Threat Check API

Updated
  • Updated on Sep 16, 2025
  • Published on Apr 24, 2025
  • 1 minute(s) read
Prev Next

Enterprise customers can use the Threat Check API to determine if an IP address or hostname is present on a Silent Push Indicators of Future Attack (IOFA) feed. The API delivers a simple Boolean response indicating whether the indicator is listed.

Note: Enterprise customers enjoy unlimited usage for high-volume and real-time lookups.

What it does

  • Checks if an indicator (IP address or hostname) is listed on an IOFA feed.

  • Returns a Boolean response (e.g., true/ false or 1 / 0 with an optional descriptive text.

  • Supports high-volume lookups for automated security processes, such as email filtering or SIEM integrations.

Benefits

  • Unlimited access: Enterprise users are not charged per API call.

  • High-volume readiness: Designed for large-scale real-time lookups.

  • Easy integration: Simple JSON response facilitates seamless integration into security workflows.

  • Risk assessment: Provides immediate insight into high risk indicators, enabling rapid blocking or alerting.  

Endpoints

The API consists of the following endpoint:

Endpoint

Description

https://api.threatcheck.silentpush.com/v1/

Check if an indicator is listed on a Silent Push IOFA feed.

Methods

The API supports the following core operations:

Operation

Method

Descriptions

Feed

  • GET

Retrieve information on whether a specific indicator is present on an IOFA feed.

Required query parameters

Query Name

Description

t (Type)

Type of indicator:

  • name

  • ip

d (Data)

Type of data. The default is iofa.

u (User Identifier)

Unique identifier of the organization making the request.

q (Query)

IP address or hostname being investigated.

Authentication

Enterprise customers authenticate their Threat Check API requests with a valid Threat Check API key, which can be found in the Subscription section of the platform’s user menu. Include the Threat Check API key in the u parameter of the request.

NOTE: The API key for ThreatCheck is NOT the same as a standard Silent Push API key created and managed within the Organization menu.

Base URL and versioning

The Threat Check API uses semantic versioning to ensure backward compatibility. Access all endpoints through the following base URL:

  • https://api.threatcheck.silentpush.com/v1/

Resources

For more information about the Threat Check API, select one of the following articles: