WMCoder
v1/REST API

API Documentation

Integrate WMCoder tools into your applications with our public REST API. No authentication required.

Base URLhttps://api.wmcoder.com

Authentication

The WMCoder API is open and does not require authentication. You can start making requests immediately without an API key.

Some browser-facing endpoints use reCAPTCHA verification. When calling the API programmatically, reCAPTCHA is not required — but you must respect the rate limits below.

Rate Limits

To ensure fair access, the following limits apply per IP address:

50requests / minute

When exceeded, the API returns HTTP 429 Too Many Requests with a Retry-After header indicating when you can retry.

Response Format

All tool execution endpoints return JSON in a standard envelope:

{
  "success": true,
  "status": "success",
  "message": "Operation completed successfully",
  "data": { ... }
}

On failure, success is false and message contains a human-readable error. data will be null.

Metadata endpoints (/api/* and /category/*) return the resource object directly without the envelope.

Tool Metadata

GET/api/all

Returns an array of all available tools with their metadata.

Response

[
  {
    "id": "dns-lookup",
    "name": "DNS Lookup",
    "slug": "dns-lookup",
    "description": "Look up DNS records for any domain",
    "icon": "Globe",
    "version": "1.0.0",
    "color": "blue",
    "category": {
      "id": "domain-dns-tools",
      "name": "Domain & DNS",
      "slug": "domain-dns-tools",
      "icon": "Globe",
      "color": "blue"
    }
  },
  ...
]
GET/api/{tool-slug}

Returns metadata for a single tool identified by its slug.

Response

{
  "id": "dns-lookup",
  "name": "DNS Lookup",
  "slug": "dns-lookup",
  "description": "Look up DNS records for any domain",
  "icon": "Globe",
  "version": "1.0.0",
  "color": "blue",
  "category": { ... }
}

Categories

GET/category/all

Returns all tool categories with their nested tools.

Response

[
  {
    "id": "domain-dns-tools",
    "name": "Domain & DNS",
    "slug": "domain-dns-tools",
    "description": "DNS lookups, WHOIS, SSL checks...",
    "icon": "Globe",
    "color": "blue",
    "apis": [ ... ]
  },
  ...
]
GET/category/{category-slug}

Returns a single category with its nested tools.

Response

{
  "id": "domain-dns-tools",
  "name": "Domain & DNS",
  "slug": "domain-dns-tools",
  "description": "DNS lookups, WHOIS, SSL checks...",
  "icon": "Globe",
  "color": "blue",
  "apis": [
    { "id": "dns-lookup", "name": "DNS Lookup", ... },
    { "id": "domain-whois", "name": "Domain WHOIS", ... }
  ]
}

Tool Execution

Execute tools by sending a POST request with a JSON body. All responses follow the standard envelope format described above.

Domain Tools

POST/domain/dns-lookup

Look up DNS records (A, AAAA, MX, TXT, CNAME, NS) for a domain.

Request Body

{
  "domain": "example.com"
}

Response

{
  "success": true,
  "status": "success",
  "message": "DNS lookup completed",
  "data": {
    "A": ["93.184.216.34"],
    "AAAA": ["2606:2800:220:1:248:1893:25c8:1946"],
    "MX": [{ "priority": 10, "exchange": "mail.example.com" }],
    ...
  }
}
POST/domain/domain-whois

Retrieve WHOIS registration data for a domain.

Request Body

{
  "domain": "example.com"
}
POST/domain/ssl-certificate

Validate and inspect the SSL/TLS certificate for a domain.

Request Body

{
  "domain": "example.com"
}

Server & Network Tools

POST/server/ip-whois

Get WHOIS information for an IP address.

Request Body

{
  "ip": "8.8.8.8"
}
POST/server/ip-blacklist

Check whether an IP address appears on known blacklists.

Request Body

{
  "ip": "8.8.8.8"
}
POST/server/email-validator

Validate an email address (syntax, MX records, mailbox check).

Request Body

{
  "email": "[email protected]"
}
POST/server/security-headers

Analyze HTTP security headers for a URL.

Request Body

{
  "url": "https://example.com"
}
POST/server/tls-checker

Check TLS configuration and supported protocols for a host.

Request Body

{
  "domain": "example.com"
}
POST/server/sitemap-generator

Crawl a website and generate an XML sitemap.

Request Body

{
  "url": "https://example.com"
}

Image Tools

POST/image/qr-generator

Generate a QR code image from text or a URL.

Request Body

{
  "text": "https://wmcoder.com",
  "size": 300
}
POST/image/image-resizer

Resize an image to specified dimensions. Send as multipart/form-data.

Request Body

Content-Type: multipart/form-data

file: <image file>
width: 800
height: 600

SSL Tools

POST/ssl/csr-generator

Generate a Certificate Signing Request (CSR) and private key.

Request Body

{
  "commonName": "example.com",
  "organization": "Example Inc",
  "country": "US"
}

Error Codes

StatusMeaning
200OK
400Bad Request
404Not Found
429Too Many Requests
500Server Error

Fair Usage Policy

WMCoder provides free API access for developers, students, and small teams. To keep the service running for everyone:

Acceptable Use

  • +Integrating tools into your own applications or workflows.
  • +Running periodic checks (e.g. DNS monitoring, SSL expiry alerts).
  • +Building internal dashboards or CI/CD pipeline steps.
  • +Educational projects, research, and personal experiments.

Prohibited

  • -Automated scraping or bulk data harvesting beyond rate limits.
  • -Reselling API responses or repackaging the service commercially.
  • -Generating abusive traffic, DDoS, or intentional disruption.
  • -Circumventing rate limits with rotating IPs.
  • -Using the API for any activity that violates applicable laws.

Enforcement

Requests exceeding rate limits receive HTTP 429 responses. Persistent abuse may result in temporary or permanent IP bans. For higher-volume needs, contact us at [email protected].

This documentation is kept up to date as new endpoints are added. Looking for AI integration? Connect via MCP to use these tools from Claude, Cursor, and other AI assistants. Follow the changelog for updates. For new tool requests, API usage questions, or general feedback, reach out at [email protected].