Let's get started with Phishing Detection APIs
Scan API can detect following scams and categories in real-time.
- Zero-Day Phishing
- Tech Support Scams
- Gift Card Scams
- Survey Scams
- Adult Websites
- Drug Pharmacy (Drug Spam) Websites
- Illegal/Rogue Streaming Sites
- Gambling Websites
- Hacked Websites
- Cryptojacking / Cryptomining
We also support custom integrations and detection of other categories that are not listed above. Please Contact Us for more details
Request Your Free API Key
Try out Phishing Detection APIs for free. 250 scans per month are completely free. No credit card required. Sign up for your API key here
How to Use APIs
1. Submit URL for Scan Requests to /neo/scan/
endpoint. Your api host will be:
For Bolster Platform users: https://developers.bolster.ai/api
For CheckPhish users: https://developers.checkphish.ai/api
There are two ways to do a scan
Quick Scan
curl -X POST --header 'Content-Type: application/json' -d '{"apiKey": "1f207653ec034ab9f04fbdd8e09fa7879205b4c85addeaa299da326167cc00a1", "urlInfo": {"url": "http://webidlogin101997.5gbfree.com/"}}' https://developers.bolster.ai/api/neo/scan
or
curl -X POST --header 'Content-Type: application/json' -d '{"apiKey": "1f207653ec034ab9f04fbdd8e09fa7879205b4c85addeaa299da326167cc00a1", "urlInfo": {"url": "http://webidlogin101997.5gbfree.com/"}, "scanType": "quick"}' https://developers.bolster.ai/api/neo/scan
Full Scan
curl -X POST --header 'Content-Type: application/json' -d '{"apiKey": "1f207653ec034ab9f04fbdd8e09fa7879205b4c85addeaa299da326167cc00a1", "urlInfo": {"url": "http://webidlogin101997.5gbfree.com/"}, "scanType": "full"}' https://developers.bolster.ai/api/neo/scan
The scan request will return job id and timestamp in JSON format
{"jobID":"ca1b827b-1f14-4e74-a242-ed17cc1808b0","timestamp":1538090611675}
2. Next step is to get API results by query /neo/scan/status
endpoint by using Job ID, API Key and insights (optional)
curl -X POST --header 'Content-Type: application/json' -d '{"apiKey": "1f207653ec034ab9f04fbdd8e09fa7879205b4c85addeaa299da326167cc00a1", "jobID": "ca1b827b-1f14-4e74-a242-ed17cc1808b0", "insights": true}' https://developers.bolster.ai/api/neo/scan/status
results will be returned back in JSON format. The insights, screenshot_path and resolved fields are returned when "insights": true in the query.
{"job_id":"ca1b827b-1f14-4e74-a242-ed17cc1808b0","status":"DONE","url":"http://webidlogin101997.5gbfree.com/","url_sha256":"a395e2130500750d34703f66c62c50ce99be0c7272b6763f6508c6bd473f1d74","disposition":"phish","brand":"paypal","insights":"https://checkphish.ai/insights/url/1528247234149/a395e2130500750d34703f66c62c50ce99be0c7272b6763f6508c6bd473f1d74","resolved":true,"screenshot_path":"https://storage.googleapis.com/rm-prod-screenshots/images/20180606/a395e2130500750d34703f66c62c50ce99be0c7272b6763f6508c6bd473f1d74.png","scan_start_ts":1654129884891,"scan_end_ts":1654129887641,"categories":[{"score":1,"threshold":0.9,"category":"sensitive_data"}]}
Response explained:
This should return the following response in a JSON format with
- jobID: jobID of the scan
- status: Â Status of whether the job has completed. Returns DONE when completed
- url: URL submitted for scanning
- url_sha256: SHA256 of the url submitted for scanning
- brand: Brand being targeted by the URL
- insights: insights link
- resolved: True if the URL resolved. Else False
- screenshot_path: storage location of the screenshot for the scan
- disposition: the list of dispositions can be found below
- scan_start_ts: Unix Timestamp of when the scan the triggered
- scan_end_ts: Unix Timestamp of when the scan ended
- categories: List of categories from our webpage category detection model
List of Dispositions
Disposition description | Disposition identifier returned in Response |
---|---|
Phishing Websites | phish |
Gift Card Scams/ Survey Scams/Tech support scams | scam |
Adult websitse | adult |
Drug Spam/Drug Pharmacy Sites | drug_spam |
Gambling websites | gambling |
Suspicious websites | suspicious |
Likely Phish websites | likely_phish |
Cryptomining/Cryptojacking | cryptojacking |
Illegal Streaming website websites | streaming |
Hacked/Defaced websites | hacked_website |
Mortgage Refinance Scam | mortgage |
Clean Websites | clean |
List of Categories

API Rate Limiting
All API requests are restricted to 20 requests per minute (1 every 3 seconds). If requests exceed this rate, the caller will receive the following error:
{"error": {"status_code": 429,"status": "Request rate limit exceeded. Please try again later"}}