>_ API DOCUMENTATION
The OpenEASM API provides programmatic access to our attack surface intelligence database. All endpoints return JSON.
Base URL: https://openeasm.com/api
Authentication
API requests require authentication via API key or JWT token. Include your credentials in the request header:
# Using API Key (recommended)
curl -H "X-API-Key: cw_your_api_key" https://openeasm.com/api/search?q=example.com
# Using JWT Token
curl -H "Authorization: Bearer your_jwt_token" https://openeasm.com/api/search?q=example.comRate Limits
Rate limits depend on your plan:
When rate limited, the API returns 429 Too Many Requests with details in the response body.
Search Certificates & Domains
Search SSL certificates, domains, and related assets.
Parameters
%.example.com
Example Request
curl -H "X-API-Key: cw_xxx" \
"https://openeasm.com/api/search?q=%.hackerone.com"Example Response
[
{
"common_name": "api.hackerone.com",
"entry_time": "2026-01-28T12:00:00Z",
"issuer_org": "Let's Encrypt",
"not_before": "2026-01-01",
"not_after": "2026-04-01",
"sha1_certificate": "abc123...",
"dns_a_records": ["104.16.99.52"],
"h1_bounty": 1,
"h1_program": "hackerone"
}
]Asset Graph
Get related assets for graph visualization. Returns nodes and edges for domains, IPs, emails, and ports.
Parameters
domain, ip, email
Example
curl "https://openeasm.com/api/graph?type=domain&value=example.com"Platform Stats
Get current database statistics. No authentication required.
Example Response
{
"total": 2284789684,
"dns_total": 98205702,
"ports_total": 215007,
"whois_total": 8450
}Export Results
Export search results as CSV or JSON. Requires Pro plan.
Request Body
csv or json (default: json)
Managing API Keys
List your API keys. Requires JWT authentication.
Create a new API key. The full key is only shown once upon creation.
Delete an API key.