CheckPhish APIs

Scan APIs for CheckPhish Users

Let’s get started with Phishing Detection APIs

Bolster Scan APIs can detect following scams and categories in real-time.

  • Zero-Day Phishing
  • Tech Support Scams
  • Gift Card Scams
  • Survey Scams
  • Adult Websites
  • Drug Pharmacy (Drug Spam) Websites
  • Illegal/Rogue Streaming Sites
  • Gambling Websites
  • Hacked Websites
  • Cryptojacking / Cryptomining

Request Your Free API Key

After signing up for an account and logging in, navigate to your profile by clicking the dropdown from the top-right icon and selecting Profile Information. There, you’ll find your free API key, which grants you access to 25 free scans per day. Simply copy your key to get started. 

You can upgrade your plan at any time to unlock additional features and higher limits. Sign Up for your free key here (https://app.checkphish.ai/sign-up) 

How to Use APIs

Step 1: Submit URL for scan requests

Submit URL for Scan Requests to /neo/scan/ endpoint. Your api host will be:

 https://developers.checkphish.ai/api

There are two ways to do a scan:

  • Quick scan
curl -X POST --header 'Content-Type: application/json' -d  '{"apiKey": "1f207653ec034ab9f04fbdd8e09fa7879205b4c85addeaa299da326167cc00a1", "urlInfo": {"url": "http://webidlogin101997.5gbfree.com/"}, "scanType": "quick"}' https://developers.bolster.ai/api/neo/scan
  • Full scan
curl -X POST --header 'Content-Type: application/json' -d  '{"apiKey": "1f207653ec034ab9f04fbdd8e09fa7879205b4c85addeaa299da326167cc00a1", "urlInfo": {"url": "http://webidlogin101997.5gbfree.com/"}, "scanType": "full"}' https://developers.bolster.ai/api/neo/scan

The scan request will return job id and timestamp in JSON format

{"jobID":"ca1b827b-1f14-4e74-a242-ed17cc1808b0","timestamp":1538090611675}
                    

Step 2: Get API results by query

Next, get API results by query /neo/scan/status endpoint by using Job ID, API Key and insights (optional):

curl -X POST --header 'Content-Type: application/json' -d '{"apiKey": "1f207653ec034ab9f04fbdd8e09fa7879205b4c85addeaa299da326167cc00a1", "jobID": "ca1b827b-1f14-4e74-a242-ed17cc1808b0", "insights": true}' https://developers.bolster.ai/api/neo/scan/status                    

Results will be returned back in JSON format. The insightsscreenshot_path and resolved fields are returned when “insights”: true in the query.

{"job_id":"ca1b827b-1f14-4e74-a242-ed17cc1808b0","status":"DONE","url":"http://webidlogin101997.5gbfree.com/","url_sha256":"a395e2130500750d34703f66c62c50ce99be0c7272b6763f6508c6bd473f1d74","disposition":"phish","brand":"paypal","insights":"https://checkphish.ai/insights/url/1528247234149/a395e2130500750d34703f66c62c50ce99be0c7272b6763f6508c6bd473f1d74","resolved":true,"screenshot_path":"https://storage.googleapis.com/rm-prod-screenshots/images/20180606/a395e2130500750d34703f66c62c50ce99be0c7272b6763f6508c6bd473f1d74.png","scan_start_ts":1654129884891,"scan_end_ts":1654129887641,"categories":[{"score":1,"threshold":0.9,"category":"sensitive_data"}]}

This should return the following response in a JSON format with

  • jobID: jobID of the scan
  • status:  Status of whether the job has completed. Returns DONE when completed
  • url: URL submitted for scanning
  • url_sha256: SHA256 of the url submitted for scanning
  • brand: Brand being targeted by the URL
  • insights: insights link
  • resolved: True if the URL resolved. Else False
  • screenshot_path: storage location of the screenshot for the scan
  • disposition: the list of dispositions can be found below
  • scan_start_ts: Unix Timestamp of when the scan the triggered
  • scan_end_ts: Unix Timestamp of when the scan ended
  • categories: List of categories from our webpage category detection model

List of Dispositions

Disposition description Disposition identifier returned in Response
Phishing Websites phish
Gift Card Scams/ Survey Scams/Tech support scams scam
Adult websitse adult
Drug Spam/Drug Pharmacy Sites drug_spam
Gambling websites gambling
Suspicious websites suspicious
Likely Phish websites likely_phish
Cryptomining/Cryptojacking cryptojacking
Illegal Streaming website websites streaming
Hacked/Defaced websites hacked_website
Mortgage Refinance Scam mortgage
Clean Websites clean

List of Categories

See Intent Detection – Categories.

API Rate Limiting

{"error": {"status_code": 429,"status": "Request rate limit exceeded. Please try again later"}}

All API requests are restricted to 20 requests per minute (1 every 3 seconds). If requests exceed this rate, the caller will receive the following error:

 

Updated on December 4, 2024
Was this article helpful?
Thanks for your feedback
Related Articles
What’s CheckPhish?

CheckPhish is a real-time URL and website scanner. It offers a small subset of the functionality included in the Bolster…