Documentation
ThreatBrief API Reference
Integrate 990,000+ cybersecurity intelligence articles, real-time IOCs, CVE data, and AI-generated briefings into your security stack.
Authentication
All API requests must include your API key in the X-API-Key request header. You can get a free key by signing up below.
How to get an API key
Sign up at /signup with your email and password. Your free API key is returned immediately. Store it securely — it won't be shown again. Use /account/keys/rotate to regenerate a key if compromised.
# Pass your API key in the X-API-Key header curl https://cyberbriefing.info/api/v1/search?q=ransomware \ -H "X-API-Key: tp_live_xxxxxxxxxxxx"
import requests headers = {"X-API-Key": "tp_live_xxxxxxxxxxxx"} r = requests.get( "https://cyberbriefing.info/api/v1/search", headers=headers, params={"q": "ransomware"}, ) print(r.json())
const res = await fetch( "https://cyberbriefing.info/api/v1/search?q=ransomware", { headers: { "X-API-Key": "tp_live_xxxxxxxxxxxx" } } ); const data = await res.json(); console.log(data);
Rate Limits
Rate limits are applied per API key, per minute. Exceeding limits returns 429 Too Many Requests. Limits reset on a rolling window.
Rate limit headers
Each response includes X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset (Unix timestamp) headers so you can implement backoff logic.
Errors
All errors return a JSON body with a detail field describing the problem.
Search
Full-text search across all threat intelligence — IOCs, threat actors, and CVEs — in a single query.
Returns ranked results from IOCs, threat actors, and CVEs matching your query. Results are sorted by relevance score.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| q | string | Required | Search query (min 2 chars) |
| limit | integer | Optional | Max results to return (1–100, default: 20) |
curl "https://cyberbriefing.info/api/v1/search?q=ransomware&limit=5" \ -H "X-API-Key: tp_live_xxxxxxxxxxxx"
import requests r = requests.get( "https://cyberbriefing.info/api/v1/search", headers={"X-API-Key": "tp_live_xxxxxxxxxxxx"}, params={"q": "ransomware", "limit": 5}, ) data = r.json() for result in data["results"]: print(result["title"], "-", result["entity_type"])
const res = await fetch( "https://cyberbriefing.info/api/v1/search?q=ransomware&limit=5", { headers: { "X-API-Key": "tp_live_xxxxxxxxxxxx" } } ); const { results } = await res.json(); results.forEach(r => console.log(r.title));
Example Response — 200 OK
{
"query": "ransomware",
"total": 3,
"results": [
{
"entity_type": "threat_actor",
"entity_id": "3f8a2d10-...",
"title": "LockBit",
"summary": "Prolific ransomware-as-a-service operation...",
"score": 1.0
},
{
"entity_type": "ioc",
"entity_id": "7c4b1e22-...",
"title": "[IP] 203.0.113.42",
"summary": "Known ransomware C2 endpoint",
"score": 0.5
}
]
}
Briefings
AI-generated daily threat intelligence briefings. Requires Pro or Enterprise tier.
Tier requirement
Briefings are available to Pro (10/day) and Enterprise (unlimited) subscribers. Free tier requests return 403 Forbidden.
Returns today's curated threat intelligence briefing, AI-generated from the latest data in our 20-year database.
curl https://cyberbriefing.info/api/v1/briefings \ -H "X-API-Key: tp_live_xxxxxxxxxxxx"
import requests r = requests.get( "https://cyberbriefing.info/api/v1/briefings", headers={"X-API-Key": "tp_live_xxxxxxxxxxxx"}, ) briefing = r.json() print(f"Briefing for {briefing['date']}: {len(briefing['items'])} items")
const res = await fetch( "https://cyberbriefing.info/api/v1/briefings", { headers: { "X-API-Key": "tp_live_xxxxxxxxxxxx" } } ); const { date, items } = await res.json(); console.log(`Briefing for ${date}:`, items);
Example Response — 200 OK
{
"date": "2026-03-30",
"items": [
{
"title": "LockBit 3.0 targets EU financial sector",
"summary": "Three major banks hit in coordinated campaign...",
"severity": "critical",
"published_at": "2026-03-30T08:00:00Z"
}
],
"tier_note": "You are on the pro tier."
