Let's get started with Phishing Detection APIs

Scan API can detect following scams and categories in real-time.

  • Zero-Day Phishing
  • Tech Support Scams
  • Gift Card Scams
  • Survey Scams
  • Adult Websites
  • Drug Pharmacy (Drug Spam) Websites
  • Illegal/Rogue Streaming Sites
  • Gambling Websites
  • Hacked Websites
  • Cryptojacking / Cryptomining

We also support custom integrations and detection of other categories that are not listed above. Please Contact Us for more details


Request Your Free API Key

Try out Phishing Detection APIs for free. 250 scans per month are completely free. No credit card required. Sign up for your API key here


How to Use APIs

1. Submit URL for Scan Requests to /neo/scan/ endpoint. Your api host will be:

For Bolster Platform users: https://developers.bolster.ai/api

For CheckPhish users: https://developers.checkphish.ai/api

There are two ways to do a scan

Quick Scan

curl -X POST --header 'Content-Type: application/json' -d  '{"apiKey": "1f207653ec034ab9f04fbdd8e09fa7879205b4c85addeaa299da326167cc00a1", "urlInfo": {"url": "http://webidlogin101997.5gbfree.com/"}}' https://developers.bolster.ai/api/neo/scan
Submit a URL for scan

or

curl -X POST --header 'Content-Type: application/json' -d  '{"apiKey": "1f207653ec034ab9f04fbdd8e09fa7879205b4c85addeaa299da326167cc00a1", "urlInfo": {"url": "http://webidlogin101997.5gbfree.com/"}, "scanType": "quick"}' https://developers.bolster.ai/api/neo/scan
Submit a URL for scan

Full Scan

curl -X POST --header 'Content-Type: application/json' -d  '{"apiKey": "1f207653ec034ab9f04fbdd8e09fa7879205b4c85addeaa299da326167cc00a1", "urlInfo": {"url": "http://webidlogin101997.5gbfree.com/"}, "scanType": "full"}' https://developers.bolster.ai/api/neo/scan
Submit a URL for scan

The scan request will return job id and timestamp in JSON format

{"jobID":"ca1b827b-1f14-4e74-a242-ed17cc1808b0","timestamp":1538090611675}
                    
Get a JOB ID back

2. Next step is to get API results by query /neo/scan/status endpoint by using Job ID, API Key and insights (optional)

curl -X POST --header 'Content-Type: application/json' -d '{"apiKey": "1f207653ec034ab9f04fbdd8e09fa7879205b4c85addeaa299da326167cc00a1", "jobID": "ca1b827b-1f14-4e74-a242-ed17cc1808b0", "insights": true}' https://developers.bolster.ai/api/neo/scan/status                    
Query job ID for status

results will be returned back in JSON format. The insights, screenshot_path and resolved fields are returned when "insights": true in the query.

{"job_id":"ca1b827b-1f14-4e74-a242-ed17cc1808b0","status":"DONE","url":"http://webidlogin101997.5gbfree.com/","url_sha256":"a395e2130500750d34703f66c62c50ce99be0c7272b6763f6508c6bd473f1d74","disposition":"phish","brand":"paypal","insights":"https://checkphish.ai/insights/url/1528247234149/a395e2130500750d34703f66c62c50ce99be0c7272b6763f6508c6bd473f1d74","resolved":true,"screenshot_path":"https://storage.googleapis.com/rm-prod-screenshots/images/20180606/a395e2130500750d34703f66c62c50ce99be0c7272b6763f6508c6bd473f1d74.png","scan_start_ts":1654129884891,"scan_end_ts":1654129887641,"categories":[{"score":1,"threshold":0.9,"category":"sensitive_data"}]}
Get Scan Results

Response explained:

This should return the following response in a JSON format with

  1. jobID: jobID of the scan
  2. status:  Status of whether the job has completed. Returns DONE when completed
  3. url: URL submitted for scanning
  4. url_sha256: SHA256 of the url submitted for scanning
  5. brand: Brand being targeted by the URL
  6. insights: insights link
  7. resolved: True if the URL resolved. Else False
  8. screenshot_path: storage location of the screenshot for the scan
  9. disposition: the list of dispositions can be found below
  10. scan_start_ts: Unix Timestamp of when the scan the triggered
  11. scan_end_ts: Unix Timestamp of when the scan ended
  12. categories: List of categories from our webpage category detection model

List of Dispositions

Disposition description Disposition identifier returned in Response
Phishing Websites phish
Gift Card Scams/ Survey Scams/Tech support scams scam
Adult websitse adult
Drug Spam/Drug Pharmacy Sites drug_spam
Gambling websites gambling
Suspicious websites suspicious
Likely Phish websites likely_phish
Cryptomining/Cryptojacking cryptojacking
Illegal Streaming website websites streaming
Hacked/Defaced websites hacked_website
Mortgage Refinance Scam mortgage
Clean Websites clean

List of Categories

Intent Detection | Documents | Bolster
Full list of intent categories that Bolster’s Intent Detection model can currently classify.

API Rate Limiting

All API requests are restricted to 20 requests per minute (1 every 3 seconds). If requests exceed this rate, the caller will receive the following error:

{"error": {"status_code": 429,"status": "Request rate limit exceeded. Please try again later"}}
API rate limiting