API Documentation

Comprehensive guides and API references for integrating AntiBait's email threat detection into your applications.

IOC Query

Premium

Query and filter Indicators of Compromise (IOCs) collected from email analyses with advanced filtering and pagination.

API Endpoint

GET

GET/api/iocs/query

Query Parameters

type?: string
isMalicious?: "true" | "false"
minThreatScore?: number
limit?: number (default: 100)
offset?: number (default: 0)
sortBy?: string (default: "last_seen")
sortOrder?: "asc" | "desc" (default: "desc")

All parameters are optional

Response

{
  "success": true,
  "data": [{
    "id": "string",
    "ioc_type": "string",
    "ioc_value": "string",
    "is_malicious": boolean,
    "threat_score": number,
    "first_seen": "datetime",
    "last_seen": "datetime",
    "occurrence_count": number,
    "metadata": object,
    "analysis_count": number
  }],
  "count": number,
  "pagination": {
    "limit": number,
    "offset": number
  }
}

IOC Types

email

Email addresses

domain

Domain names

ip

IP addresses (IPv4/IPv6)

url

URLs from email body

subject

Email subject lines

message_id

Message-ID headers

user_agent

User-Agent strings

auth_result

Authentication results

Example Requests

Get All Malicious Domains

GET /api/iocs/query?type=domain&isMalicious=true&minThreatScore=70
Authorization: Bearer YOUR_API_KEY

Get Recent High-Threat IOCs

GET /api/iocs/query?minThreatScore=80&sortBy=last_seen&sortOrder=desc&limit=50
Authorization: Bearer YOUR_API_KEY

Get Most Frequent Malicious IPs

GET /api/iocs/query?type=ip&isMalicious=true&sortBy=occurrence_count&sortOrder=desc
Authorization: Bearer YOUR_API_KEY

Response Fields

idstring

Unique identifier for the IOC (UUID)

ioc_typestring

Type of indicator (email, domain, ip, url, etc.)

ioc_valuestring

The actual indicator value

is_maliciousboolean

Whether the IOC is marked as malicious

threat_scorenumber

Threat score (0-100, higher is more dangerous)

first_seendatetime

Timestamp when IOC was first observed

last_seendatetime

Timestamp when IOC was last observed

occurrence_countnumber

Number of times this IOC has been observed

metadataobject

Additional context and metadata about the IOC

analysis_countnumber

Number of distinct analyses where this IOC appeared

Common Use Cases

Build Blocklists

Export malicious domains and IPs to feed into security tools

Track Campaigns

Identify repeated IOCs to detect coordinated phishing campaigns

Threat Intelligence

Query historical IOC data for incident response and investigation

Authentication Required

This endpoint requires a valid API key. Include your API key in the Authorization header as a Bearer token.

IOC Collection

IOCs are automatically collected from all email analyses (basic and advanced). No additional setup required - just analyze emails and query the IOC database.

Need help integrating our API? Our support team is here to assist you.

Contact • View FAQ • Manage API Keys