Bulk Summary API
The Bulk Summary API allows to fetch a summary of data we have in regards to an asset, by providing a list contained within a text file. An asset can be an IP address, a domain or a hostname (FQDN). You can just provide asset values and not full ONYPHE Query Language searches.
Furthermore, the summary will be composed of data fetched in the last 30-days only, you cannot query historical data with that endpoint. Also, it will return only the last 10 or 100 results per category, depending on your license, we have from all categories of information that have a match in regards to your asset.
The 3 available endpoints are:
- /bulk/summary/ip: you have to give a completely valid list of IPv4 or IPv6 addresses (example: 8.8.8.8);
- /bulk/summary/domain: you have to give a completely valid list of domains (example: google.com);
- /bulk/summary/hostname: you have to give a completely valid list of hostnames (example: www.google.com).
Using curl
You can use curl in the following way to call the Summary API:
echo 'google.com' > /tmp/domains.txt
echo 'google.fr' >> /tmp/domains.txt
curl -H 'Content-Type: application/json' -H 'Authorization: bearer YOUR_APIKEY' -XPOST 'https://www.onyphe.io/api/v2/bulk/summary/domain' --data-binary @/tmp/domains.txt
Output:
{
{"@category":"ctl","@timestamp":"2023-03-16T02:10:14.000Z",[..]
{"@category":"ctl","@timestamp":"2023-03-16T02:05:13.000Z",[..]
[..]
}
Using curl against Unrated API endpoint
If you want to query against the Unrated API endpoint, you have to pass the API key as an HTTP parameter as the Authorization header will be used to store Basic authentication credentials based on your login email address and your API key as a password:
LOGIN=`echo -n YOUR_LOGIN_EMAIL | sed 's/@/_/g'`
PASS=YOUR_APIKEY
BASIC=`echo -n $LOGIN:$PASS | base64 -w 0`
curl -H 'Content-Type: application/json' -H "Authorization: basic $BASIC" -XPOST 'https://www.onyphe.io/unrated/api/v2/bulk/summary/domain?k=YOUR_APIKEY' --data-binary @/tmp/domains.txt