indexo.dev

Free Domain Intelligence API

The indexo.dev Developer API is a free domain intelligence API for looking up DNS records (NS / MX / TXT / CNAME), WHOIS/RDAP, SSL certificate (live cert + SAN match), HTTP security headers, server IP / ASN / GeoIP, HTML metadata, our 0–100 reputation score, and classification by sector (food, tech, ecommerce…) and website type (blog, forum, docs, parked…). We expose a standard REST API and an MCP (Model Context Protocol) server for AI integrations. The free tier includes 2,000 requests/day.

Authentication

All requests must include your API key in the header:
X-API-Key: idx_...
Get your API block in the Developer Dashboard.

REST API Endpoints

GET /api/v1/domains

List indexed domains with pagination, sorting, filtering and field selection.

Example Request: 
curl -X GET "https://indexo.dev/api/v1/domains?page=1&page_size=10&sort=expires_asc&last_seen_after=2026-04-01&expires_before=2026-05-01&http_status=200,301&server_country=us,ca&fields=name,expires,registrar,crawl_status,http_status,server_country,last_seen" \
  -H "X-API-Key: your_api_key_here"

Supported query parameters: page, page_size, sort, q, tld, status, discovered_via, http_status, server_country, first_seen_before, first_seen_after, last_seen_before, last_seen_after, expires_lte_days, expires_gte_days, expires_before, expires_after, reputation_score_lte, reputation_score_gte, sector, website_type, fields.

Supported sort values: name_asc, name_desc, first_seen_desc, last_seen_desc, cert_count_desc, expires_asc, expires_desc, reputation_asc, reputation_desc.

Supported field values: name, registered, tld, first_seen, last_seen, cert_count, discovered_via, crawl_status, http_status, server_ip, server_country, server_asn, server_asn_org, reputation_score, reputation_reasons, sector, website_type, expires, registrar.

Example Response: 
{
  "status": "success",
  "data": [
    {
      "name": "example.com",
      "expires": "2026-05-01",
      "registrar": "Example Registrar LLC",
      "crawl_status": "ok",
      "http_status": 200,
      "server_country": "US",
      "last_seen": "2026-04-21T12:30:00+00:00"
    }
  ],
  "pagination": {
    "page": 1,
    "page_size": 10,
    "total": 347,
    "total_pages": 35
  },
  "filters": {
    "q": null,
    "tld": null,
    "status": null,
    "discovered_via": null,
    "http_status": [200, 301],
    "server_country": ["us", "ca"],
    "first_seen_before": null,
    "first_seen_after": null,
    "last_seen_before": null,
    "last_seen_after": "2026-04-01",
    "expires_lte_days": null,
    "expires_gte_days": null,
    "expires_before": "2026-05-01",
    "expires_after": null,
    "sort": "expires_asc",
    "fields": ["name", "expires", "registrar", "crawl_status", "http_status", "server_country", "last_seen"]
  }
}

GET /api/v1/domains/{domain}

Retrieve detailed information about a domain, including DNS records, server IP, SSL cache, HTTP security headers, email authentication posture, and more.

HTTP security headers: available under html_meta.security_headers as a live response snapshot with score, findings, final URL, and normalized header values.

Email authentication: the top-level email_auth field exposes the parsed SPF and DMARC records, the list of common DKIM selectors probed (and any keys found), an MX presence flag, a 0–100 posture score, and short finding codes (e.g. spf-permissive, dmarc-monitor-only).

Example Request: 
curl -X GET "https://indexo.dev/api/v1/domains/example.com" \
  -H "X-API-Key: your_api_key_here"
Pro Feature: Real-time Refresh

Missing domains are automatically scanned for all users. However, if a domain already exists in our index, the API returns the cached version instantly. Pro plan users can force a real-time re-scan of an existing domain by appending ?refresh=true to the URL.

Performance Note: Real-time latency

Whenever the API performs a real-time scan (because the domain is missing from the index, or because you used ?refresh=true), the response may take between 2 and 10 seconds to arrive while our crawlers extract and format the intelligence. Please ensure your API client timeouts are configured accordingly.

