API Documentation — InfiniUm Tools Developer API

Overview

The InfiniUm Tools API gives programmatic access to all live tools. Use it to integrate domain monitoring, SEO auditing, or security checks into your own applications, CI/CD pipelines, or dashboards.

✓ Free tier — no API key required right now. All endpoints are currently open with IP-based rate limiting. API key authentication is coming with the Pro plan launch — when it does, free tier keys will be issued automatically.

⚠ Breaking changes notice: The API is in v1. We'll maintain backwards compatibility within v1 and announce breaking changes with a new version prefix (v2) with 30 days notice.

Base URL

HTTPShttps://infinium.tools/api/v1

All requests must use HTTPS. HTTP requests are redirected to HTTPS automatically. All responses are application/json with UTF-8 encoding.

Request format

All endpoints accept GET requests with query parameters. No request body or special headers are required for free tier access.

Example

curl "https://infinium.tools/api/v1/dns?domain=infinium.tools&type=A"

Authentication

🔒 API key authentication is coming with the Pro plan. Currently all endpoints are accessible without a key subject to rate limits. When Pro launches, pass your key as a header:

Future auth header (Pro)

Authorization: Bearer YOUR_API_KEY

API keys will be available from your dashboard after subscribing to the Pro plan ($9/mo). Pro keys remove the per-IP rate limit and increase to unlimited requests.

Rate Limits

Plan	Limit	Window	Enforcement
Free (no key)	50 requests	Per day	Per IP address
Pro ($9/mo)	Unlimited	—	Per API key
Team ($29/mo)	Unlimited	—	Per API key, 5 seats

When the rate limit is exceeded the API returns 429 Too Many Requests with a Retry-After header indicating when the limit resets.

429 response

{"error": "Rate limit exceeded. Upgrade to Pro for unlimited access.", "retryAfter": "2026-05-12T00:00:00Z"}

Error Responses

All errors return a JSON object with an error field and an appropriate HTTP status code.

Status

Meaning

400

Bad request — invalid or missing parameters. Check the error field for details.

404

Resource not found — domain doesn't exist or returned no data.

422

Unprocessable — URL returned unexpected content type (e.g. not HTML/XML).

429

Rate limit exceeded — see rate limits section above.

500

Server error — unexpected failure. Includes a details field where available.

502

Bad gateway — upstream lookup service unavailable. Retry after a moment.

504

Gateway timeout — target host took too long to respond.

Error response shape

{"error": "Invalid domain", "details": "Domain must not include https:// prefix"}

DNS Lookup

GET /api/v1/dns Live Try it →

Query DNS records for any domain. Supports A, AAAA, MX, TXT, CNAME, NS, SOA, and CAA record types.

Parameter	Type	Description
domain*	`string`	Domain to query (e.g. `infinium.tools`). Do not include https://
type	`string`	Record type. One of: `A` `AAAA` `MX` `TXT` `CNAME` `NS` `SOA` `CAA`. Default: `A`

Request

curl "https://infinium.tools/api/v1/dns?domain=infinium.tools&type=MX"

Response

{"domain":"infinium.tools","type":"MX","records":[{"exchange":"mail.infinium.tools","priority":10}],"ttl":300,"queryTime":42}

SSL Checker

GET /api/v1/ssl Live Try it →

Check SSL/TLS certificate validity, expiry date, issuer, subject alternative names, and full certificate chain for any domain.

Parameter	Type	Description
domain*	`string`	Domain to check (e.g. `infinium.tools`). Port 443 is used by default.

Request

curl "https://infinium.tools/api/v1/ssl?domain=infinium.tools"

Response

{"domain":"infinium.tools","valid":true,"subject":"CN=infinium.tools","issuer":"Let's Encrypt","validFrom":"2026-01-01","validTo":"2026-04-01","daysRemaining":45,"sans":["infinium.tools","www.infinium.tools"],"protocol":"TLSv1.3","grade":"A"}

HTTP Headers

GET /api/v1/http-headers Live Try it →

Fetch and return all HTTP response headers for any URL. Includes status code, server, content-type, caching headers, and security headers.

Parameter	Type	Description
url*	`string`	Full URL to inspect including protocol (e.g. `https://infinium.tools`)

Request

curl "https://infinium.tools/api/v1/http-headers?url=https://infinium.tools"

Response

{"url":"https://infinium.tools","statusCode":200,"statusText":"OK","headers":{"content-type":"text/html; charset=UTF-8","server":"nginx","strict-transport-security":"max-age=31536000","x-frame-options":"SAMEORIGIN"},"responseTime":210}

WHOIS Lookup

GET /api/v1/whois Live Try it →

Look up domain registration information including registrar, registration and expiry dates, nameservers, ICANN status flags, and raw WHOIS data.

Parameter	Type	Description
domain*	`string`	Domain to look up (e.g. `infinium.tools`). Do not include https://

Request

curl "https://infinium.tools/api/v1/whois?domain=infinium.tools"

Response

{"domain":"infinium.tools","registrar":"Namecheap, Inc.","createdDate":"2024-01-15","updatedDate":"2024-12-01","expiryDate":"2026-01-15","daysUntilExpiry":253,"status":["clientTransferProhibited"],"nameservers":["ns1.example.com","ns2.example.com"],"dnssec":"unsigned"}

Redirect Checker

GET /api/v1/redirect-checker Live Try it →

Follow the full HTTP redirect chain for any URL. Returns every hop with status code, response time, and the final destination URL. Detects redirect loops.

Parameter	Type	Description
url*	`string`	Full URL to trace including protocol (e.g. `https://infinium.tools`). Max 15 hops.

Request

curl "https://infinium.tools/api/v1/redirect-checker?url=https://infinium.tools"

Response

{"url":"https://infinium.tools","chain":[{"url":"http://infinium.tools","status":301,"ms":88,"error":null},{"url":"https://infinium.tools","status":200,"ms":210,"error":null}],"hops":1,"totalMs":298,"loop":false,"finalUrl":"https://infinium.tools"}

Meta Tag Checker

GET /api/v1/meta-checker Live Try it →

Fetch and extract all meta tags from any URL including title, description, Open Graph tags, Twitter Card tags, canonical URL, robots, and viewport.

Parameter	Type	Description
url*	`string`	Full URL to inspect including protocol (e.g. `https://infinium.tools`)

Request

curl "https://infinium.tools/api/v1/meta-checker?url=https://infinium.tools"

Response

{"url":"https://infinium.tools","statusCode":200,"meta":{"title":"InfiniUm Tools","description":"Free developer and DevOps tools.","canonical":"https://infinium.tools","ogTitle":"InfiniUm Tools","ogImage":"https://infinium.tools/og.jpg","twitterCard":"summary_large_image","viewport":"width=device-width, initial-scale=1","lang":"en"}}

Sitemap Validator

GET /api/v1/sitemap-validator Live Try it →

Fetch and validate any XML sitemap. Detects sitemap index files, counts URLs, validates structure, checks for common errors, and returns all URL entries with metadata.

Parameter	Type	Description
url*	`string`	Full URL to the sitemap XML file (e.g. `https://infinium.tools/sitemap.xml`)

Request

curl "https://infinium.tools/api/v1/sitemap-validator?url=https://infinium.tools/sitemap.xml"

Response

{"url":"https://infinium.tools/sitemap.xml","type":"urlset","valid":true,"urlCount":24,"sizeKb":8.2,"ms":310,"encoding":"UTF-8","lastmod":"2026-05-01","issues":[],"urls":[{"loc":"https://infinium.tools/","lastmod":"2026-05-01","changefreq":"weekly","priority":"1.0"}]}

Port Scanner

GET /api/v1/port-scanner Live Try it →

Check which TCP ports are open on any host. Scans all requested ports in parallel and returns status (open/closed/filtered) and response time per port.

Parameter	Type	Description
host*	`string`	Hostname or IP address to scan (e.g. `infinium.tools`)
ports*	`string`	Comma-separated port numbers to scan. Max 100 ports. e.g. `80,443,8080,3306`

Request

curl "https://infinium.tools/api/v1/port-scanner?host=infinium.tools&ports=80,443,8080,3306"

Response

{"host":"infinium.tools","ms":3240,"ports":[{"port":80,"status":"open","ms":88},{"port":443,"status":"open","ms":92},{"port":8080,"status":"closed","ms":45},{"port":3306,"status":"filtered","ms":3001}]}

JSON Formatter

POST /api/v1/json-formatter 🔓 Free Try it →

Format, validate, and minify JSON. Returns formatted JSON with syntax validation.

