ProbeX Documentation

The ProbeX REST API gives you programmatic access to the most comprehensive OSINT intelligence engine on the internet. Search across emails, IPs, domains, usernames, phone numbers, and hashes with a single authenticated HTTP request.

The REST API is live. It runs the same multi-source OSINT engine as the web app and requires a paid plan (Rookie or higher). Each call returns results from every available source for that lookup type.

Base URL

BASE https://YOUR_DOMAIN/api/v1

All endpoints below are relative to /api/v1 on your ProbeX host. Replace YOUR_DOMAIN with the domain where this instance is deployed.

Supported Protocols

  • HTTPS recommended for all requests in production.
  • All endpoints use GET and return JSON (Content-Type: application/json).
  • Authentication is required and the account must be on a paid plan.

Quick Start

Get your first lookup result in under 60 seconds:

  1. Create a free account to receive your API key.
  2. Copy your API key from the Dashboard.
  3. Make your first request (example below).
cURL Email lookup example 
# Replace YOUR_API_KEY and YOUR_DOMAIN
curl -X GET \
  "https://YOUR_DOMAIN/api/v1/lookup/email?q=target@example.com" \
  -H "Authorization: Bearer YOUR_API_KEY"

Authentication

ProbeX accepts your API key two ways: a Bearer token in the Authorization header (recommended), or a ?key= query parameter. API access requires an active paid plan — Free accounts receive 403 forbidden.

HTTP Header (recommended) 
Authorization: Bearer px_live_<your_key>
Query parameter (alternative) 
GET /api/v1/lookup/ip?q=8.8.8.8&key=px_live_<your_key>
Never expose your API key in client-side JavaScript or public repositories. Treat it like a password. Rotate it immediately if compromised.

Obtaining Your API Key

Your API key is available in your Dashboard under the API Key section. Each account has one key per tier. Enterprise accounts can request additional keys.

Email Lookup

Investigate any email address across breach analytics, disposable/temp-mail detection, MX/SPF/DMARC, Gravatar, stealer-log databases, ProtonMail PGP, X / Twitter registration, and more. Sources include XposedOrNot, ProxyNova COMB, Hudson Rock, mailcheck.ai, and Gravatar.

GET /api/v1/lookup/email

Parameters

ParameterTypeDescription
qRequired string The email address to investigate.
Python Email lookup 
import requests

API_KEY = "px_live_your_key_here"
BASE    = "https://YOUR_DOMAIN/api/v1"

response = requests.get(
    f"{BASE}/lookup/email",
    headers={"Authorization": f"Bearer {API_KEY}"},
    params={"q": "target@example.com"}
)
data = response.json()

IP Lookup

Full intelligence on any IPv4 or IPv6 address: geolocation (ip-api, FreeIPAPI, DB-IP, ipinfo), ASN & network ownership (RDAP), open ports & CVEs (Shodan InternetDB), reverse-IP co-hosted domains, and VPN / proxy / Tor exit-node detection.

GET /api/v1/lookup/ip

Parameters

ParameterTypeDescription
qRequired string IPv4 or IPv6 address to investigate.

Domain Lookup

DNS records (A, AAAA, CNAME, MX, NS, TXT, CAA, SOA via Google & Cloudflare DoH), RDAP registration / registrar, subdomain enumeration via Certificate Transparency (crt.sh + Certspotter), Wayback Machine history, AlienVault OTX threat pulses, urlscan.io, and Hudson Rock stealer intel.

GET /api/v1/lookup/domain

Parameters

ParameterTypeDescription
qRequired string Domain name (e.g. example.com).

Username Search

Hunt a username across developer, social, and gaming platforms simultaneously — GitHub, GitLab, Bitbucket, Reddit, Hacker News, DEV.to, Keybase, Docker Hub, HuggingFace, npm, Steam, Chess.com, and Lichess — plus Hudson Rock stealer-log matches.

GET /api/v1/lookup/username
ParameterTypeDescription
qRequired string Username or alias to search.

Phone Lookup

Parses an E.164 number to identify the country / dial prefix, area code (NANP), digit-count validity, and canonical formatting. Carrier and line-type detection require a paid telco API and are not included.

GET /api/v1/lookup/phone
ParameterTypeDescription
qRequired string E.164 formatted phone number (e.g. +12125550100).