Example Response: 
{
  "status": "success",
  "data": {
    "name": "example.com",
    "registered": "example.com",
    "tld": "com",
    "first_seen": "2024-01-01T10:00:00+00:00",
    "last_seen": "2024-06-01T10:00:00+00:00",
    "cert_count": 52,
    "discovered_via": ["toplist", "user"],
    "redirects_to": null,
    "crawl_state": {
      "status": "ok",
      "server_ip": "93.184.216.34",
      "server_country": "US",
      "server_asn": 15133,
      "server_asn_org": "Edgecast Inc.",
      "nameservers": ["a.iana-servers.net", "b.iana-servers.net"],
      "nameservers_ok": true,
      "cert_match": true,
      "reputation_score": 100,
      "reputation_reasons": null,
      "sector": "tech",
      "website_type": "homepage",
      ...
    },
    "html_meta": {
      "title": "Example Domain",
      "tech": { "server": "nginx" },
      "security_headers": {
        "score": 70,
        "scheme": "https",
        "final_url": "https://example.com/",
        "present": ["strict_transport_security", "x_content_type_options"],
        "headers": {
          "strict_transport_security": {
            "present": true,
            "value": "max-age=31536000; includeSubDomains",
            "max_age": 31536000,
            "includes_subdomains": true
          },
          "content_security_policy": { "present": false },
          "x_content_type_options": { "present": true, "value": "nosniff" }
        },
        "findings": ["missing_content_security_policy"]
      },
      ...
    },
    "rdap": null,
    "dns": {
      "ns": ["a.iana-servers.net", "b.iana-servers.net"],
      "mx": [],
      "txt": ["v=spf1 -all"],
      "cname": []
    },
    "email_auth": {
      "mx_present": false,
      "spf": {
        "raw": "v=spf1 -all",
        "qualifier": "-",
        "includes": [],
        "lookup_count": 0
      },
      "dmarc": {
        "raw": "v=DMARC1; p=reject; rua=mailto:dmarc@example.com",
        "policy": "reject",
        "subdomain_policy": null,
        "pct": null,
        "rua": ["mailto:dmarc@example.com"],
        "ruf": []
      },
      "dkim": {
        "selectors_checked": ["default", "google", "selector1", "selector2", "k1", "k2", "mail", "dkim", "s1", "s2", "mxvault", "smtpapi"],
        "found": []
      },
      "score": 100,
      "findings": ["spf-strict", "dmarc-reject"]
    },
    "certificates": []
  }
}

GET /api/v1/user/limits

Check your current rate limits usage.

Example Response: 
{
  "status": "success",
  "limits": {
    "max_requests_per_day": 2000,
    "max_requests_per_minute": 30,
    "current_day_requests": 45
  }
}

Model Context Protocol (MCP) Server

The indexo.dev MCP server allows LLMs (like Claude via Claude Desktop) to invoke our API tools natively during a query.

1. Claude Desktop (Local Stdio)

To plug indexo.dev directly into your local Claude app, download our official MCP script. It uses standard stdio communication.

↓ Download indexo_mcp.py

Once downloaded, add the following to your claude_desktop_config.json:

{
  "mcpServers": {
    "indexo.dev": {
      "command": "uv",
      "args": [
        "run",
        "--with", "mcp",
        "--with", "httpx",
        "/absolute/path/to/indexo_mcp.py"
      ],
      "env": {
        "INDEXO_API_KEY": "idx_YOUR_KEY_HERE"
      }
    }
  }
}

2. Remote Agents (SSE)

If you are building your own AI agents with LangChain, LlamaIndex, or hosting a remote AI application, use our SSE Transport.

Available MCP Tools

Rate Limits

Both the normal REST API and the MCP tools share the same API usage counter. Attempting to exceed your daily quota will result in a 429 Too Many Requests HTTP or MCP Tool Error.