AdverseMonitor
API Documentation
Integrate dark web threat intelligence into your security workflows with our REST API. Access real-time threats, manage alerts, and retrieve metrics programmatically.
Quick Start
Get started with the AdverseMonitor API in minutes. All API requests require authentication using a Bearer token.
https://platform.adversemonitor.com/api
curl -X GET "https://platform.adversemonitor.com/api/feed?limit=10" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json"Authentication
All API requests must include your API key in the Authorization header
as a Bearer token. You can generate an API key from your dashboard settings.
Authorization: Bearer am_live_xxxxxxxxxxxxxxxxxxxNever expose your API key in client-side code. Store it securely as an environment variable and only use it in server-side applications. Rotate your keys regularly.
Rate Limits
API rate limits vary by plan. All responses include rate limit headers to help you track usage.
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1702857600API Endpoints
Complete reference for all available endpoints.
Retrieve a paginated list of threats from the dark web feed.
Query Parameters
| Parameter | Type | Description |
|---|---|---|
| limit | integer | Number of results to return (default: 20, max: 100) |
| offset | integer | Number of results to skip for pagination (default: 0) |
| category | string | Filter by threat category (e.g., "Ransomware", "Data Breach") |
| country | string | Filter by country code (ISO 3166-1 alpha-2) |
| date_from | string | Start date filter (ISO 8601 format: YYYY-MM-DD) |
| date_to | string | End date filter (ISO 8601 format: YYYY-MM-DD) |
| search | string | Search query for threat content |
Example Request
curl -X GET "https://platform.adversemonitor.com/api/feed?limit=20&category=Ransomware&country=US" \
-H "Authorization: Bearer YOUR_API_KEY"Example Response
{
"threats": [
{
"id": "threat_abc123",
"title": "Acme Corporation - Data Breach",
"category": "Ransomware",
"country": "United States",
"country_code": "US",
"threat_actor": "LockBit 3.0",
"posted_at": "2024-12-15T10:30:00Z",
"severity": "critical",
"excerpt": "Acme Corporation data leaked after refusing ransom payment..."
}
],
"pagination": {
"total": 150,
"limit": 20,
"offset": 0,
"has_more": true
}
}Retrieve detailed information about a specific threat, including AI analysis.
Path Parameters
| Parameter | Type | Description |
|---|---|---|
| id | string | Unique threat identifier |
Example Request
curl -X GET "https://platform.adversemonitor.com/api/feed/threat_abc123" \
-H "Authorization: Bearer YOUR_API_KEY"Example Response
{
"id": "threat_abc123",
"title": "Acme Corporation - Data Breach",
"category": "Ransomware",
"country": "United States",
"country_code": "US",
"threat_actor": "LockBit 3.0",
"posted_at": "2024-12-15T10:30:00Z",
"severity": "critical",
"content": "Full threat content...",
"source_url": "https://...",
"evidence": [
{
"type": "screenshot",
"url": "https://..."
}
],
"ai_analysis": {
"risk_level": "critical",
"summary": "Active ransomware attack with data exfiltration confirmed...",
"impact": "Customer PII and financial records compromised",
"recommendations": [
"Initiate incident response protocol",
"Notify affected customers within 72 hours",
"Engage forensics team for full investigation"
]
}
}List all alert profiles configured for your account.
Example Request
curl -X GET "https://platform.adversemonitor.com/api/alerts" \
-H "Authorization: Bearer YOUR_API_KEY"Example Response
{
"alert_profiles": [
{
"id": "alert_xyz789",
"name": "Company Domain Monitor",
"keywords": ["acme.com", "acmecorp.com"],
"categories": ["Ransomware", "Data Breach"],
"notifications": {
"email": ["[email protected]"],
"slack": "https://hooks.slack.com/...",
"teams": null
},
"created_at": "2024-12-01T08:00:00Z",
"updated_at": "2024-12-15T10:30:00Z",
"triggered_count": 42
}
]
}Create a new alert profile to monitor specific keywords and categories.
Request Body
| Field | Type | Description |
|---|---|---|
| name | string | Alert profile name (required) |
| keywords | array | Array of keywords to monitor (required) |
| categories | array | Array of threat categories to filter (optional) |
| notifications | object | Notification settings (email, slack, teams) |
Example Request
curl -X POST "https://platform.adversemonitor.com/api/alerts" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Executive Monitor",
"keywords": ["CEO Name", "acme.com"],
"categories": ["Ransomware", "Data Breach", "Initial Access"],
"notifications": {
"email": ["[email protected]"],
"slack": "https://hooks.slack.com/services/..."
}
}'Example Response
{
"id": "alert_new123",
"name": "Executive Monitor",
"keywords": ["CEO Name", "acme.com"],
"categories": ["Ransomware", "Data Breach", "Initial Access"],
"notifications": {
"email": ["[email protected]"],
"slack": "https://hooks.slack.com/services/...",
"teams": null
},
"created_at": "2024-12-15T14:22:00Z",
"updated_at": "2024-12-15T14:22:00Z",
"triggered_count": 0
}Retrieve account-level metrics including threat counts and alert statistics.
Example Request
curl -X GET "https://platform.adversemonitor.com/api/metrics" \
-H "Authorization: Bearer YOUR_API_KEY"Example Response
{
"total_threats": 83247,
"alerts_triggered": 156,
"alert_profiles_count": 3,
"threat_categories": {
"Ransomware": 42130,
"Data Breach": 28456,
"Initial Access": 8924,
"DDoS": 2156,
"Other": 1581
},
"countries_monitored": 92,
"last_threat_at": "2024-12-15T14:25:00Z",
"api_usage": {
"requests_today": 245,
"requests_this_month": 8932
}
}Error Codes
The API uses standard HTTP status codes. All error responses include a JSON body with details.
Invalid request parameters or malformed JSON body.
{"error": "Invalid category. Must be one of: Ransomware, Data Breach, Initial Access"}Missing or invalid API key. Check your Authorization header.
{"error": "Invalid API key. Please check your credentials."}API access not available for your plan. Upgrade to Professional or Enterprise.
{"error": "API access requires Professional or Enterprise plan"}Requested resource does not exist.
{"error": "Threat not found"}Rate limit exceeded. Check X-RateLimit-Reset header for retry time.
{"error": "Rate limit exceeded. Retry after 45 seconds."}Something went wrong on our end. Please try again or contact support.
{"error": "Internal server error. Please contact support."}Response Schemas
Common object structures used throughout the API.
Threat Object
{
"id": "string",
"title": "string",
"category": "string",
"country": "string",
"country_code": "string",
"threat_actor": "string",
"posted_at": "ISO 8601 datetime",
"severity": "critical | high | medium | low",
"excerpt": "string",
"content": "string (full endpoint only)",
"source_url": "string (full endpoint only)",
"evidence": ["array (full endpoint only)"],
"ai_analysis": {
"risk_level": "string",
"summary": "string",
"impact": "string",
"recommendations": ["array"]
}
}Alert Profile Object
{
"id": "string",
"name": "string",
"keywords": ["array of strings"],
"categories": ["array of strings"],
"notifications": {
"email": ["array of email addresses"],
"slack": "webhook URL or null",
"teams": "webhook URL or null"
},
"created_at": "ISO 8601 datetime",
"updated_at": "ISO 8601 datetime",
"triggered_count": "integer"
}Pagination Object
{
"total": "integer",
"limit": "integer",
"offset": "integer",
"has_more": "boolean"
}Need Help?
Our support team is here to help you integrate the AdverseMonitor API into your security workflows.