docs
Partner Sharing
Threat Intel

Partner Sharing API (Threat Intel)

📢

Future of PhishFort Services

As of May 1, 2025, the Partner Sharing API will be our exclusive offering as we phase out all public lists. This API provides enhanced threat intelligence and more comprehensive protection than our public offerings.

To request access, please email us at partner-sharing-requests@phishfort.com with your organization details and use case.

This API is designed to provide selected partners with seamless access to comprehensive and up-to-date details regarding incidents that are currently in our blocklist. Whether you are a business, organization, or service provider, this API should deliver valuable incident-related information to enhance decision-making and response strategies.

⚠️

Note: Please ensure to send the x-api-key, x-client-id and x-client-version headers in all programmatic requests to the API.

Authentication

This API is only accessible to PhishFort partners with a valid API key provided by PhishFort. To access the API, the x-api-key header must be sent with all requests.

⚠️

How to Request Access

To become a PhishFort partner and receive your API key, please contact us at partner-sharing-requests@phishfort.com with the following information:

  1. Your organization name and website
  2. Primary contact details (name, email, phone)
  3. Brief description of your use case
  4. Estimated query volume

Our team will review your request and respond within 5 business days.

Incidents

GET https://partner.phishfort.com/v1/partner/incidents/1 (opens in a new tab)

Returns Incident objects for the previous month months period in JSONL format. Currently the supported months are 1, 3 and 12.

export interface Incident {
    subject?: string;
    incidentType: string; // Type of incident as determined by PhishFort.
    incidentClass?: string; // Class of incident as determined by PhishFort.
    burnStartedTimestamp?: Date; // The time when the takedown was initiated.
    timestamp: Date; // The time when the incident was created.
    tags?: string[]; // The tags related to the incident as determined by PhishFort.
}

incidentType can have the following values:

  • domain
  • app:thirdparty
  • app:playstore
  • app:appstore
  • social
  • browser:extension
  • phone
  • email
  • darkweb
  • ipv4

incidentClass can have the following values:

  • phishing
  • brandabuse
  • malware
  • infringement
  • scam
  • other
Data Collection Policy