}
{ "detail": "This feature requires pro or enterprise tier." }
Returns a list of available topic categories for scoped briefings (e.g. ransomware, APT, zero-day). Requires Pro or Enterprise.
curl https://cyberbriefing.info/api/v1/briefings/topics \ -H "X-API-Key: tp_live_xxxxxxxxxxxx"
import requests r = requests.get( "https://cyberbriefing.info/api/v1/briefings/topics", headers={"X-API-Key": "tp_live_xxxxxxxxxxxx"}, ) print(r.json())
IOCs
Query indicators of compromise — IPs, domains, file hashes, URLs, and email addresses — with full context and severity.
Returns a paginated list of active IOCs. Filter by type, severity, or keyword.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| q | string | Optional | Keyword filter on value or description |
| type | string | Optional | IOC type: ip, domain, hash, url, email |
| severity | string | Optional | critical, high, medium, low |
| is_active | boolean | Optional | Filter by active status (default: true) |
| limit | integer | Optional | Page size (1–1000, default: 50) |
| offset | integer | Optional | Pagination offset (default: 0) |
# List critical IP IOCs curl "https://cyberbriefing.info/api/v1/iocs?type=ip&severity=critical&limit=10" \ -H "X-API-Key: tp_live_xxxxxxxxxxxx"
import requests r = requests.get( "https://cyberbriefing.info/api/v1/iocs", headers={"X-API-Key": "tp_live_xxxxxxxxxxxx"}, params={"type": "ip", "severity": "critical", "limit": 10}, ) for ioc in r.json(): print(ioc["value"], "-", ioc["severity"])
const res = await fetch( "https://cyberbriefing.info/api/v1/iocs?type=ip&severity=critical", { headers: { "X-API-Key": "tp_live_xxxxxxxxxxxx" } } ); const iocs = await res.json(); iocs.forEach(i => console.log(i.value, i.severity));
Example Response — 200 OK
[
{
"id": "7c4b1e22-4d3a-4e5f-8b1c-2d3e4f5a6b7c",
"type": "ip",
"value": "203.0.113.42",
"severity": "critical",
"description": "LockBit 3.0 C2 server",
"is_active": true,
"first_seen": "2026-01-15T00:00:00Z",
"last_seen": "2026-03-29T00:00:00Z"
}
]
Check if a specific IP, domain, hash, URL, or email is in our IOC database.
# Check if an IP is malicious curl https://cyberbriefing.info/api/v1/iocs/lookup/203.0.113.42 \ -H "X-API-Key: tp_live_xxxxxxxxxxxx"
import requests ip = "203.0.113.42" r = requests.get( f"https://cyberbriefing.info/api/v1/iocs/lookup/{ip}", headers={"X-API-Key": "tp_live_xxxxxxxxxxxx"}, ) if r.json(): print("MALICIOUS — found in IOC database") else: print("Clean — not in IOC database")
Threats
Threat actor profiles — APT groups, ransomware gangs, nation-state actors — with TTPs, attribution, and campaign history.
