API Reference
Programmatic access to every NetSight tool. REST endpoints, JSON responses, rate limits and examples. Free for non-commercial use.
https://netsight.mutebefehl.de
X-API-Key: ns_live_…
Access to the NetSight API requires valid credentials. See the access program below to apply. The endpoint reference is available further down.
Request API access
API credentials are issued through an application process to ensure service stability and compliance with our Acceptable Use Policy. To apply, send an email to hey@mutebefehl.de covering the points below. Applications are reviewed on a per-request basis and typically receive a response within one business day.
- A business or organizational email address
- The name of the company, organization or project
- Intended environment: evaluation, production, research or personal
- Estimated monthly request volume (e.g. <10k, 10k-100k, 100k-1M, >1M)
- A concrete description of the integration: what you build, who uses it, whether the usage is commercial
Applications missing required fields, or submitted for uses that conflict with our Acceptable Use Policy, are declined without further review.
Network
/api/ipGeolocation, ASN and reverse DNS for an IP address or hostname./api/ispISP and organization information for an IP address.
/api/check-pingExecute ICMP ping checks from multiple globally-distributed probes.
/api/check-tracerouteExecute traceroute from multiple globally-distributed probes.
DNS
/api/dnsResolve A, AAAA, CNAME, MX, TXT, NS, SOA, CAA and SRV records./api/check-dns-propagationCheck DNS record propagation across global resolvers.
/api/whoisWHOIS registration details for a domain./api/subdomainsPassive subdomain enumeration via certificate transparency./api/subdomains-dnsSubdomain enumeration with resolved DNS records.
/api/mailcheckMX, SPF and DMARC records for a domain./api/dkim-checkVerify a DKIM selector record.Security
/api/abuseipdbAbuse-confidence reputation for an IP address./api/scamalyticsFraud-score reputation for an IP address./api/shodanExposure fingerprint: open ports, vulnerabilities and banners./api/fraud-checkConsolidated reputation summary./api/fireholFireHOL level-1 blocklist check.
/api/blocklistsCheck an IP against multiple blocklists.
/api/virustotalMulti-engine scan results for a hash, URL or IP.
/api/urlhausMalicious-URL database lookup.
/api/threatfoxIndicator-of-compromise database lookup.
/api/cveCVE search by identifier or keyword.Browser
/api/safe-browseURL threat analysis with rendered screenshot.
/api/screenshotRender a URL to PNG via headless browser.
/api/url-checkMulti-source URL reputation, TLS analysis and final-URL trace.
Access program
The NetSight API is offered under an application-based access program. Credentials are granted at our discretion based on the intended use case, organizational profile and expected request volume. Approved applicants receive an API key by email together with onboarding information and the applicable rate limits.
Unapproved automated access to the API is prohibited and will be blocked. Repeated attempts may result in rate limiting, IP-level blocks and, in cases of abuse, legal action.
Authentication
Authenticate every request with your API key in the X-API-Key header. The query parameter ?api_key= is accepted as a fallback but discouraged because it may be logged in upstream systems.
curl -H "X-API-Key: ns_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
"https://netsight.mutebefehl.de/api/ip?ip=8.8.8.8"A missing or invalid key returns HTTP 401 Unauthorized. A disabled key returns HTTP 403 Forbidden.
Key security. Treat your API key as a secret equivalent to a password. Do not embed it in client-side code, public repositories or documentation. If a key is compromised, contact us at the address in the legal notice to rotate it.
Rate limits and quotas
Each key is issued with a per-minute request budget (default: 120 requests per minute). Sustained load, burst patterns and per-endpoint limits may apply depending on upstream capacity. Responses include rate-limit headers:
X-RateLimit-Limit— maximum requests per windowX-RateLimit-Remaining— requests available in the current windowRetry-After— seconds to wait before retrying (on429responses)
Applicants with large-scale needs should specify the expected volume in the application email to receive a matching quota. Dedicated rate limits for enterprise integrations are available on request.
Acceptable use
Use of the API is subject to the following restrictions:
- No reselling, proxying or mirroring of API responses as a standalone service.
- No automated mass collection, scraping or enumeration beyond the granted rate limit.
- No use in connection with harassment, doxxing, spam operations or other unlawful activity.
- No circumvention of upstream providers' acceptable-use policies that apply to proxied data.
We reserve the right to revoke access without notice upon suspected abuse or violation of these terms.
Availability
The API runs on a globally-distributed edge platform. Typical availability is above 99.9% per calendar month, although no formal service-level agreement is provided for the standard tier. Operational status is indicated on this page.