Skip to main content

Introduction

The FullHunt API provides programmatic access to one of the largest external attack surface databases on the Internet. Use it to discover assets, monitor exposures, and integrate attack surface intelligence into your security workflows.

Base URL

All API requests are made to one of two hosts:

HostPurpose
https://fullhunt.io/api/v1/Standard API access
https://enterprise-api.fullhunt.io/api/v1/Dedicated enterprise infrastructure

Both hosts serve identical endpoints. Enterprise customers should use the dedicated host for better performance and higher rate limits.

Authentication

Every request must include your API key in the X-API-KEY header. See the Authentication page for details on obtaining and managing keys.

curl "https://fullhunt.io/api/v1/auth/status" \
  -H "X-API-KEY: xxxx-xxxx-xxxx-xxxxxx"

Versioning

The current API version is v1. All endpoints are prefixed with /api/v1/. Breaking changes will be introduced under a new version prefix.

Response Format

All responses return JSON with a consistent envelope:

{
  "status": 200,
  "message": "",
  "metadata": {
    "domain": "example.com",
    "all_results_count": 150,
    "available_results_for_user": 100,
    "max_results_for_user": 100,
    "timestamp": 1634004417,
    "user_plan": "enterprise"
  }
}
FieldDescription
statusHTTP status code mirrored in the body
messageEmpty on success, error description on failure
metadataPagination, plan limits, and query context

Error responses follow the same structure. See Error Codes for the full list.

Quick Start

  1. Get your API key from FullHunt profile settings
  2. Verify authentication:
curl "https://fullhunt.io/api/v1/auth/status" \
  -H "X-API-KEY: xxxx-xxxx-xxxx-xxxxxx"
  1. Make your first query:
curl "https://fullhunt.io/api/v1/domain/example.com/details" \
  -H "X-API-KEY: xxxx-xxxx-xxxx-xxxxxx"

What's Available

The API covers attack surface discovery (domains, hosts, on-demand scans), global search with advanced filters, enterprise management (organizations, alerts, vulnerabilities, dark web monitoring), Nexus threat intelligence (Tor, passive DNS, IP lookup), OEM integrations, and AI-powered automation via MCP. Browse the sidebar for the complete reference.

Need Help?