Developer guides & examples
- Overview
- Features
- Authentication
-
API EndpointsInspector
- GET SSL Health Inspector
- GET Security Headers Inspector
- GET Email Inspector
- GET User Agent Inspector
- GET IP Geolocation
- GET DNS Lookup
- GET Redirect Tracer
- GET Meta Tag Extractor
- GET Link Checker
- GET Robots.txt Parser
- GET Favicon Fetcher
- GET URL Validator
- GET Email Auth Validator
- POST JWT Decoder
- POST Text Analyzer
- POST Image Metadata Extractor
- GET Website Performance Analyzer
- GET My IP Address
- GET HTTP Status Code Lookup
- GET Cron Expression Parser
- POST JSON Diff / Compare
- POST Regex Tester
- GET CORS Checker
- GET Sitemap Parser
- GET Structured Data Validator
- GET Mixed Content Checker
Converter- POST HTML to PDF Converter
- POST Markdown to HTML
- POST JSON Formatter & Validator
- POST JSON to CSV
- POST Base64 Encode/Decode
- GET Phone Number Formatter
- POST JSON Schema Validator
- POST Hash Generator
- GET Color Converter
- GET Timestamp Converter
- POST URL Encoder/Decoder
- POST CSV to JSON Converter
- POST HTML to Markdown Converter
- POST YAML to JSON Converter
- POST XML to JSON Converter
- POST JSON to XML Converter
- POST Markdown to PDF Converter
- POST JSON to YAML Converter
GeneratorLookup - Response Format
- Code Examples
- OpenAPI Docs
Share Your Feedback
Suggest a micro‑API
API Features
Explore the powerful features built into every Apixies API endpoint. From request tracking to security headers, our APIs are designed for developer productivity and application security.
Consistent JSON Envelope
Every endpoint returns the same response structure. Write your parsing logic once and reuse it across all 55 endpoints.
{
"status": "success",
"http_code": 200,
"code": "SUCCESS",
"message": "Operation completed",
"data": { ... }
}
Error responses replace data with errors and
include a machine-readable code for programmatic handling.
See Response Format for details.
Request Tracking
Each request receives an X-Request-ID header (UUID). Supply your own or use
the system-generated one to correlate logs across micro-services. The ID is included in both the response
header and the JSON body.
Rate Limiting & Quotas
Multiple layers of rate limiting protect the platform and ensure fair access:
- 60 requests/minute per IP
- 50 requests/second global safety cap per IP
- Daily quotas: 20/day (anonymous) or 75/day (registered)
See Authentication for full details on limits per tier.
Sandbox Mode
Try any endpoint without signing up using sandbox tokens. Interactive demos on every endpoint documentation page generate a sandbox token automatically, so you can test the API right in your browser.
Security Headers
- Content Security Policy (CSP)
- HTTP Strict Transport Security (HSTS)
- X-Frame-Options, X-Content-Type-Options
- Referrer Policy
- Strict TLS (TLS 1.2+) with modern ciphers
CORS Support
All API endpoints include CORS headers, allowing you to call the API directly from browser-based JavaScript applications without proxy workarounds.
Input Sanitization
String inputs are automatically trimmed. For endpoints that accept HTML (such as HTML to PDF), dangerous tags and scripts are stripped to prevent injection attacks.
SSRF Prevention
Endpoints that accept URLs (screenshot, redirect tracer, link checker, etc.) validate targets against private and reserved IP ranges to prevent server-side request forgery.
OpenAPI Specification
A machine-readable OpenAPI (Swagger) spec is available for all endpoints. Import it into Postman, Insomnia, or any OpenAPI-compatible tool for auto-generated client libraries and request validation.