Scan APIs for CheckPhish Users

Let’s get started with Phishing Detection APIs

Bolster Scan APIs can detect following scams and categories in real-time.

• Zero-Day Phishing
• Tech Support Scams
• Gift Card Scams
• Survey Scams
• Adult Websites
• Drug Pharmacy (Drug Spam) Websites
• Illegal/Rogue Streaming Sites
• Gambling Websites
• Hacked Websites
• Cryptojacking / Cryptomining

Request Your Free API Key

After signing up for an account, navigate to your profile to find your free API key to get access to 25 free scans a day. Or upgrade your plan to unlock additional features and higher limits. Sign Up for your free key here

How to Use APIs

Step 1: Submit URL for scan requests

Submit URL for Scan Requests to /neo/scan/ endpoint. Your api host will be:

 https://developers.checkphish.ai/api

There are two ways to do a scan:

• Quick scan

curl -X POST --header 'Content-Type: application/json' -d  '{"apiKey": "1f207653ec034ab9f04fbdd8e09fa7879205b4c85addeaa299da326167cc00a1", "urlInfo": {"url": "http://webidlogin101997.5gbfree.com/"}, "scanType": "quick"}' https://developers.bolster.ai/api/neo/scan

• Full scan

curl -X POST --header 'Content-Type: application/json' -d  '{"apiKey": "1f207653ec034ab9f04fbdd8e09fa7879205b4c85addeaa299da326167cc00a1", "urlInfo": {"url": "http://webidlogin101997.5gbfree.com/"}, "scanType": "full"}' https://developers.bolster.ai/api/neo/scan

The scan request will return job id and timestamp in JSON format

{"jobID":"ca1b827b-1f14-4e74-a242-ed17cc1808b0","timestamp":1538090611675}
                    

Step 2: Get API results by query

Next, get API results by query /neo/scan/status endpoint by using Job ID, API Key and insights (optional):

curl -X POST --header 'Content-Type: application/json' -d '{"apiKey": "1f207653ec034ab9f04fbdd8e09fa7879205b4c85addeaa299da326167cc00a1", "jobID": "ca1b827b-1f14-4e74-a242-ed17cc1808b0", "insights": true}' https://developers.bolster.ai/api/neo/scan/status                    

Results will be returned back in JSON format. The insights, screenshot_path and resolved fields are returned when “insights”: true in the query.

{"job_id":"ca1b827b-1f14-4e74-a242-ed17cc1808b0","status":"DONE","url":"http://webidlogin101997.5gbfree.com/","url_sha256":"a395e2130500750d34703f66c62c50ce99be0c7272b6763f6508c6bd473f1d74","disposition":"phish","brand":"paypal","insights":"https://checkphish.ai/insights/url/1528247234149/a395e2130500750d34703f66c62c50ce99be0c7272b6763f6508c6bd473f1d74","resolved":true,"screenshot_path":"https://storage.googleapis.com/rm-prod-screenshots/images/20180606/a395e2130500750d34703f66c62c50ce99be0c7272b6763f6508c6bd473f1d74.png","scan_start_ts":1654129884891,"scan_end_ts":1654129887641,"categories":[{"score":1,"threshold":0.9,"category":"sensitive_data"}]}

This should return the following response in a JSON format with

• jobID: jobID of the scan
• status:  Status of whether the job has completed. Returns DONE when completed
• url: URL submitted for scanning
• url_sha256: SHA256 of the url submitted for scanning
• brand: Brand being targeted by the URL
• insights: insights link
• resolved: True if the URL resolved. Else False
• screenshot_path: storage location of the screenshot for the scan
• disposition: the list of dispositions can be found below
• scan_start_ts: Unix Timestamp of when the scan the triggered
• scan_end_ts: Unix Timestamp of when the scan ended
• categories: List of categories from our webpage category detection model

List of Dispositions

List of Categories

See Intent Detection – Categories.

API Rate Limiting

{"error": {"status_code": 429,"status": "Request rate limit exceeded. Please try again later"}}

All API requests are restricted to 20 requests per minute (1 every 3 seconds). If requests exceed this rate, the caller will receive the following error: