24 endpoints for WHOIS, ASN, GeoIP, SSL, DNSSEC, CAA, WAF detection, Wayback history, security.txt, social tags, caller-request inspection, and more.
For security teams, sign-up enrichment pipelines, fraud detection, compliance, SRE audits, OSINT investigations.
Each endpoint is independently callable. Bundle membership is for discovery only — you do not need to opt in.
| Method | Path | Credits | Summary |
|---|---|---|---|
| POST | /v1/intel/whois | 1 | WHOIS / RDAP registry record. |
| POST | /v1/intel/ssl | 1 | TLS certificate, chain, issuer, and validity. |
| POST | /v1/intel/asn | 1 | ASN, announcing organisation, and prefix coverage. |
| POST | /v1/intel/geoip | 1 | Country, city, and coordinates from an IP. |
| POST | /v1/intel/geoip/bulk | 1 | Batched geoip lookup. |
| POST | /v1/intel/ip-reputation | 1 | Tor, cloud, datacenter, and CDN flagging. |
| GET | /v1/intel/whoami | 1 | What the internet sees about the caller: IP, geoIP, ASN, reputation, parsed User-Agent, curated header echo. One call replaces five. |
| POST | /v1/intel/http-versions | 1 | Detect HTTP/1.1, HTTP/2 (TLS ALPN), and HTTP/3 (Alt-Svc) support, plus TLS version, cipher, and HSTS posture. |
| POST | /v1/intel/dnssec | 1 | DNSSEC posture: DNSKEY + DS + AD-flag observations. Honest three-bit verdict, not a single 'valid' bit. |
| POST | /v1/intel/nameservers | 1 | Authoritative NS records + each resolved to A/AAAA + /16 diversification flag. |
| POST | /v1/intel/caa | 1 | Which CAs may issue certs for the domain. Parses issue/issuewild/iodef and detects deny-all. |
| POST | /v1/intel/reverse-dns | 1 | PTR lookup via dns.reversename. IP -> hostname for log enrichment. |
| POST | /v1/dns/over-https | 1 | Forward query through Cloudflare 1.1.1.1 or Google 8.8.8.8 via DoH (RFC 8484). |
| POST | /v1/intel/security-txt | 1 | Fetch + parse RFC 9116 security.txt (or legacy /security.txt). Flags rfc9116_minimum_compliant. |
| POST | /v1/intel/social-tags | 1 | Open Graph + Twitter Card + canonical + title + icons + lang + theme color in one fetch. |
| POST | /v1/intel/cookies | 1 | Set-Cookie response headers parsed per RFC 6265. Header-only by design. |
| POST | /v1/intel/waf | 1 | WAF/CDN detection from headers + body fingerprints. Cloudflare, Akamai, Fastly, AWS WAF, Imperva, Sucuri, F5, ModSecurity, etc. |
| POST | /v1/intel/sri-audit | 1 | External scripts + stylesheets audit with Subresource Integrity coverage. Supply-chain hygiene. |
| POST | /v1/intel/wayback | 1 | First + most-recent Wayback Machine snapshots via the Availability API. |
| POST | /v1/intel/blacklist | 1 | DNSBL aggregate across known lists. |
| POST | /v1/intel/cert-transparency-history | 1 | crt.sh-backed certificate transparency timeline. |
| POST | /v1/intel/headers | 1 | HTTP response headers snapshot. |
| POST | /v1/intel/page | 1 | HTML summary, meta, and canonical hints. |
| POST | /v1/enrich/company | 1 | Company-from-domain enrichment. |
Pick a language. Click to expand the snippet.
curl -X POST https://api.ollagraph.com/v1/intel/ip-reputation \
-H "Authorization: Bearer $OLLAGRAPH_API_KEY" \
-H "Content-Type: application/json" \
-d '{"ip":"185.220.101.1"}'import httpx, os
r = httpx.post(
"https://api.ollagraph.com/v1/intel/ip-reputation",
headers={"Authorization": f"Bearer {os.environ['OLLAGRAPH_API_KEY']}"},
json={"ip": "185.220.101.1"},
timeout=15.0,
)
print(r.json())const res = await fetch("https://api.ollagraph.com/v1/intel/ip-reputation", {
method: "POST",
headers: {
"Authorization": `Bearer ${process.env.OLLAGRAPH_API_KEY}`,
"Content-Type": "application/json",
},
body: JSON.stringify({ ip: "185.220.101.1" }),
});
console.log(await res.json());Tor exit-node lists (live), public datacenter/cloud ASN ranges (refreshed daily), and CDN-owned prefixes. We do not subscribe to commercial threat feeds.
Up to 1000 IPs per call. We charge one credit per call, not per IP.
Domain, industry, country, and size band only. We do not resell funding-round data.
1,000 credits on signup. No card. Every endpoint in this bundle is live from minute one.