Crawlsonar

Crawlsonar API

Every check on this site, from one authenticated endpoint. JSON in, JSON out — wire the audits into your own dashboards, CI, or agent workflows.

1. Get a key

Free tier: 100 requests/day. No account needed.

Send it on every request as Authorization: Bearer <key> (or x-api-key). Keys are stored hashed and can’t be recovered — save yours somewhere safe.

2. Run a check

POST https://crawlsonar.com/api/v1/run

curl -X POST https://crawlsonar.com/api/v1/run \
  -H "Authorization: Bearer cs_live_xxx" \
  -H "Content-Type: application/json" \
  -d '{"tool":"email-deliverability","url":"example.com"}'

Response: { "tool": "...", "target": "...", "result": { /* the check report */ } }. Rate-limit headers (x-ratelimit-limit, x-ratelimit-remaining) are returned on every call.

Tools

Pass one of these as tool:

toolwhat it checksinput
domain-auditFull domain auditdomain
dnsDNS & email recordsdomain
sslSSL / TLSdomain
http-headersHTTP & security headersurl
whoisWHOIS / RDAPdomain
email-deliverabilityEmail deliverabilitydomain
ai-readinessAI readinessurl
llms-txtllms.txtorigin
performanceSpeed / TTFBurl
core-web-vitalsCore Web Vitalsurl
securitySecurity surfaceurl
subdomainsSubdomain finder (CT)domain
link-previewLink / Open Graph previewurl

Limits & errors

  • Free tier: 100 requests/day per key. 429 with an upgrade note when exceeded.
  • 401 — missing/invalid/revoked key. 400 — bad body or a target that isn’t allowed (e.g. a private address). 502 — the target didn’t respond.
  • All checks are SSRF-safe and read only public data from the target you pass.

MCP server (for AI agents)

Crawlsonar is also a Model Context Protocol server, so an AI assistant can run these checks itself. Point an MCP-capable client at https://crawlsonar.com/api/mcp (Streamable HTTP, JSON-RPC 2.0). Every tool from the table above is exposed and takes a url.

# tools/list
curl -X POST https://crawlsonar.com/api/mcp \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'