Scan APIs for CheckPhish Users
Let’s get started with Phishing Detection APIs
Bolster Scan APIs can detect following scams and categories in real-time.
- Zero-Day Phishing
- Tech Support Scams
- Gift Card Scams
- Survey Scams
- Adult Websites
- Drug Pharmacy (Drug Spam) Websites
- Illegal/Rogue Streaming Sites
- Gambling Websites
- Hacked Websites
- Cryptojacking / Cryptomining
Request Your Free API Key
After signing up for an account and logging in, navigate to your profile by clicking the dropdown from the top-right icon and selecting Profile Information. There, you’ll find your free API key, which grants you access to 25 free scans per day. Simply copy your key to get started.
You can upgrade your plan at any time to unlock additional features and higher limits. Sign Up for your free key here (https://app.checkphish.ai/sign-up)
How to Use APIs
Step 1: Submit URL for scan requests
Submit URL for Scan Requests to /neo/scan/
endpoint. Your api host will be:
https://developers.checkphish.ai/api
There are two ways to do a scan:
- Quick scan
curl -X POST --header 'Content-Type: application/json' -d '{"apiKey": "1f207653ec034ab9f04fbdd8e09fa7879205b4c85addeaa299da326167cc00a1", "urlInfo": {"url": "http://webidlogin101997.5gbfree.com/"}, "scanType": "quick"}' https://developers.bolster.ai/api/neo/scan
- Full scan
curl -X POST --header 'Content-Type: application/json' -d '{"apiKey": "1f207653ec034ab9f04fbdd8e09fa7879205b4c85addeaa299da326167cc00a1", "urlInfo": {"url": "http://webidlogin101997.5gbfree.com/"}, "scanType": "full"}' https://developers.bolster.ai/api/neo/scan
The scan request will return job id and timestamp in JSON format
{"jobID":"ca1b827b-1f14-4e74-a242-ed17cc1808b0","timestamp":1538090611675}
Step 2: Get API results by query
Next, get API results by query /neo/scan/status
endpoint by using Job ID, API Key and insights (optional):
curl -X POST --header 'Content-Type: application/json' -d '{"apiKey": "1f207653ec034ab9f04fbdd8e09fa7879205b4c85addeaa299da326167cc00a1", "jobID": "ca1b827b-1f14-4e74-a242-ed17cc1808b0", "insights": true}' https://developers.bolster.ai/api/neo/scan/status
Results will be returned back in JSON format. The insights, screenshot_path and resolved fields are returned when “insights”: true in the query.
{"job_id":"ca1b827b-1f14-4e74-a242-ed17cc1808b0","status":"DONE","url":"http://webidlogin101997.5gbfree.com/","url_sha256":"a395e2130500750d34703f66c62c50ce99be0c7272b6763f6508c6bd473f1d74","disposition":"phish","brand":"paypal","insights":"https://checkphish.ai/insights/url/1528247234149/a395e2130500750d34703f66c62c50ce99be0c7272b6763f6508c6bd473f1d74","resolved":true,"screenshot_path":"https://storage.googleapis.com/rm-prod-screenshots/images/20180606/a395e2130500750d34703f66c62c50ce99be0c7272b6763f6508c6bd473f1d74.png","scan_start_ts":1654129884891,"scan_end_ts":1654129887641,"categories":[{"score":1,"threshold":0.9,"category":"sensitive_data"}]}
This should return the following response in a JSON format with
- jobID: jobID of the scan
- status: Status of whether the job has completed. Returns DONE when completed
- url: URL submitted for scanning
- url_sha256: SHA256 of the url submitted for scanning
- brand: Brand being targeted by the URL
- insights: insights link
- resolved: True if the URL resolved. Else False
- screenshot_path: storage location of the screenshot for the scan
- disposition: the list of dispositions can be found below
- scan_start_ts: Unix Timestamp of when the scan the triggered
- scan_end_ts: Unix Timestamp of when the scan ended
- categories: List of categories from our webpage category detection model
List of Dispositions
Disposition description | Disposition identifier returned in Response |
---|---|
Phishing Websites | phish |
Gift Card Scams/ Survey Scams/Tech support scams | scam |
Adult websitse | adult |
Drug Spam/Drug Pharmacy Sites | drug_spam |
Gambling websites | gambling |
Suspicious websites | suspicious |
Likely Phish websites | likely_phish |
Cryptomining/Cryptojacking | cryptojacking |
Illegal Streaming website websites | streaming |
Hacked/Defaced websites | hacked_website |
Mortgage Refinance Scam | mortgage |
Clean Websites | clean |
List of Categories
See Intent Detection – Categories.
API Rate Limiting
{"error": {"status_code": 429,"status": "Request rate limit exceeded. Please try again later"}}
All API requests are restricted to 20 requests per minute (1 every 3 seconds). If requests exceed this rate, the caller will receive the following error: