Introduction
The CrowTrace API speaks JSON over HTTPS. It accepts JSON request bodies, returns JSON responses, and uses standard HTTP status codes.
JSON over HTTPS
Simple GET + POST calls.
One token
Same credentials as the dashboard.
Every module
Internal DBs + OSINT gateway, scriptable.
Authentication
All module endpoints require authentication. Authenticate with a Bearer token, or reuse the session cookie set by the dashboard.
Obtain a token
Authenticate against /api/auth/login. The JWT is returned as an httpOnly cookie and is valid for 7 days. For server-to-server use, copy that token and send it as a Bearer header.
curl -X POST https://api.crowtrace.com/api/auth/login \
-H "Content-Type: application/json" \
-d '{"email":"[email protected]","password":"••••••••"}'Authenticate requests
Attach the token to every request via the Authorization header.
Authorization: Bearer YOUR_TOKENKeep your token secret. Anyone holding it can issue requests as you. Rotate it by logging in again.
Rate limits
Limits are enforced per IP. Exceeding them returns 429 — back off and retry.
600 / 15 min
Global request ceiling across all endpoints.
30 / min
Per-module ceiling on search & lookup routes.
Errors
CrowTrace uses conventional HTTP status codes. Errors carry a JSON body with an error field.
400Bad RequestMissing or invalid parameters.401UnauthorizedMissing or invalid token / session.402Payment RequiredRequest quota reached for your plan.403ForbiddenAccount suspended.404Not FoundUnknown endpoint.429Too Many RequestsRate limit exceeded — back off and retry.503Service UnavailableDatabase temporarily unreachable.{ "error": "Crédits insuffisants" }Modules
CrowTrace's own databases & lookups. All paths are relative to the base URL.
Unified search
Unified search
/api/searchOne query, correlated across FiveM, Minecraft and Medal. The type of the query (IP, license, Discord ID, Steam, email, UUID, name) is auto-detected.
Parameters
qstringrequiredThe search term. Min 2 characters.typestring"fivem" | "minecraft" | "medal" | "all". Defaults to "all".limitnumberMax rows per source. 1–200, default 50.Request
curl -X POST https://api.crowtrace.com/api/search \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"q":"Shadow","type":"all","limit":50}'Response
{
"query": "Shadow",
"detected_type": "name",
"total": 14,
"results": {
"fivem": [
{
"license": "license:a1b2…",
"steam": "11000100abc…",
"name": "Shadow",
"ip": "82.66.x.x",
"discord_id": "3120…",
"email": null,
"source_file": "server_eu_03"
}
],
"minecraft": [ … ],
"medal": [ … ]
},
"meta": { "searchedAt": "2026-06-06T12:00:00.000Z" }
}FiveM
FiveM — search
/api/fivem/searchSearch the indexed FiveM player database. At least one parameter is required; multiple are OR-combined.
Parameters
licensestringFiveM license identifier (40 hex chars).discord_idstringLinked Discord user ID.ipstringIPv4 address.steamstringSteam hex identifier.namestringDisplay name (partial match).limitnumber1–200, default 50.Request
curl -X POST https://api.crowtrace.com/api/fivem/search \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"discord_id":"312045678901234567","limit":50}'Response
{
"total": 2,
"results": [
{
"license": "license:a1b2c3…",
"steam": "110001000000000",
"name": "Shadow",
"ip": "82.66.x.x",
"discord_id": "312045678901234567",
"xbox_live": null,
"live_id": null,
"fivem_id": "1284412",
"email": null,
"discord_name": "shadow#0001",
"source_file": "server_eu_03"
}
],
"query": { "discord_id": "312045678901234567" },
"meta": { "searchedAt": "2026-06-06T12:00:00.000Z" }
}Minecraft
Minecraft — search
/api/minecraft/searchSearch the indexed Minecraft account database. At least one parameter is required.
Parameters
usernamestringAccount username (partial match).ipstringLast known IPv4.emailstringAccount email (exact).uuidstringMojang UUID.limitnumber1–200, default 50.Request
curl -X POST https://api.crowtrace.com/api/minecraft/search \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"username":"Notch","limit":50}'Response
{
"total": 1,
"results": [
{
"username": "Notch",
"email": "n***@example.com",
"password_hash": "$2a$…",
"ip": "20.13.x.x",
"uuid": "069a79f4-44e9-4726-a5be-fca90e38aaf5",
"source_server": "hypixel"
}
]
}Medal.tv
Medal.tv — search
/api/medal/searchSearch indexed Medal.tv user profiles. At least one parameter is required. Sorted by follower count.
