Documentation

API & Console Reference

Integrate WolfEye via REST API or use the web console. All endpoints require a valid API key on Pro, Ultra, or Owner plans.

Getting started

WolfEye provides targeted OSINT for email, phone, Discord, IP, domain, and username. Use the web console, REST API, or Telegram bot (optional).

Step 1Upgrade to Pro or Ultra via @spyharver_help
Step 2Get your API key from the Telegram bot or web console account settings
Step 4Integrate via https://api.wolfeye.xyz or use the dashboard search UI

Architecture

WolfEye uses a split stack: the website is frontend-only (Vercel). The backend is a standalone Python API — not the Telegram bot.

Frontendwww.wolfeye.xyz — Next.js console & docs
Backendhttps://api.wolfeye.xyz — Python REST API (run_api.py)
EdgeDDoS protection, WAF, bot filtering, TLS
TransportSecure tunnel — origin never exposed on public IP
Telegram botOptional client; same API underneath

External sites and automation should call https://api.wolfeye.xyz/api/v1/… directly with an API key. The web console proxies requests through your session cookie for convenience.

Query modules

Each identifier type activates a dedicated pipeline. Queries are routed automatically by format detection, or pass module explicitly.

Email

target@domain.com

DataHound · Horus · OathNet · LeakOSINT · BreachVIP · SeekKnow · Seekria · OpenArchive · DeepScan · Account Recovery · Partial Recovery · Shadow Partial · FiveM Link · Discord Graveyard · PayPal Trace · Adobe · Spotify · Duolingo · GitHub · Twitch · Pinterest · Imgur · Deliveroo · Archive.org · DevRant · XVideos · Last.fm · Snapchat · Gravatar · Chess.com · WordPress · Dropbox · SoundCloud · Medium · Replit · Flickr · AI OSINT · Auto Cascade

Phone

+39 333 1234567

DataHound · Horus · OathNet · LeakOSINT · Seekria · DeepScan · Phone Intel · Account Recovery · Partial Recovery · Shadow Partial · FiveM Link

Telegram

@username or 123456789

DeepScan · DataHound · Horus Telegram · Phone Intel · Seekria

Doxbin

username

Doxbin Leak DB · Local Breach DB · Doxbin Live

Dox Search

First Last or nickname

Doxbin Leak DB · Local Breach DB · Doxbin Search

Fiscal Code

RSSMRA85M01H501Z

CF Decoder · Belfiore · Local Breach DB · OathNet · LeakOSINT · BreachVIP · SeekNow

VAT Search

12345678901 or DE123456789

VIES EU · VATComply · OpenAPI IT · Local Breach DB · OathNet · LeakOSINT

Business Search

Acme Srl or P.IVA

OpenCorporates · Companies House · OpenAPI IT · VIES · Local Breach DB · OathNet

IBAN Intel

IT60X0542811101000000123456

OpenIBAN · IBAN Checksum · Local Breach DB · OathNet · LeakOSINT · BreachVIP

Tax ID Search

CF, P.IVA, EIN, VAT or IBAN

Auto-detect · VIES · OpenIBAN · CF Decoder · Local Breach DB · OathNet · LeakOSINT

Partial Recovery

email or +39...

Instagram · Battle.net · Epic · EA · Apple · Google · PayPal · Uber · Twitter/X

Phone → Email

+39 333 1234567

Amazon · Apple · Google · Microsoft · Twitter/X · WhatsApp · Telegram · PayPal

Email → Phone

target@domain.com

Amazon · Apple · Google · Microsoft · Twitter/X · PayPal · Steam · Epic

Shadow Leak

email, phone or username

Shadow Partial DB · Local Breach DB

FiveM Hunter

username, steam, license, discord id

FiveM Link DB · CFX Dumps · EvoLife · MoonLife

Discord Grave

username, email or discord id

Discord Scrape DB · Local Breach DB

PayPal Trace

email, username or IP

PayPal Logs · Buycraft · Tebex

DoorDash

email

DoorDash Recovery

PayPal

email

PayPal Recovery

DataAvoid

email

DataAvoid Recovery

Stripe

merchant@email.com

Stripe Dashboard

Discord

123456789012345678

CordCat · BreachVIP · OathNet · Local Breach DB

IP

192.168.1.1

OathNet · BreachVIP · Seekria · Local Breach DB

Domain

example.com

DataHound · Seekria

Folder

breach/subfolder

Folder Intel · Local Breach DB · Horus

Username

handle

DataHound · OathNet · LeakOSINT · BreachVIP · SeekKnow · Seekria · CSINT · Shadow Partial · FiveM Link · Discord Graveyard · PayPal Trace

GitHub

username or github.com/owner/repo

GitHub OSINT · Commit Scraper

Minecraft

Steve123

Seekria MC · Reconly · Local Breach DB · BreachVIP

FiveM

license:abc123 or username

Reconly FiveM · Local Breach DB · BreachVIP · Seekria

WolfLocate

Upload photo

EXIF GPS · OCR · Local Breach DB · Offline Geocoder · Satellite Map

Web console

Module tabs, structured result cards, search history, folder analysis, tickets, and account settings. Optional Horus OSINT (€0.10/search, owner/admin exempt).

