API Documentation

Detect technologies programmatically with our REST API.

Interactive docs also available at /api/docs (OpenAPI/Swagger).

Authentication

Pass your API key via the key query parameter or the X-API-Key header. Some endpoints (detect, technologies, domain history) allow anonymous access with limited results.

# Query parameter
curl "https://api.whatstack.ai/api/detect?url=github.com&key=YOUR_KEY"

# Header
curl -H "X-API-Key: YOUR_KEY" "https://api.whatstack.ai/api/detect?url=github.com"

GET/api/detect

Detect all technologies powering a website. Returns tech names, versions, confidence scores, categories, and metadata (ads.txt, geo, company info, news signals).

Parameters

urlstring*The website URL to analyze

keystringYour API key (optional for anonymous access)

refreshstringSet to "true" to bypass cache and force fresh scan

cache_onlystringSet to "true" for cheap cache-only lookup (no scan)

Example Request

curl "https://api.whatstack.ai/api/detect?url=github.com&key=YOUR_KEY"

Example Response

{
  "request": "https://github.com",
  "result": { "code": 200, "msg": "Success." },
  "last_checked": 1707782400,
  "from_cache": false,
  "tranco_rank": 25,
  "results": [
    {
      "name": "React",
      "id": 1,
      "version": "18.2",
      "confidence": 100,
      "categories": ["JavaScript frameworks"],
      "categoryGroups": ["JavaScript Frameworks"],
      "url": "https://reactjs.org"
    }
  ],
  "category": { "primary": { "name": "Developer Tools", "confidence": 85 } },
  "geo": { "audience": { "country": "US", "name": "United States" } },
  "company": { "name": "GitHub, Inc." }
}

POST/api/detect

Same as GET /api/detect but accepts parameters in the request body.

Parameters

urlstring*The website URL to analyze

refreshbooleanForce fresh scan

cache_onlybooleanCache-only lookup

Example Request

curl -X POST https://api.whatstack.ai/api/detect \
  -H "X-API-Key: YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url": "github.com"}'

POST/api/detect/bulk

Scan up to 25 URLs in a single synchronous request. Requires authentication. URLs are processed in parallel batches of 10. Results returned immediately.

Parameters

urlsstring[]*Array of URLs to scan (max 25)

Example Request

curl -X POST https://api.whatstack.ai/api/detect/bulk \
  -H "X-API-Key: YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"urls": ["github.com", "shopify.com"]}'

Example Response

{
  "result": "success",
  "results": [
    {
      "url": "github.com",
      "result": { "code": 200, "msg": "Success." },
      "tech_count": 12,
      "results": [ ... ]
    }
  ]
}

POST/api/detect/bulk/asyncEnterprise

Submit up to 1,000 URLs for asynchronous scanning. Returns a job_id immediately. Jobs are processed in the background. Poll the status endpoint for progress.

Parameters

urlsstring[]*Array of URLs to scan (max 1,000)

namestringOptional job name for identification

priorityintegerProcessing priority (10=highest, 100=lowest, default 20)

Example Request

curl -X POST https://api.whatstack.ai/api/detect/bulk/async \
  -H "X-API-Key: YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"urls": ["github.com", "shopify.com", "..."], "name": "Q1 prospects"}'

Example Response

{
  "result": "success",
  "job_id": "abc123-def456",
  "urls_accepted": 500,
  "urls_skipped": 0,
  "poll_url": "/api/detect/bulk/async/abc123-def456"
}

GET/api/detect/bulk/async/:jobIdEnterprise

Poll the progress and results of an async bulk scan job. Add ?include_results=true to get per-domain results with tech data.

Parameters

jobIduuid*Job ID returned from POST endpoint (path param)

include_resultsstringSet to "true" to include per-domain results

limitintegerResults per page (max 500, default 100)

offsetintegerPagination offset

Example Request

curl "https://api.whatstack.ai/api/detect/bulk/async/abc123-def456?include_results=true" \
  -H "X-API-Key: YOUR_KEY"

Example Response

{
  "result": "success",
  "job_id": "abc123-def456",
  "status": "processing",
  "progress": 65,
  "total_urls": 500,
  "completed": 325,
  "succeeded": 310,
  "failed": 15,
  "results": [
    {
      "domain": "github.com",
      "status": "completed",
      "tech_count": 12,
      "tech_slugs": ["react", "node-js", "ruby"],
      "category": "Developer Tools"
    }
  ]
}

GET/api/lookup

Reverse technology lookup — find websites using specific technologies. Core lead generation endpoint. Supports filtering by country, category, industry, and contact availability. Returns domains ranked by Tranco popularity.

