Email lookup in a clean OSINT surface.
Email and phone lookup
Omkar API
Add or remove the primary Omkar API key. Changes apply on the server immediately.
snitch.click
API Reference
Internal REST API for querying OSINT data sources. All endpoints require a valid session cookie.
Authentication
All API endpoints (except /api/auth) require a valid session cookie obtained by authenticating with the site password.
Session cookies are HttpOnly and SameSite=Strict. They expire after 7 days. Sessions are stored in server memory — a restart clears all sessions.
POST
/api/auth
Authenticate with the site password. Sets a session cookie on success.
Request
"Content-Type": "application/json" { "password": "your-site-password" }
Response — 200 OK
{
"ok": true
}
// Set-Cookie: snitch_sid=<token>; HttpOnly; SameSite=Strict; Path=/; Max-Age=604800
Error responses
| Status | Error | Description |
|---|---|---|
| 400 | Bad request | Malformed JSON body |
| 401 | Wrong password | Invalid password |
| 429 | Too many attempts | Rate limited. Includes retryAfter (seconds) |
Lookup
Query all connected data sources for an email address or phone number. Responses are normalized — all sources return the same record schema.
POST
/api/lookup
Request body
| Field | Type | Required | Description |
|---|---|---|---|
| value | string | required | Email address or phone number to look up |
| mode | string | required | "email" or "phone" |
curl -X POST http://localhost:3000/api/lookup \ -H "Content-Type: application/json" \ --cookie "snitch_sid=<token>" \ -d '{"value": "user@example.com", "mode": "email"}'
Response — 200 OK
{
"ok": true,
"query": "user@example.com",
"mode": "email",
"summary": { "total_records": 87, "sources_hit": 4 },
"results": {
"breachvip": { /* ServiceResult */ },
"snusbase": { /* ServiceResult */ },
"leakcheck": { /* ServiceResult */ },
"hackcheck": { /* ServiceResult */ },
"intelvault": { /* ServiceResult */ },
"seon": { /* SeonResult */ }
}
}
ServiceResult schema
{
"ok": true,
"count": 17,
"records": [
{
"source": "twitter.com",
"name": "John Doe",
"username": "johndoe",
"password": "hunter2",
"ip": "1.2.3.4",
"phone": "+12025551234",
"address": "123 Main St, Washington, DC"
}
]
}
Record fields
| Field | Type | Description |
|---|---|---|
| source | string | null | Name of the database the record came from |
| name | string | null | Full name |
| username | string | null | Username or handle |
| password | string | null | Plaintext or hashed password from the breach |
| ip | string | null | IP address associated with the record |
| phone | string | null | Phone number |
| address | string | null | Physical address |
| city / state / country | string | null | Structured address fields when available |
| domain | string | null | Parsed domain when the source provides one |
| categories | string[] | undefined | Source-specific tags |
SeonResult schema
{
"ok": true,
"score": 0,
"deliverable": true,
"platforms": ["apple", "facebook"],
"hibp_breaches": 24,
"breaches": [{ "name": "Twitter (200M)", "date": "2021-01" }]
}
Failed service
{ "ok": false, "error": "Upstream error 503" }
Global error responses
| Status | Condition |
|---|---|
| 400 | Invalid JSON or missing value field |
| 401 | No valid session cookie — authenticate first |
| 429 | Auth rate limit exceeded |