Parameter	Type	Description
json*	`string`	Raw JSON string to format
indent	`number`	Indentation spaces (default: 2)
minify	`boolean`	Minify instead of beautify (default: false)

curl -X POST "https://infinium.tools/api/v1/json-formatter" -H "Content-Type: application/json" -d '{"json":"{"name":"test"}","indent":2}'

Base64 Tool

GET /api/v1/base64 🔓 Free Try it →

Encode or decode Base64 strings.

Parameter	Type	Description
input*	`string`	String to encode or decode
action*	`string`	`encode` or `decode`

curl "https://infinium.tools/api/v1/base64?input=Hello+World&action=encode"

JWT Decoder

GET /api/v1/jwt-decoder 🔓 Free Try it →

Decode and inspect JWT tokens. Returns header, payload, and expiry information. Does not verify signatures.

Parameter	Type	Description
token*	`string`	JWT token to decode

curl "https://infinium.tools/api/v1/jwt-decoder?token=eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ1c2VyMTIzIn0.signature"

Hash Generator

GET /api/v1/hash-generator 🔓 Free Try it →

Generate cryptographic hashes (MD5, SHA-1, SHA-256, SHA-512) for any input string.

Parameter	Type	Description
input*	`string`	String to hash
algorithm	`string`	`md5`, `sha1`, `sha256`, `sha512` (default: sha256)

curl "https://infinium.tools/api/v1/hash-generator?input=hello+world&algorithm=sha256"

CSP Generator Pro

UI /tools/csp-generator/ 🔐 Pro Try it →

Visual Content Security Policy builder with 13 directives, 5 presets (Strict, Moderate, SPA, WordPress, Blank), and ready-to-paste server config snippets for Nginx and Apache.

The CSP Generator is a Pro-only web tool with no direct API endpoint. Pro and Team plan subscribers get full access via the web interface.

Feature	Description
13 directives	default-src, script-src, style-src, img-src, font-src, connect-src, object-src, frame-src, media-src, worker-src, manifest-src, frame-ancestors, form-action
5 presets	Strict, Moderate, SPA, WordPress, Blank
Snippets	Ready-to-paste Nginx, Apache, and HTML meta tag formats
Warnings	Real-time alerts for unsafe-inline and unsafe-eval

CORS Checker Free

GET /api/v1/cors-checker Public Try it →

Test CORS configuration for a URL and origin. Sends both a simple request and an OPTIONS preflight, returning all Access-Control headers and a policy evaluation.

Parameter	Type	Description
url*	`string`	Target URL to test CORS on
origin*	`string`	Origin to simulate (e.g. `https://yoursite.com`)
method	`string`	HTTP method. Default: `GET`. Options: GET POST PUT DELETE PATCH

Request

curl "https://infinium.tools/api/v1/cors-checker?url=https://api.example.com&origin=https://yoursite.com&method=GET"

Response

{"url":"https://api.example.com","origin":"https://yoursite.com","method":"GET","ms":180,"corsHeaders":{"access-control-allow-origin":"*","access-control-allow-methods":"GET, POST","access-control-allow-credentials":null},"preflight":{"statusCode":204,"ms":95}}

Security Headers Free

GET /api/v1/security-headers Public Try it →

Audit HTTP security headers for any URL. Returns a graded analysis of CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and more.

Parameter	Type	Description
url*	`string`	Full URL including protocol (e.g. `https://infinium.tools`)

Request

curl "https://infinium.tools/api/v1/security-headers?url=https://infinium.tools"

Response

{"url":"https://infinium.tools","statusCode":200,"ms":210,"headers":{"content-security-policy":"default-src 'self'","strict-transport-security":"max-age=31536000; includeSubDomains","x-frame-options":"SAMEORIGIN","x-content-type-options":"nosniff","referrer-policy":"strict-origin-when-cross-origin","permissions-policy":null}}

AI Log Detective Pro

POST /api/v1/ai/log-analyze 🔐 Pro Try it →

AI-powered log analysis. Paste any server log (Nginx, Apache, Node.js, systemd) and get root cause analysis with fix suggestions.

Parameter	Type	Description
content*	`string`	Log content (max 8000 chars). Supports Nginx, Apache, Docker, Node.js, Python logs.

curl -X POST "https://infinium.tools/api/v1/ai/log-analyze" -H "Authorization: Bearer YOUR_API_KEY" -H "Content-Type: application/json" -d '{"content":"[error] connect() failed..."}'

AI Config Reviewer Pro

POST /api/v1/ai/config-review 🔐 Pro Try it →

AI security and performance audit for Nginx, Apache, Docker, and other config files.

Parameter	Type	Description
content*	`string`	Configuration file content (max 8000 chars)
configType	`string`	Optional hint: `Nginx` \| `Apache` \| `Docker Compose` \| `HAProxy`

AI SEO Analyzer Pro

POST /api/v1/ai/seo-analyze 🔐 Pro Try it →

Full AI-powered SEO audit for any URL. Returns prioritised action plan with technical and content recommendations.

Parameter	Type	Description
url*	`string`	Full URL to analyze

AI Cron Builder Pro

POST /api/v1/ai/cron-build 🔐 Pro Try it →

Describe a schedule in plain English and get the exact cron expression with explanation.

Parameter	Type	Description
description*	`string`	Plain English schedule description

curl -X POST "https://infinium.tools/api/v1/ai/cron-build" -H "Authorization: Bearer YOUR_API_KEY" -H "Content-Type: application/json" -d '{"description":"every weekday at 9am"}'

AI Prompt Privacy Free

UI /tools/ai-prompt-privacy/ Public Try it →

Client-side PII scanner for AI prompts. Runs entirely in the browser — no data sent to the server. Detects API keys, passwords, emails, phone numbers, credit cards, SSH keys, and more before you paste into any AI tool.

This tool is intentionally client-side only for maximum privacy. There is no server API endpoint — use the web interface directly at no cost.

Billing — Create Checkout

POST /api/v1/billing/checkout 🔐 Session

Create a Lemon Squeezy checkout session. Returns a URL to redirect the user to.

Body	Type	Description
plan*	`string`	`pro` \| `team` \| `shield`

Response

{"url": "https://infinium-tools.lemonsqueezy.com/checkout/..."}

Billing — Subscription Status

GET /api/v1/billing/status 🔐 Session

Get current subscription status for the authenticated user.

Response

{"plan":"pro","subscriptionId":"2226673","subscriptionStatus":"active","renewsAt":"2026-07-04T00:00:00.000Z","customerPortalUrl":"https://..."}

Billing — Customer Portal

POST /api/v1/billing/portal 🔐 Session

Get a signed URL for the Lemon Squeezy customer portal — manage subscription, update payment method, view invoices.

Response

{"url": "https://app.lemonsqueezy.com/billing?..."}

Teams — Team Info Team Plan

GET /api/v1/teams/me 🔐 Session

Returns team information. Response differs by role — owner sees member list and pending invites, member sees owner and team name.

Owner Response

{"role":"owner","teamName":"Acme DevOps","maxSeats":5,"usedSeats":3,"availableSeats":2,"members":[...],"pendingInvites":[...],"canInvite":true}

Teams — Send Invite Team Owner

POST /api/v1/teams/invite 🔐 Session

Send an invite email to a new team member. Invite expires in 24 hours. Owner must have set a team name first.

Body	Type	Description
email*	`string`	Email address to invite

curl -X POST "https://infinium.tools/api/v1/teams/invite" -H "Authorization: Bearer YOUR_API_KEY" -H "Content-Type: application/json" -d '{"email":"colleague@company.com"}'

Teams — Join Team

GET /api/v1/teams/join/:token Public

Validate an invite token. Returns team name and owner info. Used by the /team/join page.

POST /api/v1/teams/join/:token 🔐 Session

Accept a team invite. Requires the user to be logged in. Instantly grants Team plan access.