Parameters
usernamestringAccount username (partial).user_idstringMedal / Discord user ID.display_namestringDisplay name (partial).limitnumber1–200, default 50.Request
curl -X POST https://api.crowtrace.com/api/medal/search \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"username":"shadow","limit":50}'Response
{
"total": 3,
"results": [
{
"user_id": "312045678901234567",
"display_name": "Shadow",
"username": "shadow",
"followers": 1284,
"following": 91,
"created_at": "2021-08-14"
}
]
}Medal.tv — correlate
/api/medal/correlateResolve a Discord ID or username to Medal.tv profiles. Known Discord aliases are expanded, then matched against Medal user IDs, usernames and display names.
Parameters
querystringrequiredDiscord ID or username. Min 2 characters.Request
curl -X POST https://api.crowtrace.com/api/medal/correlate \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"query":"312045678901234567"}'Response
{
"query": "312045678901234567",
"detected_type": "discord_id",
"discord": { "ids": ["312045678901234567"], "usernames": ["shadow"] },
"total": 1,
"medal": [
{
"user_id": "312045678901234567",
"display_name": "Shadow",
"username": "shadow",
"followers": 1284,
"following": 91,
"created_at": "2021-08-14"
}
]
}Discord
Discord — lookup
/api/discord/lookupResolve a Discord profile by ID or username. Returns avatar, creation date and any correlated linked identities.
Parameters
querystringrequiredDiscord user ID or username. Min 2 characters.Request
curl -X POST https://api.crowtrace.com/api/discord/lookup \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"query":"312045678901234567"}'Response
{
"found": true,
"query": "312045678901234567",
"profiles": [
{
"user_id": "312045678901234567",
"username": "shadow",
"global_name": "Shadow",
"created_at": "2017-05-02",
"linked": { "fivem": 2, "medal": 1 }
}
]
}Discord — full history
/api/discord/history?id=1234567890123456789Retrieve the complete indexed history for a Discord user — messages, DMs, server activity and profile metadata.
Parameters
idstringrequiredDiscord Snowflake ID (15–20 digits).Request
curl "https://api.crowtrace.com/api/discord/history?id=1234567890123456789" \
-H "Authorization: Bearer YOUR_TOKEN" Response
{
"success": true,
"discord_id": "1234567890123456789",
"count": 142,
"results": [
{
"type": "message",
"content": "hey whats up",
"channel_id": "9876543210",
"guild_id": "1111111111111111111",
"timestamp": "2024-03-15T14:22:00Z"
}
]
}Discord — messages
/api/discord/messages?id=1234567890123456789&limit=50Return only the messages array for a Discord user, filtered and limited. Useful when you only need raw message content.
Parameters
idstringrequiredDiscord Snowflake ID (15–20 digits).limitintegerMax messages. 1–500, default 100.Request
curl "https://api.crowtrace.com/api/discord/messages?id=1234567890123456789&limit=50" \
-H "Authorization: Bearer YOUR_TOKEN" Response
{
"success": true,
"discord_id": "1234567890123456789",
"total": 142,
"messages": [
{
"content": "hey whats up",
"channel_id": "9876543210",
"timestamp": "2024-03-15T14:22:00Z"
}
]
}Discord — history export (ZIP)
/api/discord/export?id=1234567890123456789Download a full ZIP archive of the Discord user’s indexed history — structured JSON files with all messages, DMs and metadata. Returns a binary ZIP stream.
Parameters
idstringrequiredDiscord Snowflake ID (15–20 digits).Request
curl "https://api.crowtrace.com/api/discord/export?id=1234567890123456789" \
-H "Authorization: Bearer YOUR_TOKEN" Response
# Binary ZIP download
# Content-Type: application/zip
# Content-Disposition: attachment; filename="discord_history_1234567890123456789.zip"NPD
NPD — people search
/api/npd/searchSearch the FR / US personal-data set. Email and phone match exactly; longer terms match name, city, national ID, IBAN or plate. Records sharing an email, phone, national ID or name+DOB are merged into a single profile.
Parameters
querystringrequiredEmail, phone, name, IBAN, national ID or plate. Min 2 characters.limitnumberMax raw rows before merge. 1–500, default 100.Request
curl -X POST https://api.crowtrace.com/api/npd/search \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"query":"[email protected]","limit":100}'Response
{
"found": true,
"query": "[email protected]",
"total": 1,
"raw_total": 3,
"profiles": [
{
"first_name": "John",
"last_name": "Doe",
"date_of_birth": "1988-04-12",
"gender": "M",
"emails": ["[email protected]"],
"phones": ["+33612345678"],
"ip_addresses": [],
"address": "12 RUE DE LA PAIX",
"city": "PARIS",
"postal_code": "75002",
"country": "FR",
"national_id": "",
"iban": "",
"plate_number": "",
"merged_count": 3
}
]
}OSINT APIs
Partner intelligence sources, proxied server-side. The provider key stays on our servers — you authenticate to CrowTrace and we forward the call.
