Everyone knows about the GitHub API and Google Maps API.
But these 9 APIs fly under the radar — and they're incredibly useful.
1. Open-Meteo — Weather Without API Key
Most weather APIs require registration. Open-Meteo doesn't.
import requests
# Get weather for any city — no key, no registration
resp = requests.get('https://api.open-meteo.com/v1/forecast', params={
'latitude': 51.5, 'longitude': -0.1, # London
'current': 'temperature_2m,wind_speed_10m',
'daily': 'temperature_2m_max,temperature_2m_min',
'timezone': 'auto'
})
data = resp.json()
print(f"London: {data['current']['temperature_2m']}°C")
16-day forecast + historical data. Free forever.
2. Shodan InternetDB — IP Intelligence Without Key
Shodan's premium API costs $59/month. But InternetDB is free.
def scan_ip(ip):
data = requests.get(f'https://internetdb.shodan.io/{ip}').json()
print(f"Open ports: {data.get('ports', [])}")
print(f"Known CVEs: {data.get('vulns', [])}")
print(f"Hostnames: {data.get('hostnames', [])}")
scan_ip('8.8.8.8')
Ports, vulnerabilities, hostnames — one API call.
3. crt.sh — SSL Certificate Search
Find EVERY certificate ever issued for a domain.
def find_certs(domain):
resp = requests.get(f'https://crt.sh/?q=%25.{domain}&output=json')
certs = resp.json()
subdomains = set()
for cert in certs:
name = cert.get('name_value', '')
for sub in name.split('\n'):
subdomains.add(sub)
return sorted(subdomains)
# Find all subdomains of any company
subs = find_certs('example.com')
print(f"Found {len(subs)} subdomains")
Used by security researchers for subdomain enumeration.
4. Wayback Machine API — Website Time Travel
def check_archive(url):
resp = requests.get(f'http://archive.org/wayback/available?url={url}')
snapshot = resp.json().get('archived_snapshots', {}).get('closest', {})
if snapshot:
print(f"Archived: {snapshot['url']}")
print(f"Date: {snapshot['timestamp']}")
check_archive('google.com') # See Google's earliest snapshot
5. OpenAlex — 250M Academic Papers
Google Scholar has no API. OpenAlex does.
resp = requests.get('https://api.openalex.org/works', params={
'search': 'machine learning healthcare',
'per_page': 3,
'sort': 'cited_by_count:desc'
})
for w in resp.json()['results']:
print(f"{w['title'][:60]} — {w['cited_by_count']} citations")
No key needed. Our toolkit
6. Unpaywall — Legal Free PDFs
def find_pdf(doi):
resp = requests.get(f'https://api.unpaywall.org/v2/{doi}',
params={'email': 'you@email.com'})
data = resp.json()
if data.get('is_oa'):
return data['best_oa_location']['url_for_pdf']
return None
pdf = find_pdf('10.1038/s41586-021-03819-2')
print(f"Free PDF: {pdf}")
7. ip-api.com — IP Geolocation (Completely Free)
def geolocate(ip):
data = requests.get(f'http://ip-api.com/json/{ip}').json()
print(f"{ip}: {data['city']}, {data['country']} | ISP: {data['isp']}")
geolocate('8.8.8.8') # Google DNS → Ashburn, Virginia
45 requests/min, no key. Our toolkit
8. ThreatFox — IOC Database
Free indicators of compromise from abuse.ch.
def search_ioc(value):
resp = requests.post('https://threatfox-api.abuse.ch/api/v1/',
json={'query': 'search_ioc', 'search_term': value})
data = resp.json()
hits = data.get('data', [])
print(f"Found {len(hits)} IOCs for {value}")
search_ioc('evil-domain.com')
9. ClinicalTrials.gov — 500K+ Medical Trials
def find_trials(query):
resp = requests.get('https://clinicaltrials.gov/api/v2/studies', params={
'query.term': query, 'pageSize': 3, 'format': 'json'
})
for s in resp.json().get('studies', []):
title = s['protocolSection']['identificationModule']['briefTitle']
status = s['protocolSection']['statusModule']['overallStatus']
print(f"[{status}] {title[:60]}")
find_trials('cancer immunotherapy')
All My Toolkits
I built Python toolkits for all of these: awesome-free-research-apis
Which of these surprised you? Share an API I missed — I'll build a toolkit for it.
More tools: 77 scrapers on Apify | GitHub
Top comments (0)