admins
tiReadOnly scoped calls Operations available to registered TI development partners and customers
developers
tiReadOnly-scoped calls operations available to registered TI development partners and customers
default
POST /token Fetches a time-based authorization bearer token to be used for subsequent API queries
Parameters
Name |
Description |
client_id *Required string (query) |
Email address associated with the TI API account |
client_secret *Required string (query) |
Client API secret string (UUID v4 format) |
grant_type *Required string (query) |
TI API authorization grant type, default is 'client_credentials' |
Responses
Code |
Description |
200 |
Returns a JSON object that includes the Authorization Bearer Token, corresponding API scope, and expiration timer, this endpoint returns HTTP/200 when IOC(s) are identified |
404 |
When no matching API account is found, this endpoint returns HTTP/404 and a corresponding JSON status message |
500 |
When an internal error, or with invalid/malformed input, this endpoint returns HTTP/500 and a corresponding JSON status message |
POST /ti/v1/tiUnstructured Identifies Indicators of Compromise (IOCs) within unstructured text.
Parameters
Name |
Description |
INPUT *Required string (header) |
Unstructured string up to 256KB that's being submitted for analysis |
Authorization*Required string (header) |
Authorization Bearer Token that was previously fetched during initial time-based authentication |
Responses
Code |
Description |
200 |
Along with supporting information (JSON array), this endpoint returns HTTP/200 when IOC(s) are identified |
404 |
When no IOCs were identified, this endpoint returns HTTP/404 and a corresponding JSON status message |
500 |
When an internal error, or with invalid/malformed input, this endpoint returns HTTP/500 and a corresponding JSON status message |
GET/ti/v1/ip/{id} Determines whether the given IP address has been associated with malicious, or suspicious activity in the past 30-days
Parameters
Name |
Description |
id *Required string (path) |
IPV4 or IPV6 address being submitted for analysis |
Authorization *Required string (header) |
Authorization Bearer Token that was previously fetched during initial time-based authentication |
Responses
Name |
Description |
200 |
Along with supporting information (JSON array), this endpoint returns HTTP/200 when IOC(s) are identified |
404 |
When no IOCs were identified, this endpoint returns HTTP/404 and a corresponding JSON status message |
500 |
When an internal error, or with invalid/malformed input, this endpoint returns HTTP/500 and a corresponding JSON status message |
GET/ti/v1/ip/geo/{id} Returns GeoIP information for the given IP address
Parameters
Name |
Description |
id *Required string (path) |
IPV4 or IPV6 address being submitted for analysis |
Authorization *Required string (header) |
Authorization Bearer Token that was previously fetched during initial time-based authentication |
Responses
Name |
Description |
200 |
Along with supporting information (JSON array), this endpoint returns HTTP/200 when IOC(s) are identified |
404 |
When no IOCs were identified, this endpoint returns HTTP/404 and a corresponding JSON status message |
500 |
When an internal error, or with invalid/malformed input, this endpoint returns HTTP/500 and a corresponding JSON status message |