curl "https://cyberbriefing.info/api/v1/threats?q=APT28&limit=5" \ -H "X-API-Key: tp_live_xxxxxxxxxxxx"
import requests r = requests.get( "https://cyberbriefing.info/api/v1/threats", headers={"X-API-Key": "tp_live_xxxxxxxxxxxx"}, params={"q": "APT28"}, ) print(r.json())
const res = await fetch( "https://cyberbriefing.info/api/v1/threats?q=APT28", { headers: { "X-API-Key": "tp_live_xxxxxxxxxxxx" } } ); console.log(await res.json());
Example Response — 200 OK
[
{
"id": "9a8b7c6d-...",
"name": "APT28",
"aliases": ["Fancy Bear", "Sofacy"],
"origin_country": "RU",
"motivation": "espionage",
"description": "Russian GRU-linked APT group...",
"first_observed": "2007-01-01",
"is_active": true
}
]
CVEs
Full CVE database enriched with CVSS scores, exploit availability, vendor advisories, and affected product mapping.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| q | string | Optional | CVE ID or keyword (e.g. CVE-2024-1234) |
| severity | string | Optional | critical, high, medium, low |
| has_exploit | boolean | Optional | Filter to CVEs with known public exploits |
| limit | integer | Optional | Max results (default: 50) |
# Find critical CVEs with public exploits curl "https://cyberbriefing.info/api/v1/cves?severity=critical&has_exploit=true" \ -H "X-API-Key: tp_live_xxxxxxxxxxxx"
import requests r = requests.get( "https://cyberbriefing.info/api/v1/cves", headers={"X-API-Key": "tp_live_xxxxxxxxxxxx"}, params={"severity": "critical", "has_exploit": True}, ) for cve in r.json(): print(cve["cve_id"], cve["cvss_score"])
const res = await fetch( "https://cyberbriefing.info/api/v1/cves?severity=critical&has_exploit=true", { headers: { "X-API-Key": "tp_live_xxxxxxxxxxxx" } } ); const cves = await res.json(); cves.forEach(c => console.log(c.cve_id, c.cvss_score));
Example Response — 200 OK
[
{
"id": "5e3f1a2b-...",
"cve_id": "CVE-2024-1234",
"description": "Remote code execution in Acme Corp widget",
"cvss_score": 9.8,
"severity": "critical",
"has_exploit": true,
"published_at": "2024-03-01"
}
]
curl https://cyberbriefing.info/api/v1/cves/CVE-2024-1234 \ -H "X-API-Key: tp_live_xxxxxxxxxxxx"
import requests r = requests.get( "https://cyberbriefing.info/api/v1/cves/CVE-2024-1234", headers={"X-API-Key": "tp_live_xxxxxxxxxxxx"}, ) print(r.json())
Health
Check API availability. No authentication required.
curl https://cyberbriefing.info/api/v1/health/db
import requests r = requests.get("https://cyberbriefing.info/api/v1/health/db") print(r.json())
Example Response — 200 OK
{ "status": "ok", "db": "connected" }
Sign Up
Create an account and receive a free API key. The key is only shown once — store it immediately.
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
| string | Required | Your email address (unique per account) | |
| password | string | Required | Minimum 8 characters |
curl -X POST https://cyberbriefing.info/api/v1/signup \ -H "Content-Type: application/json" \ -d '{"email": "analyst@company.com", "password": "s3cur3pass"}'
import requests r = requests.post( "https://cyberbriefing.info/api/v1/signup", json={"email": "analyst@company.com", "password": "s3cur3pass"}, ) data = r.json() print("API Key:", data["api_key"]) # save this!
const res = await fetch("https://cyberbriefing.info/api/v1/signup", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ email: "analyst@company.com", password: "s3cur3pass", }), }); const { api_key } = await res.json(); console.log("API Key:", api_key); // save this!
Example Response — 201 Created
{
"message": "Account created. Keep your API key safe — it won't be shown again.",
"api_key": "tp_live_3f8a2d1044ab...",
"tier": "free"
}
Login & Key Management
Log in to get a JWT token for managing your account keys.
curl -X POST https://cyberbriefing.info/api/v1/login \ -H "Content-Type: application/json" \ -d '{"email": "analyst@company.com", "password": "s3cur3pass"}'
import requests r = requests.post( "https://cyberbriefing.info/api/v1/login", json={"email": "analyst@company.com", "password": "s3cur3pass"}, ) token = r.json()["access_token"] # Use token in: Authorization: Bearer {token}
Example Response — 200 OK
{ "access_token": "eyJhbGciOiJIUzI1NiJ9...", "token_type": "bearer" }
curl https://cyberbriefing.info/api/v1/account/keys \ -H "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9..."
Invalidates all existing API keys and returns a new one. Use this if your key is compromised.
curl -X POST https://cyberbriefing.info/api/v1/account/keys/rotate \ -H "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9..."
Example Response — 200 OK
{
"message": "API key rotated. Previous key(s) are now invalid.",
"new_key": "tp_live_9b8a7c6d..."
}
Interactive API Explorer
Prefer to try endpoints live in your browser? Use the Interactive API Explorer ↗ — a full Swagger UI with real request/response testing built in.