Hash Lookup

Identifies the likely hash algorithm by length/format (MD5, SHA-1, SHA-256, SHA-512, bcrypt, NTLM, and more). For SHA-1 hashes it performs a privacy-preserving k-anonymity check against Have I Been Pwned's Pwned Passwords range API and returns how many times that hash appears in breach corpora.

This endpoint reports breach exposure counts — it does not crack hashes or return plaintext passwords.
GET /api/v1/lookup/hash
ParameterTypeDescription
qRequired string The hash string to analyze. Algorithm is auto-detected.

Plan Allowances

API access requires a paid plan. Each plan includes a monthly credit allotment and a fair-use daily search ceiling. One lookup consumes one credit. Free accounts cannot use the API.

PlanAPI accessCredits / monthSearches / day
Free✗ (web only)1010
Rookie3,000100
Amateur15,000500
Pro60,0002,000
EnterpriseUnlimitedUnlimited

Upstream OSINT providers may apply their own rate limits; if a source is temporarily throttled it is returned with a rate_limited status rather than failing the whole lookup.

Response Format

Every successful lookup returns the same envelope: the query, the type, a success flag, an array of sources (each with its own name, status, and data), and a flattened summary with the headline findings and a risk assessment.

JSON GET /api/v1/lookup/ip?q=8.8.8.8 (trimmed) 
{
  "query": "8.8.8.8",
  "type": "ip",
  "success": true,
  "sources": [
    {
      "name": "ip-api.com",
      "status": "success",
      "data": { "country": "United States", "isp": "Google LLC",
                 "as_number": "AS15169", "is_proxy": false }
    },
    {
      "name": "RDAP (Network)",
      "status": "success",
      "data": { "cidr": "8.8.8.0/24", "abuse_contact": "network-abuse@google.com" }
    }
  ],
  "summary": {
    "country": "United States", "isp": "Google LLC",
    "net_cidr": "8.8.8.0/24", "risk": "low", "flags": []
  }
}

Per-source status values include success, not_found, no_results, rate_limited, timeout, unavailable, and error.

Error Codes

HTTP CodeMeaningDescription
400bad_requestMissing query parameter ?q=.
401unauthorizedMissing or invalid API key.
403forbiddenAPI access requires a paid plan. Upgrade at /pricing.
500server_errorUnexpected internal error.
JSON Error response shape 
{
  "error": "API access requires a paid plan. Visit /pricing to upgrade.",
  "code": 403
}

Code Examples

Python

Python 3 requests library 
import requests

API_KEY = "px_live_your_key_here"
BASE    = "https://YOUR_DOMAIN/api/v1"
HEADERS = {"Authorization": f"Bearer {API_KEY}"}

# Email lookup
r = requests.get(f"{BASE}/lookup/email", headers=HEADERS,
               params={"q": "target@example.com"})
data = r.json()

# IP lookup
r = requests.get(f"{BASE}/lookup/ip", headers=HEADERS,
               params={"q": "8.8.8.8"})
ip_data = r.json()

Node.js

Node.js native fetch (v18+) 
const API_KEY = 'px_live_your_key_here';
const BASE    = 'https://YOUR_DOMAIN/api/v1';

async function lookup(type, query) {
  const url = `${BASE}/lookup/${type}?q=${encodeURIComponent(query)}`;
  const res = await fetch(url, {
    headers: { 'Authorization': `Bearer ${API_KEY}` }
  });
  return res.json();
}

// Usage
const result = await lookup('email', 'user@example.com');
console.log(result);

cURL

cURL shell / terminal 
# Email
curl -sG "https://YOUR_DOMAIN/api/v1/lookup/email" \
  -H "Authorization: Bearer px_live_your_key_here" \
  --data-urlencode "q=target@example.com" | python3 -m json.tool

# IP
curl -sG "https://YOUR_DOMAIN/api/v1/lookup/ip" \
  -H "Authorization: Bearer px_live_your_key_here" \
  --data-urlencode "q=8.8.8.8"

# Domain (or pass the key as a query param instead of a header)
curl -sG "https://YOUR_DOMAIN/api/v1/lookup/domain" \
  --data-urlencode "q=example.com" \
  --data-urlencode "key=px_live_your_key_here"