Setup Guide for ThreatCheck API

Updated
  • Updated on Nov 7, 2025
  • Published on Apr 24, 2025
  • 1 minute(s) read
Prev Next

The ThreatCheck API enables Enterprise customers to verify whether an IP address or hostname is included in a Silent Push Indicators of Future Attack (IOFAâ„¢) feed. Follow this guide to configure and integrate the ThreatCheck API into your security workflows.

Prerequisites

You must have the following to complete this guide successfully:

  • Enterprise subscription: An active Silent Push Enterprise subscription.

  • Access Key: A unique key for authentication, available in the Subscription section of the Silent Push platform.

  • Network access: The environment must allow outbound HTTPS requests to https://api.threatcheck.silentpush.com/v1/.

View your Access Key

Note: The key is masked by default.

  1. From your user icon, select Subscription.

  2. In ThreatCheck API, view or copy the provided access key.

Construct the Request

Use the following details to build a ThreatCheck API request:

Base URL: https://api.threatcheck.silentpush.com/v1/

Required parameters

Parameter

Description

t (Type)

Type of indicator: ip (IP address) or name (hostname)

d (Data)

Type of data. Default is iofa

u (User Identifier)

Unique identifier of the organization (API key from the Subscription section)

q (Query)

IP address or hostname to investigate

Example request (using cURL):

curl -X GET "https://api.threatcheck.silentpush.com/v1/?t=ip&d=iofa&u=12345&q=192.168.1.10"

Integrate the API into security workflows

The ThreatCheck API can be integrated into various security processes, including:

  • Email Filtering: Verify sender IPs or domains before email delivery.

  • SIEM and SOAR: Send indicators from logs or alerts to the API to trigger automated containment or notifications if the indicator is listed.  

  • DNS-Based Queries: Configure DNS-based checks for high-volume lookups, if supported in your environment.

Validate the response

Ensure the API is correctly integrated by verifying the response format:  th

Successful response (200 OK):

{
  "query": "192.168.1.10",
  "is_listed": true,
  "listed_txt": "This IP is on the IOFA feed."
}

Error responses:

  • 400 Bad Request: Missing or invalid parameters.

  • 422 Unprocessable Entity: Invalid format, for example, an incorrect IP address.

Python example (requests)

import requests

url = "https://api.threatcheck.silentpush.com/v1/"
params = {
  "t": "name",          # or "ip"
  "d": "iofa",
  "u": "YOUR_THREATCHECK_KEY",
  "q": "suspicious.example.com"
}
r = requests.get(url, params=params, timeout=10)
r.raise_for_status()
print(r.json())

Go to our Solutions for ThreatCheck API article for more information.