Search API

The Search API allows to filter data using the ONYPHE Query Language (OQL). You can pass as many search filters as you wish, the syntax is always FILTER:VALUE. More details in the ONYPHE Query Language chapter.

This API will execute searches on datascan category by default and will try to detect which filters you want to use. For instance, if you enter a domain name, the domain filter will be used automatically. Example search google.com will be rewritten domain:google.com under the hood.

Other automatically detected patterns are:


Also, if you give some words or phrases which are not detected as automatic patterns, the fallback will be the data field.

NOTE: If you do not state you want to search historical data, Search API will default to searching in the last 30-days.

LIMIT: the Search API allows to fetch maximum 10,000 results. If you need more, you have to use the Export API available starting from Eagle Views.

Using curl

You can use curl in the following way to call the Search API:

curl -H 'Content-Type: application/json' -H 'Authorization: bearer YOUR_APIKEY' -XGET 'https://www.onyphe.io/api/v2/search/?q=protocol:rdp+domain:google.com'

Output:

{
  "count": 100,
  "error": 0,
  "max_page": 5,
  "myip": "<redacted>",
  "page": 1,
  "page_size": 100,
  "results": [
    {
      "@category": "datascan",
      "@timestamp": "2023-02-23T09:06:47.000Z",
[..]
],
  "status": "ok",
  "text": "Success",
  "took": 0.075,
  "total": 445
}

Using curl against Unrated API endpoint

If you want to query against the Unrated API endpoint, you have to pass the API key as an HTTP parameter as the Authorization header will be used to store Basic authentication credentials based on your login email address and your API key as a password:

LOGIN=`echo -n YOUR_LOGIN_EMAIL | sed 's/@/_/g'`
PASS=YOUR_APIKEY
BASIC=`echo -n $LOGIN:$PASS | base64 -w 0`
curl -H 'Content-Type: application/json' -H "Authorization: basic $BASIC" -XGET 'https://www.onyphe.io/unrated/api/v2/search/?q=protocol:rdp+domain:google.com&k=YOUR_APIKEY'