Security APIs provide authentication, encryption, and access control services. Implement robust security features in your applications including password hashing, token management, and permission systems.
Last verified: April 1, 2026
| Name | Description | Auth | HTTPS | CORS | Status |
|---|---|---|---|---|---|
| Application Environment Verification | Android library and API to verify the safety of user devices, detect rooted devices and other risks | apikey | Yes | yes | alive |
| BinaryEdge | Provide access to BinaryEdge 40fy scanning platform | apikey | Yes | yes | alive |
| BitWarden | Best open-source password manager | oauth | Yes | unknown | alive |
| Botd | Botd is a browser library for JavaScript bot detection | apikey | Yes | yes | alive |
| Bugcrowd | Bugcrowd API for interacting and tracking the reported issues programmatically | apikey | Yes | unknown | alive |
| Censys | Search engine for Internet connected host and devices | apikey | Yes | no | alive |
| Classify | Encrypting & decrypting text messages | none | Yes | yes | dead |
| Complete Criminal Checks | Provides data of offenders from all U.S. States and Pureto Rico | apikey | Yes | yes | alive |
| CRXcavator | Chrome extension risk scoring | apikey | Yes | unknown | dead |
| Dehash.lt | Hash decryption MD5, SHA1, SHA3, SHA256, SHA384, SHA512 | none | Yes | unknown | dead |
| EmailRep | Email address threat and risk prediction | none | Yes | unknown | alive |
| Escape | An API for escaping different kind of queries | none | Yes | no | alive |
| FingerprintJS Pro | Fraud detection API offering highly accurate browser fingerprinting | apikey | Yes | yes | alive |
| FraudLabs Pro | Screen order information using AI to detect frauds | apikey | Yes | unknown | alive |
| FullHunt | Searchable attack surface database of the entire internet | apikey | Yes | unknown | alive |
| GitGuardian | Scan files for secrets (API Keys, database credentials) | apikey | Yes | no | dead |
| GreyNoise | Query IPs in the GreyNoise dataset and retrieve a subset of the full IP context data | apikey | Yes | unknown | alive |
| HackerOne | The industry’s first hacker API that helps increase productivity towards creative bug bounty hunting | apikey | Yes | unknown | alive |
| Hashable | A REST API to access high level cryptographic functions and methods | none | Yes | yes | dead |
| HaveIBeenPwned | Passwords which have previously been exposed in data breaches | apikey | Yes | unknown | alive |
| Intelligence X | Perform OSINT via Intelligence X | apikey | Yes | unknown | alive |
| LoginRadius | Managed User Authentication Service | apikey | Yes | yes | alive |
| Microsoft Security Response Center (MSRC) | Programmatic interfaces to engage with the Microsoft Security Response Center (MSRC) | none | Yes | unknown | alive |
| Mozilla http scanner | Mozilla observatory http scanner | none | Yes | unknown | alive |
| Mozilla tls scanner | Mozilla observatory tls scanner | none | Yes | unknown | alive |
| National Vulnerability Database | U.S. National Vulnerability Database | none | Yes | unknown | alive |
| Passwordinator | Generate random passwords of varying complexities | none | Yes | yes | alive |
| Privacy.com | Generate merchant-specific and one-time use credit card numbers that link back to your bank | apikey | Yes | unknown | alive |
| Pulsedive | Scan, search and collect threat intelligence data in real-time | apikey | Yes | unknown | alive |
| SecurityTrails | Domain and IP related information such as current and historical WHOIS and DNS records | apikey | Yes | unknown | alive |
| Shodan | Search engine for Internet connected devices | apikey | Yes | unknown | alive |
| Spyse | Access data on all Internet assets and build powerful attack surface management applications | apikey | Yes | unknown | alive |
| Threat Jammer | Risk scoring service from curated threat intelligence data | apikey | Yes | unknown | dead |
| UK Police | UK Police data | none | Yes | unknown | alive |
| Virushee | Virushee file/data scanning | none | Yes | yes | dead |
| VulDB | VulDB API allows to initiate queries for one or more items along with transactional bots | apikey | Yes | unknown | alive |
12 of these APIs require no authentication — you can start making requests immediately without signing up for an account. Just pick one from the table above, check its documentation, and send your first request.
23 APIs in this category require a free API key. This usually means creating a free account on the provider's website and copying your key from the dashboard. The process typically takes less than a minute.
Not sure where to start? Look for APIs marked as "alive" in the status column — these were recently verified as working. For browser-based projects, check that the API supports CORS.
Yes, all APIs listed on API Bouncer have a free tier. Some are completely open (no sign-up needed), while others require a free account to get an API key. Free tiers typically have rate limits — check each API's documentation for specifics.
It depends on your needs. Consider: Do you need authentication or prefer no-auth? Does your project need CORS support for browser access? How many requests will you make? Start with a no-auth API to prototype quickly, then switch to a more feature-rich option if needed.
We run periodic health checks on all listed APIs. The "Status" column shows whether each API was responding at our last check. APIs marked as "alive" were recently verified. You can also test any API yourself using curl or our guides on testing APIs.
Most free APIs allow commercial use, but terms vary by provider. Always check the specific API's terms of service. Some APIs have separate free and commercial tiers with different rate limits.
Buy me a coffee