docs
Partner Sharing
Threat Intel

Partner Sharing API (Threat Intel)

This API is designed to provide selected partners with seamless access to comprehensive and up-to-date details regarding incidents that are currently in our blocklist. Whether you are a business, organization, or service provider, this API should deliver valuable incident-related information to enhance decision-making and response strategies.

⚠️

Note: Please ensure to send the x-api-key, x-client-id and x-client-version headers in all programmatic requests to the API.

Authentication

This API is only accessible to PhishFort partners with a valid API key provided by PhishFort. To access the API, the x-api-key header must be sent with all requests.

Incidents

GET https://partner.phishfort.com/v1/partner/incidents/1 (opens in a new tab)

Returns Incident objects for the previous month months period in JSONL format. Currently the supported months are 1, 3 and 12.

export interface Incident {
    subject?: string;
    incidentType: string; // Type of incident as determined by PhishFort.
    incidentClass?: string; // Class of incident as determined by PhishFort.
    burnStartedTimestamp?: Date; // The time when the takedown was initiated.
    timestamp: Date; // The time when the incident was created.
    tags?: string[]; // The tags related to the incident as determined by PhishFort.
}

incidentType can have the following values:

  • domain
  • app:thirdparty
  • app:playstore
  • app:appstore
  • social
  • browser:extension
  • phone
  • email
  • darkweb
  • ipv4

incidentClass can have the following values:

  • phishing
  • brandabuse
  • malware
  • infringement
  • scam
  • other