Setup Guide for Threat Check API

  • Updated on Apr 24, 2026
  • Published on Apr 24, 2025
  • 1 minute(s) read
Prev Next

The Threat Check API enables Enterprise customers to verify whether an IP address or hostname is included in a Silent Push Indicators of Future Attack (IOFAâ„¢) feed. Follow this guide to configure and integrate the Threat Check API into your security workflows.

Prerequisites

You must have the following to complete this guide successfully:

  • Enterprise subscription: An active Silent Push Enterprise subscription.

  • Access Key: A unique key for authentication, available in the Defend section of the Silent Push platform.

  • Network access: The environment must allow outbound HTTPS requests to https://api.threatcheck.silentpush.com/v1/.

Request or View your Access Key

  1. From the left menu, click Defend.

  2. Click Threat Check, then click Manage.

    Access keys management interface displaying key names, values, and data sources.

Construct the Request

Use the following details to build a Threat Check API request:

Base URL: https://api.threatcheck.silentpush.com/v1/

Required parameters

Parameter

Description

t (Type)

Type of indicator: ip (IP address) or name (hostname)

d (Data)

Type of data. Default is iofa

u (User Identifier)

Unique identifier of the organization (API key from the Subscription section)

q (Query)

IP address or hostname to investigate

Example request (using cURL):

curl -X GET "https://api.threatcheck.silentpush.com/v1/?t=ip&d=iofa&u=12345&q=192.168.1.10"

Integrate the API into Security Workflows

The ThreatCheck API can be integrated into various security processes, including:

  • Email Filtering: Verify sender IPs or domains before email delivery.

  • SIEM and SOAR: Send log or alert indicators to the API to trigger automated containment or notifications if the indicator is listed.  

  • DNS-Based Queries: Configure DNS-based checks for high-volume lookups, if supported in your environment.

Validate the Response

Ensure the API is correctly integrated by verifying the response format:  th

Successful response (200 OK):

{
  "query": "192.168.1.10",
  "is_listed": true,
  "listed_txt": "This IP is on the IOFA feed."
}

Error responses:

  • 400 Bad Request: Missing or invalid parameters.

  • 422 Unprocessable Entity: Invalid format, for example, an incorrect IP address.

Python example (requests)

import requests

url = "https://api.threatcheck.silentpush.com/v1/"
params = {
  "t": "name",          # or "ip"
  "d": "iofa",
  "u": "YOUR_THREATCHECK_KEY",
  "q": "suspicious.example.com"
}
r = requests.get(url, params=params, timeout=10)
r.raise_for_status()
print(r.json())

Go to our Solutions for Threat Check API article for more information.

Related articles