Current public interface

AdverseMonitor API v1

Read threat records, search the available data window, and retrieve threat-actor or country summaries. This page documents the implemented /api/v1 routes.

Quick start

The production base URL is:

https://platform.adversemonitor.com/api/v1

Create or retrieve a key from the signed-in API Access page, then call a read endpoint:

curl "https://platform.adversemonitor.com/api/v1/threats?limit=10" \
  -H "Authorization: Bearer am_live_YOUR_KEY"
Keep keys secret. Send them only in the HTTPS Authorization header. Do not place them in browser code, query strings, screenshots, or public repositories.

Authentication

Every documented data route requires a bearer token:

Authorization: Bearer am_live_YOUR_KEY

A missing, invalid, expired, or unauthorized key returns JSON with an error field and an appropriate HTTP status.

Plans and rate limits

API plan limits
AccessMinuteDayData window
Trial key5100Trial plan window; sensitive fields redacted
Protection101,000Subscription window
DefendUnlimited plan-level requestsUnlimited plan-level requestsFull history

Responses include X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset. Trial keys also receive X-Trial-Expires. Unlimited access remains subject to authentication, availability, and abuse controls.

List threats

GET/threats

Returns newest records first with cursor pagination.

List threats parameters
ParameterDescription
limitDefault 50; maximum 100, or 50 for trial keys
cursorOpaque cursor returned in meta.cursor
categoryExact category filter
countryCase-insensitive country match
sinceISO date/time lower bound
{
  "data": [{
    "id": "record-id",
    "title": "Source title",
    "summary": "Source summary",
    "category": "Ransomware",
    "threat_actors": ["Example actor"],
    "victims": {
      "countries": ["United States"],
      "industries": ["Technology"],
      "organizations": ["Example Company"],
      "domains": ["example.com"]
    },
    "risk_level": "high",
    "ai_analysis": "...",
    "published_at": "2026-01-15T12:00:00.000Z"
  }],
  "meta": {
    "total": 1,
    "returned": 1,
    "cursor": null,
    "filters_applied": {"category": null, "country": null, "since": null}
  }
}

The example above shows the documented response fields using placeholder values.

Threat detail

GET/threats/{id}

Returns one record, including source URL and the available analysis fields. A record outside the subscription data window returns 403.

Threat actors

GET/threat-actors?limit=50

Returns actor names, mention counts, latest observed dates, and associated categories. Maximum 100, or 50 for trial keys.

Country statistics

GET/countries/{code-or-name}

Accepts an ISO alpha-2 code such as SG, or a full country name. Returns stored threat, actor and victim counts, top actors and industries, a 30-day trend, and an optional cached summary.

Errors

API error responses
StatusMeaning
400Invalid or missing parameter
401Missing, invalid, or expired API key
403Plan or trial-key restriction, or data outside the allowed window
404Record or country statistics not found
429Rate limit exceeded; inspect retry_after and rate-limit headers
500Server error
{
  "error": "Rate limit exceeded",
  "retry_after": 42
}