Export API

The Export API allows to export data using the ONYPHE Query Language (OQL). You can pass as many search filters as you wish, the syntax is always FILTER:VALUE. More details in the ONYPHE Query Language chapter.

This API will execute searches on datascan category by default and will try to detect which filters you want to use. For instance, if you enter a domain name, the domain filter will be used automatically. Example search google.com will be rewritten domain:google.com under the hood.

Other automatically detected patterns are:


Also, if you give some words or phrases which are not detected as automatic patterns, the fallback will be the data field.

NOTE: Export API can only export last 30-days of data for Eagle View subscriptions. Griffin View can export all the historical data. This API is not available to other subscriptions.

Using curl

You can use curl in the following way to call the Export API:

curl -H 'Content-Type: application/json' -H 'Authorization: bearer YOUR_APIKEY' -XGET 'https://www.onyphe.io/api/v2/export/?q=protocol:rdp+domain:google.com'

Output is streamed, one JSON per line:

{"@category":"datascan","@timestamp":"2024-11-16T14:54:39.000Z",[..]}
{"@category":"datascan","@timestamp":"2024-11-16T14:54:38.000Z",[..]}
{"@category":"datascan","@timestamp":"2024-11-16T14:54:38.000Z",[..]}
[..]
{"@category":"datascan","@timestamp":"2024-11-10T04:11:01.000Z",[..]}

Available parameters

Using ONYPHE CLI

onyphe -export OQL

Using curl against Unrated API endpoint

If you want to query against the Unrated API endpoint, you have to pass the API key as an HTTP parameter as the Authorization header will be used to store Basic authentication credentials based on your login email address and your API key as a password:

LOGIN=`echo -n YOUR_LOGIN_EMAIL | sed 's/@/_/g'`
PASS=YOUR_APIKEY
BASIC=`echo -n $LOGIN:$PASS | base64 -w 0`
curl -H 'Content-Type: application/json' -H "Authorization: basic $BASIC" -XGET 'https://www.onyphe.io/unrated/api/v2/export/?q=protocol:rdp+domain:google.com&k=YOUR_APIKEY'