Developers

API Documentation

Integrate osintx_ into your tools and workflows via our REST API. API access requires a Pro or Enterprise plan.

Base URLhttps://api.osintx.io/v1

Authentication

Every request must include your API key in the Authorization header. Generate your key in account settings only available on Pro and Enterprise plans.

Authorization: Bearer oix_XXXXXXXX_XXXXXXXXXXXXXXXX_XXXXXXXX

Keep your API key secret treat it like a password. Do not expose it in client side code or public repositories.

Plans & Rate Limits

Plan	Daily Searches	Req / min (API)	API Access
Free	3	—	No
Basic	100	—	No
Pro	Unlimited	60	Yes
Enterprise	Unlimited	Custom	Yes

Daily limits reset at 00:00 UTC. The counter is shared between the web UI and API calls. A 429 is returned once the limit is reached. A search_limit of -1 means unlimited.

Search Types

Pass one of the following values as the type field in the request body:

usernameUsername across social + breach databases

emailEmail address across breach databases

ipIP geolocation, ASN, open ports, FiveM DB cross-reference

discordDiscord ID or IP — leak DB + asuas.eu + FiveM ban DB

fivemFiveM ID, IP or username across ban/player databases

minecraftMinecraft username or UUID

robloxRoblox username

githubGitHub username

cryptoCrypto wallet address (coin auto-detected from format)

bankBank BIN / IIN (6–8 digit number)

phonePhone number — carrier, country, breach hits

breachesEmail or username against breach databases

passwordPlaintext password lookup in breach dumps

ddgDuckDuckGo web search (pass-through)

allCombined username + email search

Supported Coins

The crypto type auto-detects the coin from the wallet address format:

BTCETHLTCDOGEDASHBCHZECXMRSOLTRXADAXRPXLM

Error Codes

400Bad RequestMissing or empty query field

401UnauthorizedMissing or invalid API key

403ForbiddenAccount banned, no API access on your plan, or query is blacklisted

404Not FoundUser account not found

429Too Many RequestsDaily search limit reached resets at 00:00 UTC

500Internal Server ErrorUpstream data source error

Endpoints

POST/v1/search

Pro+

Universal OSINT search across all data sources. Requires Pro or Enterprise plan.

Request Body (JSON)

query

stringrequired

Search query (username, email, IP, Discord ID, wallet address, …)

type

stringrequired

Search type — see type reference below

subtype

stringoptional

Sub-type for minecraft (username | uuid) and similar

Example Request

curl -X POST https://api.osintx.io/v1/search \
  -H "Authorization: Bearer oix_XXXXXXXX_XXXXXXXXXXXXXXXX_XXXXXXXX" \
  -H "Content-Type: application/json" \
  -d '{"query":"shadow","type":"username"}'

Example Response

{
  "query": "shadow",
  "type": "username",
  "results": [
    {
      "_type": "osint_profile",
      "username": "shadow",
      "platform": "GitHub",
      "profile_url": "https://github.com/shadow"
    },
    {
      "_type": "breach_vip",
      "username": "shadow",
      "email": "shadow@example.com",
      "source": "SomeBreachDB"
    }
  ],
  "usage": {
    "searches_today": 5,
    "search_limit": -1,
    "searches_total": 312
  }
}

POST/v1/search (type: ip)

Pro+

IP lookup — geolocation, ASN, open ports, hostnames, and cross-reference against FiveM ban databases.

Request Body (JSON)

query

stringrequired

IPv4 address

type

stringrequired

Must be "ip"

Example Request

curl -X POST https://api.osintx.io/v1/search \
  -H "Authorization: Bearer oix_XXXXXXXX_XXXXXXXXXXXXXXXX_XXXXXXXX" \
  -H "Content-Type: application/json" \
  -d '{"query":"185.220.101.47","type":"ip"}'

Example Response

{
  "query": "185.220.101.47",
  "type": "ip",
  "results": [
    {
      "_type": "ip_profile",
      "ip": "185.220.101.47",
      "org": "Hetzner Online GmbH",
      "asn": "AS24940",
      "country": "Germany",
      "country_code": "DE",
      "city": "Nuremberg",
      "is_hosting": "true",
      "open_ports_count": 3
    },
    {
      "_type": "fivem_db_record",
      "source": "FiveM Ban DB (fivem4)",
      "name": "SomePlayer",
      "reason": "Cheating",
      "ip": "185.220.101.47",
      "discord": "1234567890123456789"
    }
  ]
}

POST/v1/search (type: discord)

Pro+

Discord ID lookup — leak DB, asuas.eu enrichment, FiveM ban DB cross-reference, and IP geolocation of linked IPs.

