OsintX.IO Developer API
Enterprise API reference
Enterprise accounts get API access with an ox_live_ key. Run every catalog provider individually, check your plan and daily limits, or use the unified search pipeline. Each API request costs EUR 0.50 in credits — same limits as the dashboard.
Overview
All endpoints live under https://osintx.io/api/v1/. Authenticate with your API key via Bearer token or the x-osintx-api-key header. Your subscription plan gates which providers and search types are available — the API enforces the same rules as the dashboard.
Generate key
Dashboard → Settings → API key (Enterprise only).
Check limits
GET /api/v1/account shows plan, credits, daily remaining.
Run providers
POST /api/v1/providers/{id} for single-source lookups.
Unified pipeline
POST /api/v1/search runs the full workspace orchestration.
API keys
Keys start with ox_live_ and are tied to your account plan. Generate or rotate via POST /api/auth/api-key (session required, Enterprise + api_access). Store keys securely — they grant full API access under your plan limits.
Authentication
Two equivalent methods:
Authorization: Bearer ox_live_xxxxxxxx
# or
x-osintx-api-key: ox_live_xxxxxxxxSession cookies also work when browsing docs while logged in. External automation should always use the API key.
Account & limits
GET /api/v1/account returns your plan tier, credit balance, general search quota remaining, IntelX daily cap, and image geolocation daily cap.
curl -sS "https://osintx.io/api/v1/account" \
-H "Authorization: Bearer YOUR_OX_LIVE_KEY"{
"ok": true,
"user": {
"username": "yourname",
"plan": "Enterprise",
"plan_tier": "enterprise",
"api_access": true,
"has_api_key": true,
"credit_cents": 5000,
"credit_eur": 50
},
"quota": {
"searches_today": 12,
"search_limit": 250,
"searches_remaining": 238,
"unlimited": false,
"search_boost_extra": 0
},
"intelx": {
"daily_limit": 20,
"searches_today": 3,
"remaining": 17
},
"image_geolocation": {
"daily_limit": 15,
"searches_today": 2,
"remaining": 13
},
"plan_limits": {
"search_daily": 250,
"intelx_daily": 20,
"image_geolocation_daily": 15
}
}Providers
Each provider maps to POST /api/v1/providers/{providerId}. Pass query and optionally modeId. Discord accepts modules[] (max 3). Breach.vip accepts wildcard. Free open OSINT providers (crt.sh, RDAP, Gravatar, Username Radar) use the same endpoint — see Open OSINT.
{
"ok": true,
"providerId": "snusbase",
"modeId": "email",
"query": "target@example.com",
"data": { },
"quota": {
"searches_today": 13,
"search_limit": 250,
"searches_remaining": 237
},
"credits_remaining_cents": 4950
}Open OSINT (free)
These providers run on OsintX built-in backends — no third-party API keys. Available on the Free plan and callable via the same POST /api/v1/providers/{id} endpoint as paid sources. Social Username also includes free GitHub, GitLab, Dev.to, and Hacker News profile lookups.
Certificate transparency (crt.sh)
curl -sS -X POST "https://osintx.io/api/v1/providers/crtsh" \
-H "Authorization: Bearer YOUR_OX_LIVE_KEY" \
-H "Content-Type: application/json" \
-d '{"query":"YOUR_QUERY","modeId":"domain"}'RDAP domain lookup
curl -sS -X POST "https://osintx.io/api/v1/providers/rdap" \
-H "Authorization: Bearer YOUR_OX_LIVE_KEY" \
-H "Content-Type: application/json" \
-d '{"query":"YOUR_QUERY","modeId":"domain"}'Gravatar email lookup
curl -sS -X POST "https://osintx.io/api/v1/providers/gravatar" \
-H "Authorization: Bearer YOUR_OX_LIVE_KEY" \
-H "Content-Type: application/json" \
-d '{"query":"YOUR_QUERY","modeId":"email"}'Username Radar
curl -sS -X POST "https://osintx.io/api/v1/providers/username-radar" \
-H "Authorization: Bearer YOUR_OX_LIVE_KEY" \
-H "Content-Type: application/json" \
-d '{"query":"YOUR_QUERY","modeId":"username"}'Social Username (GitHub, GitLab, Dev.to, HN)
curl -sS -X POST "https://osintx.io/api/v1/providers/social-username" \
-H "Authorization: Bearer YOUR_OX_LIVE_KEY" \
-H "Content-Type: application/json" \
-d '{"query":"YOUR_QUERY","modeId":"username"}'Unified search
POST /api/v1/search runs the same multi-source pipeline as the dashboard workspace. Body: query, type, optional wildcard, optional minecraftType.
curl -sS -X POST "https://osintx.io/api/v1/search" \
-H "Authorization: Bearer YOUR_OX_LIVE_KEY" \
-H "Content-Type: application/json" \
-d '{"query":"someuser","type":"username","wildcard":false}'Image geolocation
Pro and Enterprise: 15 analyses per UTC day. Send multipart form-data with an image field to POST /api/v1/image-geolocation or POST /api/v1/providers/image-geolocation.
curl -sS -X POST "https://osintx.io/api/v1/image-geolocation" \
-H "Authorization: Bearer YOUR_OX_LIVE_KEY" \
-F "image=@/path/photo.jpg"AI Analyzer
POST /api/v1/ai-analyzer streams analysis of search results (Enterprise). Pass query, searchType, and resultsContext or messages for follow-ups.
Plans & credits
Each v1 request debits EUR 0.50 (50 credit cents). Daily search limits by tier: Free 3, Basic 25, Pro 60, Enterprise 250. IntelX: Pro 5/day, Enterprise 20/day. Image geolocation: Pro/Enterprise 15/day.
Your session tier: free
HTTP status codes
Quick examples
Account snapshot
curl -sS "https://osintx.io/api/v1/account" \
-H "Authorization: Bearer YOUR_OX_LIVE_KEY"Snusbase email lookup
curl -sS -X POST "https://osintx.io/api/v1/providers/snusbase" \
-H "Authorization: Bearer YOUR_OX_LIVE_KEY" \
-H "Content-Type: application/json" \
-d '{"query":"YOUR_QUERY","modeId":"email"}'Discord modules
curl -sS -X POST "https://osintx.io/api/v1/providers/discord" \
-H "Authorization: Bearer YOUR_OX_LIVE_KEY" \
-H "Content-Type: application/json" \
-d '{"query":"793548887089913886","modules":["profile","history","expose"]}'