API Access

Programmatic Threat Intelligence

Use the SOC365 API to look up IPs, domains, or hashes directly from your workflows. Authenticate with your API key and receive structured JSON responses.

Free keys are limited to one lookup every 10 seconds. Paid keys have no rate limiting.

Get access

Create your API key

  1. Click Access Portal in the top navigation.
  2. Provide your contact details to create a free trial account.
  3. Generate your personal API key from the portal.
Access Portal

Authentication

Send your key securely

Include the key in every request using one of the supported headers:

  • X-API-Key: <your-key>
  • Authorization: Bearer <your-key>

You can also pass it as a query parameter ?api_key=<your-key>, though headers are recommended.

Endpoints

Indicator lookup

Use the lookup endpoint to retrieve intelligence on any indicator of compromise:

Free API keys are limited to one lookup every 10 seconds. Upgrade to a paid key for unlimited, unthrottled lookups.
GET https://<your-domain>/api.php?indicator=<value>
Header: X-API-Key: <your-key>

Example request:

curl -H "X-API-Key: $YOUR_KEY" \
  "https://<your-domain>/api.php?indicator=1.1.1.1"

The response includes the indicator, detected type, and a list of matched intelligence records:

{
  "indicator": "1.1.1.1",
  "detected_type": "ip",
  "result_count": 2,
  "results": [ ... ]
}

Swagger-style reference

Threat Intelligence API schema

GET /api.php

Retrieve structured intelligence for an indicator of compromise.

Query parameters

  • indicator (required) — IP, domain, or hash to lookup.
  • api_key (optional) — Only when not using headers.

Headers

  • X-API-Key — Recommended authentication header.
  • Authorization: Bearer <key> — Alternative auth header.

200 OK

Successful lookup. Contains matched intelligence records.

{
  "indicator": "example.com",
  "detected_type": "domain",
  "result_count": 1,
  "results": [
    {
      "threat_level": "high",
      "source": "internal",
      "description": "Known phishing host",
      "first_seen": "2024-11-05",
      "last_seen": "2024-12-01"
    }
  ]
}

Error responses

  • 400 Bad Request — Missing indicator or invalid request format.
  • 401 Unauthorized — API key absent, expired, or invalid.
  • 429 Too Many Requests — Free tier rate limit exceeded.
  • 500 Server Error — Unexpected processing failure.
{
  "error": "Lookup failed"
}

Security

  • Send API keys over HTTPS only.
  • Rotate keys regularly and revoke compromised credentials via the portal.
  • Free keys allow 1 request every 10 seconds; paid tiers are unthrottled.

Need more detail? Contact the SOC team for bespoke integration guidance.