M
API Matrix

Shodan API

Security / API Key Intermediate HTTPS
Varies by plan (check documentation)
77 Score
Grade B
Visit Official Site Compare Alternatives

Overview

Shodan is a search engine that continuously scans the internet and indexes metadata about connected devices like servers, routers, webcams, and industrial systems. You can search for devices by IP, location, open ports, or software banners without actively scanning yourself. It's a powerful tool for security researchers and network administrators to discover exposed assets.

💡

Beginner Tip

Use the /shodan/host/{ip} endpoint to look up a specific IP address — it returns all open ports, banners, and vulnerabilities Shodan has observed, with no active scanning required on your part.

Available Data

Shodan data via REST API
JSON-formatted response data
Requires API key authentication

Example Response

JSON Response 
{
  "status": "success",
  "data": {
    "result": "Data from Shodan",
    "description": "Search engine for Internet connected devices",
    "timestamp": "2025-01-15T10:00:00Z"
  }
}

Field Reference

ip_str The queried IP address in dotted notation.
ports List of open TCP/UDP ports discovered on this host.
country_name Country where this IP is geographically located.
org Organization or ISP that owns this IP address.
vulns CVE identifiers for known vulnerabilities detected on this host.
data Array of service banners for each open port, including protocol, product, and version details.

Implementation Example 

const url = "https://developer.shodan.io/";
// Replace headers or query params with the values required by this API.
const response = await fetch(url, {
  headers: {
  "X-API-Key": "YOUR_API_KEY"
  }
});
if (!response.ok) throw new Error(`Request failed: ${response.status}`);
const data = await response.json();
console.log(data);

What Can You Build?

Note: These code examples are AI-generated and unverified. Always refer to the official API documentation for accurate usage.

Common Errors & Troubleshooting

401 Unauthorized The API key is missing from the request.
Add your API key as a query parameter: ?key=YOUR_API_KEY on every Shodan endpoint.
No information available for that IP Shodan may not have scanned this IP recently or it may be a private/reserved address.
Use /shodan/host/search with a query string to find IPs that Shodan does have data on, e.g., query=apache.
403 Forbidden on search endpoints Search features require a paid Shodan membership; the free tier only allows host lookups.
Use the /shodan/host/{ip} endpoint which is available on free accounts, or upgrade to a paid plan for full search access.

Matrix Score Breakdown

🌐 Reachability 30/30
⚡ Speed 10/20
🔒 Security 15/15
🛠 Developer XP 12/20
✓ Reliability 10/15

Partially tested on Apr 5, 2026

Technical Specifications

Auth API Key
HTTPS REQUIRED
CORS UNKNOWN
Category Security
Difficulty Intermediate
Verified: 2026-04-04

Similar APIs

View All →

Application Environment Verification

82

Application Environment Verification (AEV) is an Android library and API from FingerprintJS that checks whether a user device is safe to use.

API Key Intermediate HTTPS

BinaryEdge

82

BinaryEdge is a cybersecurity platform that continuously scans the entire internet and exposes the results through its API.

API Key Intermediate HTTPS

Botd

82

Botd is an open-source JavaScript library and API from FingerprintJS that detects whether a web visitor is a bot or a real human browser.

API Key Intermediate HTTPS

Bugcrowd

72

The Bugcrowd API gives you programmatic access to your organization's bug bounty program data, including submissions, rewards, and researcher profiles.

API Key Intermediate HTTPS

Censys

44

Censys is an internet-wide scanning platform that lets you search for any internet-connected host, device, or certificate using its REST API.

API Key Intermediate HTTPS