--- title: "Setup Guide for Threat Check API" slug: "setup-guide" updated: 2026-04-24T14:36:58Z published: 2026-04-24T14:36:58Z canonical: "help.silentpush.com/setup-guide" --- > ## Documentation Index > Fetch the complete documentation index at: https://help.silentpush.com/llms.txt > Use this file to discover all available pages before exploring further. # Setup Guide for Threat Check API The Threat Check API enables Enterprise customers to verify whether an IP address or hostname is included in a Silent Push Indicators of Future Attack (IOFA™) feed. Follow this guide to configure and integrate the **Threat Check API** into your security workflows. ## Prerequisites You must have the following to complete this guide successfully: - **Enterprise subscription:** An active Silent Push Enterprise subscription. - **Access Key:** A unique key for authentication, available in the **Defend** section of the Silent Push platform. - **Network access:** The environment must allow outbound HTTPS requests to `https://api.threatcheck.silentpush.com/v1/`. ### Request or View your Access Key 1. From the left menu, click **Defend**. 2. Click **Threat Check**, then click Manage. ![Access keys management interface displaying key names, values, and data sources.](https://cdn.document360.io/8e5460b3-9d96-4b01-8bb3-6591a4af3a8c/Images/Documentation/Screenshot 2026-04-24 at 9.36.05 AM.png) ## Construct the Request Use the following details to build a Threat Check API request: **Base URL**: `https://api.threatcheck.silentpush.com/v1/` **Required parameters** | Parameter | Description | | --- | --- | | `t` (Type) | Type of indicator: `ip` (IP address) or `name` (hostname) | | `d` (Data) | Type of data. Default is `iofa` | | `u` (User Identifier) | Unique identifier of the organization (API key from the **Subscription** section) | | `q` (Query) | IP address or hostname to investigate | Example request (using cURL): ```plaintext curl -X GET "https://api.threatcheck.silentpush.com/v1/?t=ip&d=iofa&u=12345&q=192.168.1.10" ``` ## Integrate the API into Security Workflows The ThreatCheck API can be integrated into various security processes, including: - **Email Filtering:** Verify sender IPs or domains before email delivery. - **SIEM and SOAR:** Send log or alert indicators to the API to trigger automated containment or notifications if the indicator is listed. - **DNS-Based Queries:** Configure DNS-based checks for high-volume lookups, if supported in your environment. ## Validate the Response Ensure the API is correctly integrated by verifying the response format: th #### **Successful response (200 OK)**: ```json {  "query": "192.168.1.10",  "is_listed": true,  "listed_txt": "This IP is on the IOFA feed." } ``` #### **Error responses**: - **400 Bad Request:** Missing or invalid parameters. - **422 Unprocessable Entity:** Invalid format, for example, an incorrect IP address. #### Python example (requests) ```python import requests url = "https://api.threatcheck.silentpush.com/v1/" params = {  "t": "name",          # or "ip"  "d": "iofa",  "u": "YOUR_THREATCHECK_KEY",  "q": "suspicious.example.com" } r = requests.get(url, params=params, timeout=10) r.raise_for_status() print(r.json()) ``` Go to our [Solutions for Threat Check API](https://help.silentpush.com/docs/solutions-for-threat-check-api) article for more information.