IntelFetch API Documentation
All requests to the IntelFetch API require the Authorization header in the format:
Authorization: Bearer YOUR_API_KEY
Some endpoints have daily usage or rate limiting. If the rate limit is exceeded, an HTTP 429 or 403 may be returned.
1) GitHub Search
Endpoint: GET /github?username=USERNAME
Parameters: username (required)
Description: Retrieves GitHub user information (profile data, top repositories, and up to three emails found in commits).
Example: GET /github?username=octocat, plus Authorization: Bearer YOUR_API_KEY
Response: JSON data with user profile details, top 3 repos, and up to 3 discovered emails.
2) IntelX Search
Endpoint: GET /ix?type=...
Three possible types:
type=systemid, requires systemid=UUID
type=phonebook, requires query=string
type=identityportal, requires query=string (optionally smart=true)
Description: For systemid, fetch data from the leaks.logs bucket by System ID. For phonebook, searches the IntelX phonebook dataset. For identityportal, searches the leaks.private bucket.
- Daily usage limit applies to systemid or phonebook queries, not identityportal.
- ~10 seconds cooldown between requests for non-master keys.
Example: GET /ix?type=systemid&systemid=UUID or GET /ix?type=phonebook&query=John+Smith.
Response: JSON or text with found records (may vary).
3) FetchBase Search
Endpoint: GET /fetchbase?query=STRING&size=NUMBER&file=FILENAME
Parameters: query (required, ≥3 chars), size (optional, up to 1000), file (optional filename filter).
Description: Searches the local fetchbase index for the given query.
Example: GET /fetchbase?query=test@gmail.com&size=20
Response: JSON containing search results from fetchbase.
4) Discord Search
Endpoint: GET /discord?query=DISCORD_QUERY
Parameters: query (required, can be username#1234 or partial text).
Description: Retrieves Discord user information from the local index.
Example: GET /discord?query=testuser#1234
Response: JSON data with matching Discord results.
5) Snusbase Search
Endpoint: POST /snusbase
JSON Body:
{
"action": "search" (or "stats", "ipwhois", "hashlookup"),
"terms": [...],
"types": [...],
"wildcard": bool,
"group_by": "db",
"tables": [...]
}
Description: Executes various Snusbase actions depending on the "action" field.
Example:
{
"action":"search",
"terms":["test@example.com"],
"types":["email"],
"wildcard":false
}
Response: JSON data from Snusbase (search results, stats, etc.).
6) Log Search
Endpoint: GET /logs?query=STRING&size=NUMBER&file=FILENAME
Parameters: query (required, ≥3 chars), size (optional, up to 1000), file (optional).
Description: Searches logs in the "logs" index and returns matching entries, which are then removed from that index.
Example: GET /logs?query=errorlog&size=5
Response: JSON with found log entries.
7) Court Search
Endpoint: GET /courtsearch?mode=MODE&terms=STRING or &cancel=true
Parameters: mode=name or phrase, terms=STRING (≥6 chars), or cancel=true to stop an ongoing search.
Description: Uses JudyRecords for court case lookups. If cancel=true, attempts to cancel your ongoing search.
Example: GET /courtsearch?mode=name&terms=John%20Doe
Response: JSON with search status, results, or cancellation info.
8) Domain Lookup
Endpoint: GET /domain?domain=DOMAIN
Parameters: domain (required, only letters, digits, '.', '-').
Description: Retrieves DNS records (A, NS, MX, TXT) for the given domain, returned as a text file.
Example: GET /domain?domain=example.com
Response: A text file with DNS records.
9) IP Lookup
Endpoint: POST /ip_lookup
JSON Body: { "ip": "8.8.8.8" }
Description: Queries ipwho.is for IP details (location, ISP, timezone, etc.).
Example: POST /ip_lookup with { "ip": "8.8.8.8" }
Response: JSON data with IP info.
10) Crypto Search
Endpoint: POST /crypto_search
JSON Body: { "crypto_type": "BTC" or "ETH" or "LTC", "address": "STRING" }
Description: Retrieves balance and transaction count from BlockCypher for the specified crypto address.
Example: { "crypto_type":"BTC", "address":"bc1..." }
Response: JSON data with address, balance, transaction count, and crypto type.
11) SEON Lookup
Endpoint: POST /seon
JSON Body: { "lookup_type": "phone" or "email" or "ip", "query": "VALUE" }
Description: Checks SEON fraud detection data for the provided phone/email/IP.
Example: { "lookup_type":"phone", "query":"+1234567890" }
Response: JSON data with the SEON result.
12) Minecraft Server Lookup
Endpoint: GET /mcserver?server=HOSTNAME
Parameters: server=domain or IP.
Description: Checks version, online status, MOTD, players, etc. from a Minecraft server using api.mcsrvstat.us.
Example: GET /mcserver?server=play.examplemc.net
Response: JSON with server details.
13) OSINT.industries (Subject to be offline)
Endpoint: POST /osintindustries
JSON Body: { "type": "email" or "phone" or "username", "query": "SOMESTRING" }
Description: Sends a request to the OSINT.industries API. May return JSON or a PDF file.
Example: { "type":"phone", "query":"+1234567890" }
Response: If a PDF, returned as binary; otherwise JSON with results.
14) Check Key Details
Endpoint: POST /check_key_details
JSON Body: none
Description: Returns information about the API key used in the request.
Example: curl -X POST "https://api.intelfetch.net/check_key_details" -H "Authorization: Bearer YOUR_API_KEY"
Response: JSON data like {"key":"MASTER_KEY","expiry":"unlimited"} or {"key":"some_key","expiry":"2025-12-31"} if valid, or {"error":"Key not found"} otherwise.
Error Handling:
400 Bad Request means invalid parameters.
401 Unauthorized means invalid or missing API key.
403 Forbidden means plan/quota or daily usage limit reached.
422 Unprocessable Entity means the request could not be processed.
429 Too Many Requests means you hit the rate limit.
500 Internal Server Error means an unexpected server failure.
Example cURL usage:
Example: domain lookup - curl -X GET "https://api.intelfetch.net/domain?domain=example.com" -H "Authorization: Bearer YOUR_API_KEY"