API Integration Guide

The CrewOSINT REST API exposes 35+ OSINT checks as JSON endpoints. This guide walks you through authenticating with an API key, making requests, and how request metering works.

1. Authentication 2. Making requests 3. Metering & credits 4. Status codes 5. Endpoints 6. MCP (AI agents)

1. Authentication

Requests are authenticated with an API key. Create one from your account dashboard — you'll get a key that looks like co_live_…. Keep it secret; it's shown only once.

Send the key on every request using the x-api-key header:

x-api-key: co_live_your_key_here

No key? The API still works without one on the free public tier, subject to IP rate-limits. Add a key to lift those limits and have usage tracked against your balance.

2. Making requests

Every endpoint takes a url query parameter — the target site to analyse. Here's the same SSL check in three languages:

cURL

curl "https://crewosintapi.aibachkhoa.com/api/ssl?url=example.com" \
  -H "x-api-key: co_live_your_key_here"

JavaScript (fetch)

const res = await fetch(
  "https://crewosintapi.aibachkhoa.com/api/tech-stack?url=github.com",
  { headers: { "x-api-key": process.env.CREWOSINT_KEY } }
);
const data = await res.json();
console.log(data);

Python (requests)

import os, requests

resp = requests.get(
    "https://crewosintapi.aibachkhoa.com/api/dns",
    params={"url": "example.com"},
    headers={"x-api-key": os.environ["CREWOSINT_KEY"]},
)
print(resp.json())

3. Metering & credits

Pricing is pay-as-you-go: your account holds a balance of request credits. When you call the API with your key, each successful request consumes one credit.

New accounts start with 100 free credits.
Only successful responses (HTTP < 400) are charged — timeouts and errors are free.
Requests without a key are not charged (free public tier, rate-limited by IP).
When your balance hits zero, keyed requests return 402 Payment Required.
Buy more credits anytime from the dashboard — no subscription.

Check your remaining balance and usage programmatically:

curl https://crewosintapi.aibachkhoa.com/api/account/usage \
  -H "Authorization: Bearer YOUR_SESSION_JWT"

4. Status codes

Code	Meaning
`200`	Success — 1 credit charged (for keyed requests).
`401`	Missing/invalid/revoked API key.
`402`	Out of request credits — top up to continue.
`408`	The check timed out. Safe to retry; not charged.
`429`	Rate limited (free public tier). Slow down or use a key.
`500`	Server error while running the check. Not charged.

5. Endpoints

A selection of the available checks — see the full OpenAPI spec for all of them.

Endpoint	Returns
`/api/ssl`	SSL/TLS certificate details
`/api/dns`	DNS records (A, AAAA, MX, TXT…)
`/api/whois`	WHOIS registration data
`/api/headers`	HTTP response headers
`/api/ports`	Common open ports
`/api/tech-stack`	Detected technologies
`/api/threats`	Known malware / phishing flags
`/api/screenshot`	Full-page screenshot
`/api`	Run every check at once

6. MCP (AI agents)

CrewOSINT ships an MCP server that exposes every check as a tool for AI agents. Step-by-step setup for Claude Desktop, Cursor and VS Code now lives on its own page.

AI integration guide → Get your API key OpenAPI spec