Request Body (JSON)

query

stringrequired

Discord user ID (17–20 digit snowflake)

type

stringrequired

Must be "discord"

Example Request

curl -X POST https://api.osintx.io/v1/search \
  -H "Authorization: Bearer oix_XXXXXXXX_XXXXXXXXXXXXXXXX_XXXXXXXX" \
  -H "Content-Type: application/json" \
  -d '{"query":"1121458146423091250","type":"discord"}'

Example Response

{
  "query": "1121458146423091250",
  "type": "discord",
  "results": [
    {
      "_type": "discord_record",
      "discord_id": "1121458146423091250",
      "username": "Tornado",
      "ip": "176.199.253.84",
      "source": "Discord DataBase"
    },
    {
      "_type": "fivem_db_record",
      "source": "FiveM Ban DB (fivem4)",
      "name": "Tornado",
      "reason": "pca SteamName Tornado",
      "discord": "1121458146423091250",
      "ip": "176.199.253.84, 176.199.252.82",
      "steam": "110000156280515",
      "fivem": "8034825"
    },
    {
      "_type": "ip_profile",
      "ip": "176.199.253.84",
      "country": "Germany",
      "org": "Deutsche Telekom AG"
    }
  ]
}

POST/v1/search (type: fivem)

Pro+

FiveM lookup across ban databases (fivem4, fivem3, fivem2, SQL) and asuas.eu. Search by FiveM ID, IP address, or in-game username.

Request Body (JSON)

query

stringrequired

FiveM numeric ID, IP address, or in-game name

type

stringrequired

Must be "fivem"

Example Request

curl -X POST https://api.osintx.io/v1/search \
  -H "Authorization: Bearer oix_XXXXXXXX_XXXXXXXXXXXXXXXX_XXXXXXXX" \
  -H "Content-Type: application/json" \
  -d '{"query":"8034825","type":"fivem"}'

Example Response

{
  "query": "8034825",
  "type": "fivem",
  "results": [
    {
      "_type": "fivem_db_record",
      "source": "FiveM Ban DB (fivem4)",
      "name": "Tornado",
      "banner": "BFS x Jonas",
      "reason": "pca SteamName Tornado",
      "banid": 1,
      "discord": "1121458146423091250",
      "fivem": "8034825",
      "steam": "110000156280515",
      "ip": "176.199.253.84, 176.199.252.82",
      "license": "77cbaed21caff0fdc79f3264d1f83aa44d1c6f00",
      "expireString": "24/12/2300  00:00:00"
    }
  ]
}

POST/v1/search (type: crypto)

Pro+

Crypto wallet lookup — balance, transaction history, CoinJoin / mixer risk flags. Coin is auto-detected from the address format.

Request Body (JSON)

query

stringrequired

Wallet address (BTC, ETH, LTC, DOGE, DASH, BCH, ZEC, XMR, SOL, TRX, ADA, XRP, XLM)

type

stringrequired

Must be "crypto"

Example Request

curl -X POST https://api.osintx.io/v1/search \
  -H "Authorization: Bearer oix_XXXXXXXX_XXXXXXXXXXXXXXXX_XXXXXXXX" \
  -H "Content-Type: application/json" \
  -d '{"query":"1A1zP1eP5QGefi2DMPTfTL5SLmv7Divf","type":"crypto"}'

Example Response

{
  "_type": "crypto_wallet",
  "coin": "BTC",
  "address": "1A1zP1eP5QGefi2DMPTfTL5SLmv7Divf",
  "balance": 6859271066,
  "balance_usd": 5625402.27,
  "total_received": 6859271066,
  "total_sent": 0,
  "final_n_tx": 3472,
  "swap_count": 0,
  "first_seen": "2009-01-03T18:15:05Z",
  "last_seen": "2024-11-18T12:00:00Z"
}

GET/v1/account/usage

Pro+

Returns your current plan, daily search count, limit and total searches.

Example Request

curl https://api.osintx.io/v1/account/usage \
  -H "Authorization: Bearer oix_XXXXXXXX_XXXXXXXXXXXXXXXX_XXXXXXXX"

Example Response

{
  "plan": "Pro",
  "searches_today": 42,
  "search_limit": -1,
  "searches_total": 1337,
  "api_access": true
}