GET
/check
Check certificate for a single host
Parameters
| Name | Type | Description |
|---|---|---|
| iprequired | string | IP address or hostname to check |
| portrequired | integer | Port number (1-65535) |
| snioptional | string | SNI hostname for TLS handshake |
| validateoptional | string | Hostname to validate against CN/SAN |
Example Request
GET /check?ip=1.1.1.1&port=443&sni=cloudflare.com&validate=cloudflare.com
Response
{
"success": true,
"ip": "1.1.1.1",
"port": 443,
"sni": "cloudflare.com",
"certificate": {
"subject": {
"CN": "cloudflare.com",
"O": "Cloudflare, Inc.",
"L": "San Francisco",
"ST": "California",
"C": "US"
},
"issuer": {
"CN": "DigiCert TLS RSA SHA256 2020 CA1",
"O": "DigiCert Inc",
"C": "US"
},
"sans": [
"cloudflare.com",
"*.cloudflare.com",
"cloudflare-dns.com"
],
"validFrom": "2024-01-15T00:00:00.000Z",
"validTo": "2025-01-14T23:59:59.000Z",
"daysRemaining": 180,
"serialNumber": "0A1B2C3D4E5F...",
"fingerprint": "AB:CD:EF:12:34:56:78:90"
},
"chain": [
{ "subject": { "CN": "cloudflare.com" }, // Leaf },
{ "subject": { "CN": "DigiCert TLS RSA SHA256 2020 CA1" }, // Intermediate },
{ "subject": { "CN": "DigiCert Global Root CA" }, // Root }
],
"validation": {
"valid": true,
"hostnameMatch": true,
"errors": [],
"warnings": []
}
}
Try it out
POST
/check/batch
Check certificates for multiple hosts
Request Body
| Name | Type | Description |
|---|---|---|
| checksrequired | array | Array of check objects (max 25) |
| checks[].iprequired | string | IP address or hostname |
| checks[].portrequired | integer | Port number |
| checks[].snioptional | string | SNI hostname |
| checks[].validateoptional | string | Hostname to validate |
Example Request
POST /check/batch
Content-Type: application/json
{
"checks": [
{
"ip": "1.1.1.1",
"port": 443,
"sni": "cloudflare.com"
},
{
"ip": "8.8.8.8",
"port": 443,
"sni": "dns.google"
}
]
}
Response
{
"results": [
{
"success": true,
"ip": "1.1.1.1",
"port": 443,
"certificate": {
"subject": { "CN": "cloudflare.com" },
// ... full certificate details
}
},
{
"success": true,
"ip": "8.8.8.8",
"port": 443,
"certificate": {
"subject": { "CN": "dns.google" },
// ... full certificate details
}
}
],
"totalChecked": 2,
"successCount": 2,
"failureCount": 0
}
Try it out
GET
/config
Get current server configuration
Parameters
No parameters required.
Response
{
"allowPrivateIPs": false,
"batchMaxSize": 25,
"batchMaxConcurrent": 5,
"rateLimits": {
"singleCheckPerMinute": 10,
"batchCheckPerMinute": 2
}
}
Try it out
INFO
Error Responses
Common error codes and formats
HTTP Status Codes
| Code | Description |
|---|---|
| 200 | Success |
| 400 | Bad request (invalid parameters, batch too large, private IP blocked) |
| 429 | Rate limit exceeded |
| 500 | Server error (connection failed, timeout, etc.) |
Rate Limit Response (429)
{
"error": "Rate limit exceeded. Please wait before making more requests.",
"retryAfter": 45 // seconds until reset
}
Validation Error (400)
{
"error": "Private/internal IP addresses are not allowed. Set ALLOW_PRIVATE_IPS=true to enable."
}
Connection Error (500)
{
"success": false,
"ip": "199.60.123.1",
"port": 443,
"error": "Connection timed out"
}
Rate Limit Headers
All responses include rate limit headers:
X-RateLimit-Remaining: 8 // requests left in window
X-RateLimit-Reset: 45 // seconds until window reset