API Keys
The API Keys category configures third-party service integrations used for OSINT (Open Source Intelligence) and data enrichment. These API keys enable Hawkra to pull in external threat intelligence, vulnerability data, breach information, and search results to enhance your security assessments.
All API keys in this category are stored encrypted in the database and appear masked on the settings page. Click Change to enter or update a key.
All API keys are optional. Features that depend on a specific key will display a message indicating the key is not configured when you attempt to use them. You can add keys at any time — no restart is required.
Settings Reference
Shodan API Key
| Key | shodan_api_key |
| Type | String |
| Default | Empty |
| Encrypted | Yes |
What it does: Shodan is an internet device search engine that indexes information about internet-connected devices, including open ports, services, banners, SSL certificates, and known vulnerabilities. Hawkra uses the Shodan API for host reconnaissance and network intelligence enrichment.
How to get a key:
- Go to shodan.io and create an account (free accounts are available).
- After logging in, navigate to My Account from the top-right menu.
- Your API key is displayed on the account page. Copy it.
- Paste it into the Shodan API Key field in the Hawkra admin dashboard.
Free tier: 100 queries per month. Paid plans are available for higher volume at account.shodan.io/billing.
HIBP API Key
| Key | hibp_api_key |
| Type | String |
| Default | Empty |
| Encrypted | Yes |
What it does: Have I Been Pwned (HIBP) is a breach notification service that aggregates data from publicly disclosed breaches. Hawkra uses the HIBP API to check email addresses against known data breaches, helping you assess credential exposure risk for users and targets.
How to get a key:
- Go to haveibeenpwned.com/API/Key.
- Purchase an API key. HIBP is a paid service — pricing is based on a monthly subscription.
- After purchasing, your API key is emailed to you and accessible from your HIBP account.
- Paste it into the HIBP API Key field in the Hawkra admin dashboard.
Pricing: HIBP API access requires a paid subscription. See haveibeenpwned.com/API/Key for current pricing.
GeoIP API Key
| Key | geoip_api_key |
| Type | String |
| Default | Empty |
| Encrypted | Yes |
What it does: GeoIP services map IP addresses to geographic locations (country, region, city, coordinates). Hawkra uses this for geographic intelligence, allowing you to visualize where your assets and threats are located geographically.
How to get a key:
Sign up with your preferred GeoIP provider and obtain an API key. Common providers include:
| Provider | Free Tier | URL |
|---|---|---|
| ipinfo.io | 50,000 requests/month | ipinfo.io |
| ipgeolocation.io | 1,000 requests/day | ipgeolocation.io |
| ip-api.com | 45 requests/minute (no key needed for free tier) | ip-api.com |
Paste your chosen provider's API key into the GeoIP API Key field.
NVD API Key
| Key | nvd_api_key |
| Type | String |
| Default | Empty |
| Encrypted | Yes |
What it does: The National Vulnerability Database (NVD) is the U.S. government repository of standards-based vulnerability data. Hawkra queries the NVD API to enrich vulnerability records with CVSS scores, references, and detailed descriptions. Without an API key, the NVD imposes a rate limit of 5 requests per 30-second window. With an API key, this increases to 50 requests per 30-second window.
How to get a key:
- Go to nvd.nist.gov/developers/request-an-api-key.
- Fill out the request form with your name and email.
- A confirmation email is sent with your API key.
- Paste it into the NVD API Key field.
Free tier: The NVD API is free to use. The API key simply increases your rate limit.
Brave Search API Key
| Key | brave_search_api_key |
| Type | String |
| Default | Empty |
| Encrypted | Yes |
What it does: The Brave Search API provides web search results used for threat intelligence enrichment and cyber security news aggregation. Hawkra uses it to pull in relevant news articles and contextual search results related to vulnerabilities and threats.
How to get a key:
- Go to brave.com/search/api/.
- Click Get Started and create an account.
- Navigate to your dashboard and generate an API key.
- Copy the API key.
- Paste it into the Brave Search API Key field in the Hawkra admin dashboard.
Free tier: 2,000 queries per month at no cost. Paid plans are available for higher volume.
Configuration via Environment Variables
| Setting | Environment Variable |
|---|---|
| Shodan API Key | SHODAN_API_KEY |
| HIBP API Key | HIBP_API_KEY |
| GeoIP API Key | GEOIP_API_KEY |
| NVD API Key | NVD_API_KEY |
| Brave Search API Key | BRAVE_SEARCH_API_KEY |
If you are operating in an air-gapped environment without internet access, you can skip all API keys in this section. Hawkra will function without them — the features that depend on external APIs will simply be unavailable. All core vulnerability management, asset tracking, and collaboration features work entirely offline.