Parameters

techstring*Technology slug (repeat for AND logic, e.g. tech=wordpress&tech=woocommerce)

countrystringISO country code (e.g. NL, US, GB)

categorystringWebsite category filter (e.g. E-commerce)

industrystringIndustry text filter

languagestringLanguage code (e.g. en, nl)

maxRankintegerMaximum Tranco traffic rank

has_emailstringSet to "true" to filter for domains with email

has_phonestringSet to "true" to filter for domains with phone

has_socialstringSet to "true" to filter for domains with social links

limitintegerResults per page (max 1,000, default 100)

offsetintegerPagination offset

keystringYour API key (anonymous gets 3 results)

Example Request

curl "https://api.whatstack.ai/api/lookup?tech=wordpress&tech=woocommerce&country=NL&has_email=true&key=YOUR_KEY"

Example Response

{
  "result": { "code": 200, "msg": "Success." },
  "total": 142,
  "limit": 100,
  "offset": 0,
  "filters": { "tech": ["wordpress", "woocommerce"], "country": "NL", "has_email": true },
  "domains": [
    {
      "domain": "example.nl",
      "tech_count": 18,
      "tech_slugs": ["wordpress", "woocommerce", "stripe"],
      "category": "E-commerce & Retail",
      "tranco_rank": 45000,
      "country_code": "NL",
      "company_name": "Example B.V.",
      "industry": "Retail",
      "contact_email": "info@example.nl",
      "phone": "+31201234567",
      "social_links": ["https://linkedin.com/company/example"]
    }
  ]
}

Notes

Anonymous users see 3 results without contact info. Authenticated users get full results based on plan.
Rate limits: Free=10/day, Basic=100/day, Pro=1,000/day, Enterprise=100,000/day.
Rate limit headers: X-RateLimit-Limit, X-RateLimit-Remaining.
Multiple tech params use AND logic — results must contain ALL specified technologies.

GET/api/host

Detect the hosting provider, CDN, and server infrastructure of a website.

Parameters

urlstring*The domain to analyze

keystringYour API key

Example Request

curl "https://api.whatstack.ai/api/host?url=github.com&key=YOUR_KEY"

Example Response

{
  "request": "https://github.com",
  "result": { "code": 200, "msg": "Success." },
  "results": [
    {
      "ip": "140.82.121.4",
      "type": "ipv4",
      "isp_name": "GitHub",
      "isp_url": "https://github.com"
    }
  ]
}

GET/api/theme

Detect the WordPress theme used by a website, including theme name, version, and author.

Parameters

urlstring*A WordPress site URL

keystringYour API key

Example Request

curl "https://api.whatstack.ai/api/theme?url=wordpress.org&key=YOUR_KEY"

Example Response

{
  "request": "https://wordpress.org",
  "result": { "code": 200, "msg": "Success." },
  "results": {
    "theme_name": "flavor flavor flavor flavor flavor",
    "version": "1.0",
    "author": "flavor flavor"
  }
}

GET/api/status

Check your API key usage and remaining quota for the current billing period.

Parameters

keystring*Your API key

Example Request

curl "https://api.whatstack.ai/api/status?key=YOUR_KEY"

Example Response

{
  "result": {
    "code": 200,
    "msg": "Success.",
    "period_start": 1704067200,
    "period_end": 1706745600,
    "period_quota": 10000,
    "period_requests": 150,
    "period_remaining": 9850
  }
}

GET/api/technologies

List all 12,000+ detectable technologies with categories, descriptions, and popularity data. Public endpoint — no API key required.

Parameters

pageintegerPage number (default 1)

limitintegerResults per page (default 48)

groupstringFilter by category group slug

categorystringFilter by category slug

searchstringSearch by technology name

sortstringSort order: "popular", "a-z", "z-a", "recent"

Example Request

curl "https://api.whatstack.ai/api/technologies?search=react&limit=5"

Example Response

{
  "result": { "code": 200, "msg": "Success." },
  "total": 15,
  "technologies": [
    {
      "slug": "react",
      "name": "React",
      "categories": ["JavaScript frameworks"],
      "description": "A JavaScript library for building user interfaces",
      "domainCount": 1250
    }
  ]
}

GET/api/domain/:domain/history

Get the timeline of technology additions and removals for a domain. Public endpoint — no authentication required.

