. Make sure that the holder’s email address and mobile phone number are correct and will reach the holder, as these are the contact points we will use if we have to send a one-time token directly to the holder.
  3. Set the authentication code.
  4. Give the code to the holder.

One-time tokens

As the registrar you must provide the domain holder with the authentication code promptly, and within 5 working days at the latest. This applies independently of any disputes between the holder and the registrar. If you cannot provide the code, e.g. due to computer malfunction or bankrupcy, the holder can have a one-time token sent directly from the registry in order to transfer to a new registrar.

When neither authentication code or one-time token apply

If all the contact addresses are invalid and the one-time token cannot reach the holder, there is a manual fallback procedure where Norid adds an email address as a contact point on the domain.

  1. Have the holder’s contact person document that he has disposal over the domain on behalf of the holder. The following documentation must be provided:

    • a copy of the certificate of incorporation (‘firmaattest’) from the Brønnøysund Register Centre, and
    • a copy of the ID of one of the persons named on the ‘firmaattest’ as authorised to sign on behalf of the organization (blank out the personal identification number (‘fødselsnummer’))
    • individuals: a copy of an approved ID card, like passport or driver licence (blank out the personal identification number (‘fødselsnummer’))
  2. Send the documentation to us at with a notice of which domain name this concerns. Provide your registrar ID and the email address the one-time token is to be sent to.
  3. When we have checked the documentation and added the new email address, you can start the EPP request for a one-time token and complete the transfer normally.
Published 9 October 2015 • Last updated 15 April 2020