Threat Check API

  • Published on Apr 24, 2025
  • 1 minute(s) read

Enterprise customers can use the Threat Check API to determine if an IP address or hostname is present on a Silent Push Indicators of Future Attack (IOFA) feed. The API returns a simple Boolean response indicating whether the indicator is listed.

Note: To support high-volume and real-time lookups, Enterprise customers have an unlimited usage allowance.

What It Does

  • Checks whether an indicator, specifically an IP address or hostname, is listed on an IOFA feed.

  • Provides a boolean response with an optional descriptive text, for example,  true or false and 1 or 0.

  • Supports high-volume lookups for automated security processes, for example email filtering or SIEM integrations.

Benefits

  • Unlimited Access: Enterprise users are not charged for the API calls.

  • High-Volume Readiness: Handles large-scale lookups in real time.

  • Easy Integration: Simple JSON response makes it straightforward to incorporate into security workflows.

  • Risk Assessment: Immediate insight into whether an indicator is high risk, which enables customers to rapid block or alert.

Endpoints

The API consists of the following endpoints:

Endpoint

Description

https://api.threatcheck.silentpush.com/v1/

Check if an indicator is on one of Silent Push’s IOFA feed.

Methods

The API supports the following core operations:

Operations

Methods

Descriptions

Feed

  • GET

Retrieve information on whether a specific indicator is present on an IOFA feed.

Required Query Parameters

Query Name

Description

t (Type)

Type of indicator:

  • name

  • ip

d (Data)

Type of data. The default is iofa .

u (User Identifier)

Unique identifier of the organization that is making the request.

q (Query)

IP address or hostname that the organization is investigating.

Authentication

Enterprise customers authenticate their Threat Check API requests with a valid Threat Check API key which can be found in the Subscription section of the platform’s user menu.

When using ThreatCheck, input your Threat Check API key into the u parameter of the request.

NOTE: The API key for ThreatCheck is NOT the same as a standard Silent Push API key created and managed within the Organization menu.

Base URL and Versioning

The Threat Check API is constructed with semantic versioning to ensure backward compatibility. Access all of the endpoints through the following base URL:

  • https://api.threatcheck.silentpush.com/v1/

Resources

For more information about the Threat Check API, select one of the following articles: