API & developer tools

Threat intelligence you can ship tonight.

One REST surface for lookups, bulk jobs, streaming enrichment, and enterprise workflows — documented, versioned, and ready for your SIEM, SOAR, or product backend.

RESTServer-Sent EventsOpenAPI 3TAXII 2.1
Get free API keyBrowse full docsopenapi.json
GET api.ismalicious.com/check
200 OK~48ms
{
  "query": "example.com",
  "reputation": "suspicious",
  "score": 0.87
}

Illustrative response — fields vary by plan and target type.

Integration

First request in three lines

Base64-encode apiKey:apiSecret as X-API-KEY. Same pattern in every SDK.

# X-API-KEY = base64(apiKey:apiSecret)
curl -G "https://api.ismalicious.com/check" \
  --data-urlencode "query=example.com" \
  --data-urlencode "enrichment=standard" \
  -H "X-API-KEY: $(echo -n 'YOUR_API_KEY:YOUR_API_SECRET' | base64)"

Everything in one surface

Deep dives per topic — or jump straight into the canonical reference.

Full API reference

Routes, auth modes, public vs dashboard endpoints, TAXII, bulk, streaming — kept in sync with api.ismalicious.com.

Live docs

OpenAPI spec

Import into Postman, Insomnia, or codegen pipelines.

api.ismalicious.com

Single Lookup API

Real-time entity checking and risk scoring with instant results.

Read guide

Bulk Lookup API

High-throughput batch processing for checking thousands of entities.

Read guide

Streaming API

SSE progressive checks: /check/stream?query= on api.ismalicious.com.

Read guide

Webhooks

Event-driven notifications for alerts and monitoring changes.

Read guide

SDKs & Libraries

Official SDKs for Python, Node.js, Go, and Rust.

Read guideNew

API Playground

Interactive testing environment to try the API without code.

Read guide

Rate Limits

Understanding rate limits and optimizing API usage.

Read guide

Authentication

API key management and authentication methods.

Read guide

Changelog

Latest API updates, features, and deprecations.

Read guide
Uptime SLA
99.9%
Production edge
Avg latency
<100ms
Global PoPs
Developers
10K+
On the platform
API calls / mo
1B+
Served at scale

What is the isMalicious API?

Programmatic access to our threat intelligence graph: real-time domain, IP, URL, and hash reputation with enrichment designed for security workflows — not a generic WHOIS wrapper.

Getting started

Free tier includes 1,000 requests per month. Create an account, issue keys from the dashboard, and use official SDKs or curl. The playground and OpenAPI spec help you explore without guesswork.

Built for reliability

Infrastructure aimed at mission-critical use cases: high availability targets, low-latency responses, and clear rate-limit semantics so you can scale integrations confidently.

Docs & support

Endpoints are documented with examples and field explanations. Paid plans include prioritized support channels; status and incidents are communicated on our public status page.

From the blog

Patterns for integrating threat intel at scale

API Integration for Threat Intelligence
Engineering

API integration for threat intelligence

Automate enrichment without bolting on five different vendor SDKs.

Building a Modern SOC with Threat Intelligence
SOC

Building a modern SOC with threat intelligence

How API-first intel keeps detection and response aligned.

Ready when your pipeline is

1,000 free requests per month. No card required — upgrade when you outgrow the sandbox.

Create account