Discovery API

The Discovery API allows to search data in bulk using the ONYPHE Query Language (OQL). You can pass as many search filters as you wish, the syntax is always FILTER:VALUE. More details in the ONYPHE Query Language chapter.

This API will execute searches by trying to detect which filters you want to use. For instance, if you enter a domain name, the domain filter will be used automatically. Example search google.com will be rewritten domain:google.com under the hood.

Other automatically detected patterns are:


Also, if you give some words or phrases which are not detected as automatic patterns, the fallback will be the data field.

NOTE: the category you want to query has to be provided with the API endpoint URL. Take the following example using curl, and just replace datascan by another category, like resolver or vulnscan for instance. This API is only available for Griffin View subscriptions.

Using curl

You can use curl in the following way to call the Discovery API:

echo 'protocol:rdp domain:google.com' > /tmp/google.txt
echo 'protocol:ssh domain:google.com' >> /tmp/google.txt

curl -H 'Content-Type: application/json' -H 'Authorization: bearer YOUR_APIKEY' -XPOST 'https://www.onyphe.io/api/v2/bulk/discovery/datascan/asset' --data-binary @/tmp/google.txt

Output:

{"@category":"datascan","@timestamp":"2023-03-08T05:31:29.000Z",[..]
{"@category":"datascan","@timestamp":"2023-03-08T03:55:46.000Z",[..]

Using curl against Unrated API endpoint

If you want to query against the Unrated API endpoint, you have to pass the API key as an HTTP parameter as the Authorization header will be used to store Basic authentication credentials based on your login email address and your API key as a password:

LOGIN=`echo -n YOUR_LOGIN_EMAIL | sed 's/@/_/g'`
PASS=YOUR_APIKEY
BASIC=`echo -n $LOGIN:$PASS | base64 -w 0`
curl -H 'Content-Type: application/json' -H "Authorization: basic $BASIC" -XPOST 'https://www.onyphe.io/unrated/api/v2/bulk/discovery/datascan/asset?k=YOUR_APIKEY' --data-binary @/tmp/google.txt