ThreatCheck API

Updated
  • Updated on Nov 7, 2025
  • Published on Apr 24, 2025
  • 1 minute(s) read
Prev Next

Enterprise customers can utilize the ThreatCheck API to verify whether an IP address or hostname is included in a Silent Push Indicators of Future Attack (IOFA) feed. The API delivers a simple Boolean response indicating whether the indicator is listed.

Note: Enterprise customers enjoy unlimited usage for high-volume and real-time lookups.

What it does

  • Checks if an indicator (IP address or hostname) is listed on an IOFA feed.

  • Returns a Boolean response (e.g., true/ false or 1 / 0 with an optional descriptive text.

  • Supports high-volume lookups for automated security processes, including email filtering and SIEM integrations.

Benefits

  • Unlimited access: Enterprise users are not charged per API call.

  • High-volume readiness: Designed for large-scale real-time lookups.

  • Easy integration: Simple JSON response facilitates seamless integration into security workflows.

  • Risk assessment: Provides immediate insight into high-risk indicators, enabling rapid blocking or alerting.  

Endpoints

The API consists of the following endpoint:

Endpoint

Description

https://api.threatcheck.silentpush.com/v1/

Check if an indicator is listed on a Silent Push IOFA feed.

Methods

The API supports the following core operations:

Operation

Method

Descriptions

Feed

  • GET

Retrieve information on whether a specific indicator is present on an IOFA feed.

Required query parameters

Query Name

Description

t (Type)

Type of indicator:

  • name

  • ip

d (Data)

Type of data. The default is iofa.

u (User Identifier)

Unique identifier of the organization making the request.

q (Query)

IP address or hostname being investigated.

Authentication

Enterprise customers authenticate their ThreatCheck API requests with a valid ThreatCheck Access key, which can be found in the Subscription section of the platform’s user menu. Include the ThreatCheck Access key in the u parameter of the request.

NOTE: The API key for ThreatCheck is NOT the same as a standard Silent Push API key created and managed within the Organization menu.

Base URL and versioning

The ThreatCheck API uses semantic versioning to ensure backward compatibility. Access all endpoints through the following base URL:

  • https://api.threatcheck.silentpush.com/v1/

Resources

For more information about the ThreatCheck API, select one of the following articles: