API
Note: If you're a PhishFort partner, please ensure to send the x-client-id and x-client-version headers in all
programmatic requests to the API. This allows us to deliver the best possible performance and reduces the likelihood
of spam protection / rate limiting on your requests.
List
GET https://lookup.phishfort.com/api/list (opens in a new tab)
Returns the full PhishFortDomainLists object:
export interface PhishFortDomainListsPure {
blacklist: string[];
whitelist: string[];
}Where the fields:
blacklist: contains the full PhishFort Blocklistwhitelist: contains the PhishFort safe list
Lookup
GET https://lookup.phishfort.com/api/lookup?domain=google.com (opens in a new tab)
Returns the SiteStatus object for the given domain parameter:
export interface SiteStatus {
dangerous: boolean; // the site is present in the blocklist ie. DANGEROUS
warning: boolean; // the site is similar to an entry in the blocklist ie. proceed with caution (beta)
safe: boolean; // the site is explicitly marked as safe in the whitelist ie. it is safe to browse
hostname?: string;
hash?: string;
}Lookup by hash
Returns the SiteStatus object for the given hash parameter:
If the collection of user data is of concern, and the architecture of your implementation necessitates using lookups exclusively as opposed to the preferred method. The lookup endpoint also supports querying SHA-1 (opens in a new tab) hashes of the domain.
Warning: when hashing the domain you want to look up, you need to first extract the hostname otherwise the lookup
will not work. For example, hashing https://google.com will NOT produce the same result as hashing google.com.
You should only be hashing the hostname ie. google.com not the full URL.
Lookup by url
GET https://lookup.phishfort.com/api/lookup?url=https://google.com (opens in a new tab)
Returns the SiteStatus object for the given url parameter:
It is also possible to query the domain by full url, please note that on our backend this is functionally identical to using the domain.