Skip to main content
All endpoints (except /api/health and /api/docs) require a valid API key. Pass it via the Authorization: Bearer <api_key> header or X-API-Key: <api_key>. Your key is the api_key field in your account profile.

Welcome

The neur-a API is a standalone REST service (port 5001) providing multi-source intelligence search across breach databases, stealer logs, IP/phone/person lookups, and social platform profiles. Authentication is handled via Bearer tokens tied to your account plan. Usage is metered per request and enforced across monthly, daily, and hourly windows depending on your plan tier.

Base URL

http://your-server:5001

Authentication

All protected endpoints require a Bearer token from your account. 
"security": [
  {
    "bearerAuth": []
  }
]
Pass your API key using either header: 
Authorization: Bearer nra_4fbec9081f741ba3765c6174704ef26e6c74828782fa2a3e67b12b88cb2a12d0

Rate Limits & Plans

Standard endpoints are limited to 10 req/min per IP. The POST /api/deep-search endpoint is limited to 5 req/min per IP.
PlanMonthlyDailyHourlyStealerLogs/Day
free501050
pro3,0001003010
plus6,0002008010
enterprise99,9999,999999100
Check your current usage and limits at any time using GET /api/me. The response includes your current plan tier, expiry, and per-window usage counts.

Account Info

username
string
Your account username.
plan
string
Your current plan: free, pro, plus, or enterprise.
plan_expires
string
ISO 8601 timestamp of when your plan expires.
usage_total
integer
Total API calls made this month.
usage_daily
integer
API calls made today.
usage_hourly
integer
API calls made this hour.
daily_limit
integer
Maximum daily calls allowed by your plan.
hourly_limit
integer
Maximum hourly calls allowed by your plan.
monthly_limit
integer
Maximum monthly calls allowed by your plan.
stealerlogs_daily_limit
integer
Daily limit for StealerLogs-specific endpoints.
{
  "username": "test",
  "plan": "pro",
  "plan_expires": "2026-05-21T07:45:34.322717",
  "usage_total": 2,
  "usage_daily": 2,
  "usage_hourly": 2,
  "daily_limit": 100,
  "hourly_limit": 30,
  "monthly_limit": 3000,
  "stealerlogs_daily_limit": 10
}

Endpoint Overview

Search & Intelligence
  • POST /api/leak-search — Email breach lookup
  • POST /api/ip-search — IP intelligence
  • POST /api/phone-search — Phone lookup
  • POST /api/person-search — Name/person search
  • POST /api/deep-search — Recursive deep search
  • GET /api/deep-search/<job_id> — Poll deep search job
Social Platforms
  • POST /api/steam-search
  • POST /api/tiktok-search
  • POST /api/snapchat-search
  • POST /api/discord-search
  • POST /api/discord-to-roblox
  • POST /api/roblox-search
StealerLogs
  • POST /api/stealerlogs-search
  • GET /api/stealerlogs-file/<file_id>
  • POST /api/stealerlogs-victims-search
  • GET /api/stealerlogs-victims/<log_id>
  • GET /api/stealerlogs-victims/<log_id>/files/<file_id>
  • GET /api/stealerlogs-victims/<log_id>/archive
Utility
  • GET /api/health — Service status (no auth)
  • GET /api/docs — Auto-generated docs (no auth)
  • GET /api/me — Account stats and limits

Standard Response Format

Most search endpoints return a consistent envelope:
List
object
A map of source names to their data and metadata. Each key is a database/provider name.
NumOfDatabase
integer
Number of sources that returned results.
NumOfResults
integer
Total number of records returned across all sources.
price
string
Cost of the query (typically "0" for metered plans).
search time
string
Server-side query duration (e.g. "0s").
{
  "List": {
    "Deadeye Breach": {
      "Data": [
        { "Email": "someone@example.com", "Password": "hunter2" }
      ],
      "InfoLeak": "Deadeye universal breach results"
    }
  },
  "NumOfDatabase": 1,
  "NumOfResults": 1,
  "price": "0",
  "search time": "0s"
}