Dashboard/dashboard
SearchPOST /api/search with { query, module, horus }
Landing consoleInteractive preview on homepage when logged in
AnalyticsOverview tab — success rate, waste ratio, history
IP whitelistAccount settings — restrict API key to fixed IPs

REST API

Base URL: https://api.wolfeye.xyz

Authenticate with ?key=YOUR_API_KEY, header X-Api-Key, or a web session cookie. Requires Pro, Ultra, or Owner plan. Device binding applies to dashboard login.

Auth?key=… or X-Api-Key header or session cookie
Device bindX-Device-Id header (web console)
FormatJSON — POST bodies application/json
QuotaPlan-based lookup limit (429 when exceeded)
CORSEnabled for browser integrations
# Quick test
curl -s "https://api.wolfeye.xyz/api/v1/health"
curl -s "https://api.wolfeye.xyz/api/v1/status?key=YOUR_API_KEY"

Security

Defense in depth: Edge protection (DDoS, OWASP WAF, bot filtering) plus strict origin controls. The database is never reachable over HTTP.

Edge protection (enable all — see deploy checklist)

DDoSHigh sensitivity on api + www
Bot Fight ModeBlock automated abuse; allow legitimate API clients with keys
OWASP managed rulesSQLi, XSS, RCE probes blocked at edge
Custom WAFBlock .db/.env paths, scanners, empty User-Agent on API
Rate limits200 req/min/IP API; 20 req/min on /auth/*
TunnelOrigin on localhost only — home IP never serves API

API origin (run_api.py)

Origin protectionDirect IP access blocked without edge headers
Path whitelist/api/v1/* only — probes get 404 + 24h IP ban
Rate limitsPer-IP, per-API-key, stricter on /search and /analyze
Auth hardeningConstant-time key check; 15 fails → 30 min ban
Injection filterSQLi/XSS patterns in query/path rejected
Scanner blocksqlmap, nikto, nuclei User-Agents denied
Payload cap64 KB max POST body
HeadersHSTS preload, nosniff, DENY frame, no-store
Key transportPrefer X-Api-Key header over ?key= in URL

Web console (Vercel)

MiddlewareSecurity headers on all pages + API BFF routes
Edge rate limits/api/search, login, register, key rotation capped per IP
CookiesHttpOnly, Secure, SameSite=Lax, .wolfeye.xyz domain
CSPStrict connect-src; frame-ancestors none

Your checklist

  • Run bash deploy/security-setup.sh and apply every rule.
  • Enable IP whitelist for production API keys.
  • Never expose keys in frontend JavaScript or public repos.
  • Regenerate key immediately if leaked.

Endpoints

Authenticated endpoints require ?key=YOUR_API_KEY unless logged in via the web console.

GET/api/v1/health

Health check. No authentication. Minimal public response.

curl "https://api.wolfeye.xyz/api/v1/health"
GET/api/v1/status

Returns plan, usage count, and remaining lookups.

curl "https://api.wolfeye.xyz/api/v1/status?key=YOUR_API_KEY"
GET/api/v1/search

Execute OSINT search via query string. Consumes one lookup.

curl "https://api.wolfeye.xyz/api/v1/search?key=YOUR_API_KEY&q=target@email.com"
POST/api/v1/search

Recommended. JSON body with query, optional module, and horus: true for Horus OSINT (€0.10/search).

curl -X POST "https://api.wolfeye.xyz/api/v1/search?key=YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"query":"+393331234567","module":"phone","horus":false}'
GET/api/v1/analytics

Search statistics, recent history, wallet balance, Horus config.

curl "https://api.wolfeye.xyz/api/v1/analytics?key=YOUR_API_KEY"
GET/api/v1/horus/modules

List Horus modules permitted for your API key.

curl "https://api.wolfeye.xyz/api/v1/horus/modules?key=YOUR_API_KEY"
POST/api/v1/analyze

Folder or file analysis — scan breach dumps for identifiers.

curl -X POST "https://api.wolfeye.xyz/api/v1/analyze?key=YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"folder":"breach/subfolder"}'
POST/api/v1/account/ip-whitelist

Set allowed IPs for your API key (empty list = allow all).

curl -X POST "https://api.wolfeye.xyz/api/v1/account/ip-whitelist?key=YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"ips":["203.0.113.10","198.51.100.5"]}'

Response shape

pages[]Paginated result sections
data.sections{}Raw source payloads keyed by module
metaduration_ms, source_count, horus_used, wallet_cents
402Insufficient Horus wallet balance

Error codes

400Missing query or malformed request
401Invalid or missing API key
402Insufficient Horus balance
403Plan insufficient, banned, device/IP blocked
404Unknown path (non-API routes blocked)
429Lookup limit or rate limit exceeded
500Search execution error

Support

Contact @spyharver_help on Telegram for payments, activation, and technical support.