Programmatic access to OSINTNova through API requests.
API access is available for Pro subscribers. Generate your key in the OSINTNova Platform and include it in each request path.
https://app.osintnova.com/bosintapi/Quickstart
Run a request with your API key to validate access before integrating additional commands.
curl "https://app.osintnova.com/bosintapi/YOUR_API_KEY/ip/8.8.8.8"
Authentication
All API requests must include your secret API key in the URL path. This ensures secure access to your daily quota and command set.
Endpoint Architecture
API Endpoints
All endpoints accept GET and POST requests. Parameters can be passed via URL path, query string, or JSON body.
Retrieve geolocation, ISP, ASN, and threat intelligence for an IP address. Also available as /iplookup/{ip}.
| Parameter | Type | Description |
|---|---|---|
| ip_address | string | IPv4 or IPv6 address required |
GET /bosintapi/{key}/ip/8.8.8.8DNS records, WHOIS data, registrar info, and Microsoft tenant detection.
| Parameter | Type | Description |
|---|---|---|
| domain | string | Domain name (e.g., example.com) required |
GET /bosintapi/{key}/domain/google.comCarrier info, location, line type, timezone, and associated names when available.
| Parameter | Type | Description |
|---|---|---|
| number | string | Phone number with country code required |
GET /bosintapi/{key}/phone/+12025551234Profile data, account creation date, badges, bot status, and activity patterns.
| Parameter | Type | Description |
|---|---|---|
| user_id | string | Discord user ID (snowflake) required |
GET /bosintapi/{key}/discord/123456789012345678Steam profile analysis including games, friends, and account statistics.
| Parameter | Type | Description |
|---|---|---|
| steam_id | string | SteamID64 or vanity URL required |
GET /bosintapi/{key}/steam/76561198012345678Check if an email has been compromised in known data breaches. Also available as /email-pwn/{email}.
| Parameter | Type | Description |
|---|---|---|
| string | Email address to check required |
GET /bosintapi/{key}/email/[email protected]Search for a username across 3,000+ social media platforms and websites.
| Parameter | Type | Description |
|---|---|---|
| username | string | Username to search required |
GET /bosintapi/{key}/username/johndoeSearch for mentions across dark web sources and breach databases.
| Parameter | Type | Description |
|---|---|---|
| query | string | Search term (email, username, etc.) required |
GET /bosintapi/{key}/darkweb/[email protected]Check if a password has been exposed in known data breaches.
| Parameter | Type | Description |
|---|---|---|
| password | string | Password to check required |
GET /bosintapi/{key}/password/test123Analyze URLs for safety, redirects, and threat intelligence. Also available as /url-detective/{url}.
| Parameter | Type | Description |
|---|---|---|
| url | string | Full URL to analyze required |
GET /bosintapi/{key}/url/https://example.comVehicle identification number lookup for automotive intelligence.
| Parameter | Type | Description |
|---|---|---|
| vin | string | 17-character VIN required |
GET /bosintapi/{key}/vin/1HGBH41JXMN109186Response Format
All responses are JSON with a consistent structure. Every response includes metadata about your API usage.
Successful Response
{
"success": true,
"data": {
"phone": "202-555-1234",
"location": "Washington, DC",
"carrier": "Verizon Wireless",
"line_type": "MOBILE",
"time_zone": "America/New_York"
},
"query": "+12025551234",
"api_metadata": {
"daily_usage": 42,
"daily_limit": 1000,
"command": "phone",
"timestamp": "2025-01-20T15:30:00.000Z"
}
}
HTTP Status Codes
The API uses standard HTTP status codes to indicate request outcomes.
| Code | Status | Description |
|---|---|---|
| 200 | OK | Request successful, data returned |
| 400 | Bad Request | Missing required parameter or invalid format |
| 401 | Unauthorized | Invalid or missing API key |
| 403 | Forbidden | Account suspended or Pro subscription required |
| 429 | Too Many Requests | Daily limit (1000) or rate limit (120/min) exceeded |
| 500 | Internal Error | Server error, try again later |
Error Codes
Error responses include a code field for programmatic handling.
{
"success": false,
"error": "Invalid API key",
"code": "INVALID_API_KEY"
}
Error Code Reference
| Code | HTTP | Description |
|---|---|---|
| INVALID_API_KEY | 401 | API key is invalid or not found |
| PRO_REQUIRED | 403 | Active Pro subscription required for API access |
| ACCOUNT_SUSPENDED | 403 | Account has been suspended |
| RATE_LIMIT_EXCEEDED | 429 | Daily limit of 1000 calls exceeded |
| UNKNOWN_COMMAND | 400 | Command not recognized |
| UNSUPPORTED_COMMAND | 400 | Command exists but not available via API |
| INTERNAL_ERROR | 500 | Server-side error occurred |
daily_usage and daily_limit fields to help you track usage.
Python Example
Use the requests library to interact with the OSINTNova API.
import requests API_KEY = "bosint_your_api_key_here" BASE_URL = "https://app.osintnova.com/bosintapi" def ip_lookup(ip_address): url = f"{BASE_URL}/{API_KEY}/ip/{ip_address}" response = requests.get(url) data = response.json() if data['success']: return data['data'] else: print(f"Error: {data['error']} ({data.get('code', 'N/A')})") return None # Example usage result = ip_lookup("8.8.8.8") if result: print(f"Country: {result.get('country')}") print(f"ISP: {result.get('isp')}")
cURL Examples
Test endpoints directly from your terminal.
# IP Lookup curl "https://app.osintnova.com/bosintapi/YOUR_KEY/ip/8.8.8.8" # Domain Analysis curl "https://app.osintnova.com/bosintapi/YOUR_KEY/domain/google.com" # Phone Lookup curl "https://app.osintnova.com/bosintapi/YOUR_KEY/phone/+12025551234" # Discord User curl "https://app.osintnova.com/bosintapi/YOUR_KEY/discord/123456789" # Username Search curl "https://app.osintnova.com/bosintapi/YOUR_KEY/username/johndoe" # Pretty print with jq curl -s "https://app.osintnova.com/bosintapi/YOUR_KEY/ip/8.8.8.8" | jq .