Snusbase
Leaked-database search — email, username, hash, IP.
Snusbase — search
/api/osint/snusbase/searchSearch Snusbase across leaked databases by email, username, name, IP, hash and more. Proxied server-side; the provider response is returned verbatim.
Parameters
querystringrequiredSearch term — email, username, name, IP…Request
curl -X POST https://api.crowtrace.com/api/osint/snusbase/search \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"query":"[email protected]"}'Response
{
"took": 123,
"size": 42,
"results": {
"database_name": [
{ "email": "[email protected]", "username": "…", "password": "…" }
]
}
}Snusbase — combo lookup
/api/osint/snusbase/combo-lookupLook up credential combos by username or by password.
Parameters
typestringrequired"username" or "password".querystringrequiredThe username or password to look up.Request
curl -X POST https://api.crowtrace.com/api/osint/snusbase/combo-lookup \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"type":"username","query":"john_doe"}'Response
{ "results": [ { "email": "…", "password": "…" } ] }Snusbase — hash lookup
/api/osint/snusbase/hash-lookupReverse a password hash (MD5, SHA1, …) to plaintext, or look up a plaintext password.
Parameters
querystringrequiredHash or plaintext password.typestring"hash" (default) or "password".Request
curl -X POST https://api.crowtrace.com/api/osint/snusbase/hash-lookup \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"type":"hash","query":"5f4dcc3b5aa765d61d8327deb882cf99"}'Response
{ "results": [ { "hash": "5f4dcc3b…", "password": "password" } ] }Snusbase — IP WHOIS
/api/osint/snusbase/ip-whoisWHOIS and geolocation intelligence for an IP address.
Parameters
querystringrequiredIPv4 / IPv6 address.Request
curl -X POST https://api.crowtrace.com/api/osint/snusbase/ip-whois \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"query":"8.8.8.8"}'Response
{ "results": { "ip": "8.8.8.8", "country": "US", "isp": "…" } }
LeakOSINT
OSINT search across multiple leak sources.
LeakOSINT — search
/api/osint/leakosint/searchOSINT search for leaked information across multiple sources. Proxied server-side; the provider response is returned verbatim.
Parameters
querystringrequiredSearch term — email, phone, name…Request
curl -X POST https://api.crowtrace.com/api/osint/leakosint/search \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"query":"[email protected]"}'Response
{
"List": {
"source_name": {
"InfoLeak": "…",
"Data": [ { "email": "[email protected]", "…": "…" } ]
}
}
}
Intelligence X
Raw file retrieval from the IntelX archive.
IntelligenceX — by UUID
/api/osint/intelxMode 1 — retrieve raw file content by IntelX system UUID. Requires the IntelX add-on / Premium plan; daily quota resets at midnight UTC.
Parameters
system_idstringrequiredIntelX system UUID — xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.Request
curl -X POST https://api.crowtrace.com/api/osint/intelx \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"system_id":"67283122-710f-477c-82dd-2edb8db140ed"}'Response
// JSON when the provider returns JSON, otherwise raw text is wrapped:
{
"raw": "[email protected]:password\[email protected]:hunter2\n…"
}IntelligenceX — by Storage ID
/api/osint/intelxMode 2 — retrieve raw file content by Storage ID together with the bucket it lives in.
Buckets: darknet.i2p · darknet.tor · documents.public.scihub · dumpster · dumpster.web.1 · dumpster.web.ssn · leaks.logs · leaks.private.general · leaks.public.general · leaks.public.wikileaks · pastes · patent.us · usenet · web.gov.ru · web.public.af · web.public.ams · web.public.aq · web.public.business · web.public.cee · web.public.cn · whois
Parameters
storage_idstringrequiredIntelX Storage ID.bucketstringrequiredIntelX bucket name (see list).Request
curl -X POST https://api.crowtrace.com/api/osint/intelx \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"storage_id":"ac3ad5b290946ffc68afa2963e8d1ff350e56f6e40b501e3bbc4b8e0ce010c250f59e922a073abee3d914e83895265041b2cf265fcd7ff8b4f05ecb765971f1d","bucket":"leaks.logs"}'Response
// JSON when the provider returns JSON, otherwise raw text is wrapped:
{
"raw": "[email protected]:password\[email protected]:hunter2\n…"
}