Parameters

domainstring*Domain name (path parameter, e.g. nytimes.com)

Example Request

curl "https://api.whatstack.ai/api/domain/nytimes.com/history"

Example Response

{
  "result": "success",
  "domain": "nytimes.com",
  "changes": [
    {
      "date": "2024-02-15",
      "added": ["Cloudflare Turnstile"],
      "removed": ["reCAPTCHA"]
    }
  ],
  "scan_count": 12,
  "first_seen": "2024-01-01T00:00:00Z"
}

Webhooks

Receive HTTP POST notifications when technologies change on your watchlist domains. Pro and Enterprise plans only.

GET/api/user/webhooksList your webhook endpoints

POST/api/user/webhooksCreate a new webhook endpoint

PUT/api/user/webhooks/:idUpdate an endpoint

DELETE/api/user/webhooks/:idDelete an endpoint

POST/api/user/webhooks/:id/testSend a test webhook

GET/api/user/webhooks/:id/deliveriesView delivery history

Events

watchlist.changesFired when technologies are added or removed from a watched domain

watchlist.scan_completeFired when a watchlist scan cycle completes

domain.scannedFired when a watchlist domain is scanned

alert.createdFired when a new tech change alert is generated

Webhook Payload

POST https://your-endpoint.com/webhook
X-WhatStack-Signature: sha256=abc123...
Content-Type: application/json

{
  "event": "watchlist.changes",
  "timestamp": "2024-02-15T12:00:00Z",
  "data": {
    "domain": "example.com",
    "added": ["Cloudflare Turnstile"],
    "removed": ["reCAPTCHA"]
  }
}

Signature Verification

Verify webhook authenticity using the HMAC-SHA256 signature in the X-WhatStack-Signature header.

const crypto = require('crypto');
const signature = req.headers['x-whatstack-signature'];
const expected = 'sha256=' + crypto
  .createHmac('sha256', YOUR_WEBHOOK_SECRET)
  .update(JSON.stringify(req.body))
  .digest('hex');
const valid = crypto.timingSafeEqual(
  Buffer.from(signature), Buffer.from(expected)
);

Retry Policy

Failed deliveries are retried 3 times with exponential backoff: 30 seconds, 5 minutes, 30 minutes. Endpoints are automatically disabled after 10 consecutive failures.

Zapier / Make Integration

Pro+

Connect WhatStack to 5,000+ apps via Zapier or Make. Trigger workflows when technologies change, domains are scanned, or alerts fire.

REST Hook Endpoints (for Zapier/Make)

POST/api/hooks/subscribeSubscribe: register a webhook URL

DELETE/api/hooks/subscribe?id=...Unsubscribe: remove a webhook

GET/api/hooks/eventsList all supported event types

GET/api/hooks/sample/:eventTypeGet sample payload for field mapping

POST/api/hooks/testSend a test payload to a URL

Polling Triggers (fallback)

GET/api/hooks/polling/tech-changesRecent technology changes

GET/api/hooks/polling/alertsRecent alerts

GET/api/hooks/polling/scansRecent watchlist scans

Quick Start — Subscribe via curl

# Subscribe to tech change events
curl -X POST "https://api.whatstack.ai/api/hooks/subscribe" \
  -H "X-API-Key: YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"hookUrl":"https://hooks.zapier.com/...", "event":"watchlist.changes"}'

# Response:
# { "result": "success", "id": "abc-123", "secret": "whsec_..." }

# Unsubscribe
curl -X DELETE "https://api.whatstack.ai/api/hooks/subscribe?id=abc-123" \
  -H "X-API-Key: YOUR_KEY"

Available Event Types

watchlist.changesTechnologies added/removed on watched domains

watchlist.scan_completeWatchlist scan cycle completed

domain.scannedA watchlist domain was scanned

alert.createdNew tech change alert generated

Rate Limits & Plans

Plan	Detection Quota	Lookup/day	Webhooks	Async Bulk
Anonymous	Limited	3	-	-
Free	500/mo	10	-	-
Basic	5,000/mo	100	-	-
Pro	25,000/mo	1,000	3 endpoints	-
Enterprise	100,000/mo	100,000	10 endpoints	1,000 URLs/job

Result Codes

Code	Description
200	Success - technologies detected
201	No technologies detected
202	Could not reach the URL
100	API key not provided
101	Invalid API key
110	URL parameter missing
111	Invalid URL format
120	Rate limited
121	Monthly quota exceeded
0	Server error