Current TLS state for a host, in one call.
Pass a domain or IP. Get back the active certificate, full chain, expiry dates, SANs, and connection diagnostics from a live TLS handshake.
Live TLS state, not just certificate metadata.
The SSL Lookup API performs a live TLS handshake against a target and returns the certificate, the full chain, validity dates, SANs, fingerprints, and connection diagnostics. Where Deepinfo's historical SSL corpus tells you what was observed, this API tells you what is being served right now.
Pass the target as a domain or IP. Optionally pass port to scope the handshake to a non-default port. The response includes parsed certificate fields, the original chain, connection status, and any parse errors.
Use this when you need ground-truth TLS state for compliance evidence, certificate-expiry checks, or impersonation-detection workflows that need to see the cert as the user sees it.
One endpoint, one required parameter.
Endpoint:
GET https://api.deepinfo.com/v1/lookup/ssl?target={target}Parameters:
Authentication is by API token in the request header. See docs.deepinfo.com for the full request reference.
See what the API returns.
Real response structure for the Current TLS state for a host, in one call endpoint. Field coverage may vary based on query parameters and data availability.
{
"target": "deepinfo.com",
"port": 443,
"check_date": "2026-05-02T08:30:11Z",
"connection_status": "ok",
"parsed": {
"subject": "CN=deepinfo.com",
"issuer": "CN=Let's Encrypt R3, O=Let's Encrypt, C=US",
"not_before": "2026-02-09T00:00:00Z",
"not_after": "2026-08-09T23:59:59Z",
"sans": ["deepinfo.com", "www.deepinfo.com"],
"fingerprint_sha256": "3a4b...e9",
"key_algorithm": "RSA",
"key_size": 2048
},
"certificate": "-----BEGIN CERTIFICATE-----
MIIFa...truncated
-----END CERTIFICATE-----",
"parse_errors": []
}Sample response shown. Real responses depend on query parameters, data availability, and API version. Talk to us for full schema documentation.
Workflows this API plugs into directly.
Attack Surface Management
Validate TLS posture across your asset inventory in real time.
Read the use caseCompliance and Audit Readiness
Generate point-in-time certificate evidence for audit cycles.
Read the use caseBrand Impersonation Protection
Capture the certificate the impersonator is currently serving for takedown evidence.
Read the use case“Live TLS state including the full chain, SAN list, and connection diagnostics returns in one shape we can drop into a SIEM enrichment rule. Replaced a hand-rolled OpenSSL wrapper that nobody wanted to maintain.”
Other lookup APIs.
Current Whois state for any domain, in one call.
The Whois Lookup API returns the registration record for a domain right now: registrar, dates, registrant, name servers, and status codes.
See API APICurrent IP allocation state, in one call.
Pass an IP address.
See API APICurrent DNS state for an FQDN, in one call.
Pass an FQDN and one or more record types.
See API APIFind every domain on an MX record.
Pass an MX record value.
See API APIFind every domain on a name server.
Pass a name server hostname.
See API APIFind every domain on an IP.
Pass an IP address or CIDR.
See API APICapture a target page as the user sees it.
Pass a URL.
See API APIDetect the technology stack of a target, in one call.
Pass a URL.
See API APILive web-page data for a target, in one call.
Pass a URL.
See API APIScan a target's open ports, in one call.
Pass a target.
See APIRun a sample call, or batch lookup your asset set.
We'll set up token access and answer schema questions on a call.