Threat Check API

Updated
  • Updated on Jan 26, 2026
  • Published on Apr 24, 2025
  • 1 minute(s) read
Prev Next

Enterprise customers can utilize the Threat Check API to verify whether an IP address or hostname is included in a Silent Push Indicators of Future Attack (IOFA) feed. The API delivers a simple Boolean response indicating whether the indicator is listed.

Note: Enterprise customers enjoy unlimited usage for high-volume and real-time lookups.

What it does

  • Checks if an indicator (IP address or hostname) is listed on an IOFA feed.

  • Returns a Boolean response (e.g., true/ false or 1 / 0 with an optional descriptive text.

  • Supports high-volume lookups for automated security processes, including email filtering and SIEM integrations.

Benefits

  • Unlimited access: Enterprise users are not charged per API call.

  • High-volume readiness: Designed for large-scale real-time lookups.

  • Easy integration: Simple JSON response facilitates seamless integration into security workflows.

  • Risk assessment: Provides immediate insight into high-risk indicators, enabling rapid blocking or alerting.  

Endpoints

The API consists of the following endpoint:

Endpoint

Description

https://api.threatcheck.silentpush.com/v1/

Check if an indicator is listed on a Silent Push IOFA feed.

Methods

The API supports the following core operations:

Operation

Method

Descriptions

Feed

  • GET

Retrieve information on whether a specific indicator is present on an IOFA feed.

Required Query Parameters

Query Name

Description

t (Type)

Type of indicator:

  • name

  • ip

d (Data)

Type of data. The default is iofa.

u (User Identifier)

Unique identifier of the organization making the request.

q (Query)

IP address or hostname being investigated.

Authentication

Enterprise customers authenticate their ThreatCheck API requests with a valid Threat Check Access key, which can be found in the Subscription section of the platform’s user menu. Include the Threat Check Access key in the u parameter of the request.

NOTE: The Threat Check API key is NOT the same as a standard Silent Push API key created and managed in the Organization menu.

Base URL and Versioning

The Threat Check API uses semantic versioning to ensure backward compatibility. Access all endpoints through the following base URL:

  • https://api.threatcheck.silentpush.com/v1/

Resources

For more information about the Threat Check API, select one of the following articles:

Related articles