API Reference
OSINTStar API v1
REST API for integrations: authenticate via API key, plan enforcement, and per-request credit usage.
Base URL
All requests go to:
https://your-domain.com/api/v1
Authentication
Always send the x-api-key header.
x-api-key: YOUR_API_KEY
Response Format
Responses are JSON. On success they include ok: true. Multi-source results are under data.results and may include multiple endpoints.
{
"ok": true,
"endpoint": "/api/v1/search/test@example.com",
"type": "email",
"query": "test@example.com",
"plan": "basic",
"credits": 98,
"data": {
"results": {
"endpoint_16": {
"found": 3,
"results": [
{ "database": "ExampleBreach", "data": [ { "email": "test@example.com" } ] }
]
}
}
}
}Rate Limits
Rate limits are applied per IP and per user. When limited you receive 429 with theRetry-After header.
Errors
200: OK
400: invalid input
401: missing/invalid API key
402: insufficient credits
403: plan not allowed
429: rate limit
502: upstream error
500: internal error
Examples
Ready-to-use snippets to integrate the API in multiple languages.
curl "https://your-domain.com/api/v1/search/test@example.com?type=email" \ -H "x-api-key: YOUR_API_KEY"
Search
GETbasic+1 credit
/api/v1/search/{query}?type=email|username|phone|domain|ip|name|hash|url|machine_id
Universal search (optional type: if missing, it is inferred).
POSTbasic+2 credit
/api/v1/stealer
Stealer logs (body: { query, type, limit }).
curl "https://your-domain.com/api/v1/search/test@example.com?type=email" \ -H "x-api-key: YOUR_API_KEY"
curl -X POST "https://your-domain.com/api/v1/stealer" \
-H "x-api-key: YOUR_API_KEY" \
-H "content-type: application/json" \
-d '{ "query": "test@example.com", "type": "email", "limit": 50 }'Domain
GETbasic+1 credit
/api/v1/domain/{domain}
Domain intelligence + WHOIS (multi-source results).
curl "https://your-domain.com/api/v1/domain/example.com" \ -H "x-api-key: YOUR_API_KEY"
Network
GETbasic+1 credit
/api/v1/ip/{ip}
IP geolocation & threat context (multi-source results).
GETbasic+1 credit
/api/v1/phone/{phone}
Phone lookup.
GETbasic+1 credit
/api/v1/email-check/{email}
Email account check across platforms (where supported).
curl "https://your-domain.com/api/v1/ip/8.8.8.8" \ -H "x-api-key: YOUR_API_KEY"
curl "https://your-domain.com/api/v1/email-check/test@example.com" \ -H "x-api-key: YOUR_API_KEY"
Discord
GETbasic+1 credit
/api/v1/discord/user/{query}
Discord user info (user id o username).
GETbasic+1 credit
/api/v1/discord/to-roblox/{discordId}
Discord → Roblox cross-lookup.
curl "https://your-domain.com/api/v1/discord/user/123456789012345678" \ -H "x-api-key: YOUR_API_KEY"
Username
GETbasic+1 credit
/api/v1/username/{username}
Username intelligence (social accounts + username history + optional discord pivots).
curl "https://your-domain.com/api/v1/username/johndoe" \ -H "x-api-key: YOUR_API_KEY"
Email Providers
GETmedium+1 credit
/api/v1/email/leakcheck/{email}
Email breach lookup (LeakCheck).
GETmedium+1 credit
/api/v1/email/breachbase/{email}
Email breach lookup (BreachBase).
GETmedium+1 credit
/api/v1/email/keyscore/{email}
Email breach lookup (KeyScore).
GETmedium+1 credit
/api/v1/email/intelvault/{email}
Email breach lookup (IntelVault).
curl "https://your-domain.com/api/v1/email/intelvault/test@example.com" \ -H "x-api-key: YOUR_API_KEY"