Personally use Porkbun since Namecheap's API is poorly-documented and they attempted a KYC audit for purchasing a $100 domain.
I am fine with the identity verification, but their ticketing system seems to have sent all of my e-mail to their spam box, because they would never respond. I attempted opening tickets explaining the e-mail situation, but they wouldn't listen. In the end, I gave up and let them deactivate the account.
Moved to Porkbun, purchased the exact same domain (no KYC required!), and have been a happy user of their API for about two years now. They also have much more lax requirements for API usage compared to Namecheap. Porkbun also supports WebAuthn and logging in with a security key. It's overall a much nicer service than Namecheap.
That kyc thingy is icann requirement, its how domain registration works. Icann require every accredited registrar to verify registrant details so registrar would randomly ask for id, passport etc. That include porkbun, they're bound to their contract with icann as an accredited registrar too. They probably won't ask today but maybe tomorrow, or next week, or next month, or next year, or never.
They already got your details from your card details and decide its enough. Something like vpn, using niche browser, details on card not tally with registration details etc etc would throw off their threat mitigation system. Also different business operated differently, their payment gateway behave differently etc etc. Too many random factor to avoid xxx specific registrar because they ask for kyc when the kyc itself is a requirement.
The requirement in the contract is nowhere near that specific. Contact info validation is sufficient for almost all registrars. It's possible a given registry has higher standards, or maybe one registrar got some order to be more thorough, but great reason to avoid given this is a commodity and there are actually good alternatives. (I broadly like Tucows and Cloudflare)
Namecheap is on my NO NO NO list, along with GoDaddy (and a bunch of others). Google Domains was also on this OH GOD NO list, but thankfully Google did the Google thing and killed the product.
Most of my domains are on Namecheap since the times when wikipedia's domains were there. Hopefully, my low-key personal domains are of no interest to anyone...
I am fine with the identity verification, but their ticketing system seems to have sent all of my e-mail to their spam box, because they would never respond. I attempted opening tickets explaining the e-mail situation, but they wouldn't listen. In the end, I gave up and let them deactivate the account.
Moved to Porkbun, purchased the exact same domain (no KYC required!), and have been a happy user of their API for about two years now. They also have much more lax requirements for API usage compared to Namecheap. Porkbun also supports WebAuthn and logging in with a security key. It's overall a much nicer service than Namecheap.