Setup Guide for Threat Check API

Updated
  • Updated on Aug 28, 2025
  • Published on Apr 24, 2025
  • 1 minute(s) read
Prev Next

The Threat Check API allows Enterprise customers to check if an IP address or hostname is listed on a Silent Push Indicators of Future Attack (IOFA) feed. Follow this guide to configure and integrate the Threat Check API into your security workflows.

Prerequisites

You must have the following to complete this guide successfully:

  • Enterprise Subscription: An active Silent Push Enterprise subscription.

  • User Identifier Key: A unique key for authentication, available in the Subscription section of the Silent Push platform.

  • Network Access: The environment must allow outbound HTTPS requests to https://api.threatcheck.silentpush.com/v1/.

Obtain the User Identification Key

Note: The key is masked by default.

View your API Key

  1. From your user icon, select Subscription.

  2. In Threat Check API, view or copy the provided access key:

Construct the Request

Use the following details to build a Threat Check API request:

Base URL: https://api.threatcheck.silentpush.com/v1/

Required Parameters

Parameter

Description

t (Type)

Type of indicator: ip (IP address) or name (hostname)

d (Data)

Type of data. Default is iofa

u (User Identifier)

Unique identifier of the organization (API key from the Subscription section)

q (Query)

IP address or hostname to investigate

Example request (using cURL):

curl -X GET "https://api.threatcheck.silentpush.com/v1/?t=ip&d=iofa&u=12345&q=192.168.1.10"

Integrate the API into Security Workflows

The Threat Check API can be integrated into various security processes, including:

  • Email Filtering: Verify sender IPs or domains before email delivery.

  • SIEM and SOAR: Send indicators from logs or alerts to the API to trigger automated containment or notifications if the indicator is listed.  

  • DNS-Based Queries: Configure DNS-based checks for high-volume lookups, if supported in your environment.

Validate the Response

Ensure the API is correctly integrated by verifying the response format:  th

Successful Response (200 OK):

{
  "query": "192.168.1.10",
  "is_listed": true,
  "listed_txt": "This IP is on the IOFA feed."
}

Error Responses:

  • 400 Bad Request: Missing or invalid parameters.

  • 422 Unprocessable Entity: Invalid format, for example, an incorrect IP address.

For more information about solutions with the Threat Check API, go to our Solutions for Threat Check API article.