OpsKitPro logo
OpsKitPro_

OpsKitPro Public JSON API (v0)

The OpsKitPro Public JSON API provides programmatic access to our core diagnostic tools. Integrate DNS lookups, IP intel, and HTTP checks directly into your CI/CD pipelines, shell scripts, or AI Agent workflows.

1. Overview

All API endpoints return standard JSON responses and are optimized for curl and automation scripts. The current v0 API includes three core endpoints:

  • /api/tools/dns-lookup
  • /api/tools/ip-lookup
  • /api/tools/http-check

2. Authentication

Not required for v0. The API is completely public and open for use without any API keys or registration.

3. Rate Limits

To prevent abuse, all endpoints are rate-limited to 60 requests per minute per IP address. Exceeding this limit will result in a 429 Too Many Requests response.

4. Common Response Format

Every successful API response follows this standard JSON envelope:

{
  "ok": true,
  "tool": "dns-lookup",
  "input": { ... },
  "result": { ... },
  "meta": {
    "durationMs": 142,
    "timestamp": "2026-06-23T00:00:00.000Z"
  }
}

5. Error Format

If a request fails (e.g., validation error, rate limit, or security block), the response will include an error object:

{
  "ok": false,
  "tool": "http-check",
  "input": { ... },
  "error": {
    "code": "SSRF_BLOCKED",
    "message": "Security Exception: Private IP addresses are not allowed."
  },
  "meta": { ... }
}

6. DNS Lookup API

Fetch DNS records (A, AAAA, MX, TXT, CNAME, NS) for any domain.

  • Endpoint: GET https://opskitpro.com/api/tools/dns-lookup
  • Parameters: domain (required), type (optional, defaults to all)
curl -s "https://opskitpro.com/api/tools/dns-lookup?domain=example.com" | jq

7. IP Lookup API

Retrieve geolocation, ASN, and network provider context for any IPv4 or IPv6 address.

  • Endpoint: GET https://opskitpro.com/api/tools/ip-lookup
  • Parameters: ip (optional, defaults to requester's IP)
curl -s "https://opskitpro.com/api/tools/ip-lookup?ip=8.8.8.8" | jq

8. HTTP Check API

Perform an HTTP GET request to check status codes, headers, and redirect chains.

  • Endpoint: GET https://opskitpro.com/api/tools/http-check
  • Parameters: url (required, must start with http:// or https://)
curl -s "https://opskitpro.com/api/tools/http-check?url=https://example.com" | jq

9. Security Restrictions (SSRF Protection)

The OpsKitPro backend is heavily fortified against Server-Side Request Forgery (SSRF) and DNS Rebinding attacks. The following restrictions apply to tools that make outbound network requests (like HTTP Check):

  • Requests to private subnets (10.x.x.x, 192.168.x.x, etc.) are blocked.
  • Requests to loopback/link-local addresses (127.0.0.1, localhost, 169.254.x.x) are blocked.
  • Unusual ports are restricted; only 80, 443, 8080, and 8443 are allowed.
  • The HTTP Check API will manually follow redirects up to 5 times. It explicitly runs SSRF validation checks on the target of every redirect hop.

10. CORS Policy

The Public JSON API v0 is meant for public, read-only consumption. It currently responds with Access-Control-Allow-Origin: *. You can safely fetch these endpoints directly from client-side JavaScript in browsers.