Overview
API Concepts Manage API Key
Internet Data
DNSIQ® WHOISIQ™ SSL Certificates Blacklist Lookup Host Attributes
Attack Analytics
Newly Observed Domains Newly Observed Hosts Malware Phishing Scam Content
Digital Footprint
Global Inventory API Global Inventory Schema
Coming Soon
Enrich
PassiveTotal
Actions Artifact Enrichment Exposed Services Monitor Project SSL Certificates Tag Artifact Trackers Host Attributes Passive DNS Whois Bulk Enrichment
Additional Resources
Workspace Management API
RiskIQ.com

Account

The Account endpoints allow you to see all the information related to your account.

 

What It Looks Like

Get Account

Read current account metadata and settings.

Curl Example

curl --header "Authorization: Basic $ENCODED_API_KEY" https://api.riskiq.net/pt/v2/account

Sample Response

{
    "username": "sim.gretina@example.org",
    "firstName": "Sim",
    "lastName": "Gretina",
    "fullName": "Sim Gretina",
    "organization": "gretina_org"
    "firstActive": "2016-12-02",
    "lastActive": "2017-04-10",
    "verified": "True",
    "suppliedOrganization": "gretina_org",
    "jobRole": "Other",
    "enterpriseUser": "True",
    "country": "united_states",
    "phoneNumber": "555 415 4155",
    "stateOrRegion": "california",
    "accountStatus": "enterprise",
    "user_id": "80f5a4f51a303ab4461731a67cde18e552b9d76961467f2a98a0f6974",
    "user_hash": "c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714",
    "event_code": null,
    "approvedSources": "alienvault, crawl, emerging_threats, farsight",
    "projectPrivateQuotaExceeded": false,
    "searchWebQuotaExceeded": false,
    "searchApiQuotaExceeded": false,
    "projectPublicQuotaExceeded": false,
    "admin": false,
    "ssoIntegrationId": null,
    "ssoAuthPartnerId": null,
    "ssoSuccess": true,
    "features": {
        "two_factor_enabled": true,
        "analyst_insights": false,
        "analyst_projects": false,
        "async_heatmap": true,
        "tab_update": true,
        "exposed_services": false,
        "data_table_improvement": true,
        "project_selector_v2": true,
        "whois_history": false,
        "server_side_facets": true,
        "projects_tabs": true,
        "projects_share": true,
        "data_table_paginated": true
    },
    "guest": false,
    "roles": [
        "user"
    ],
    "monitorFrequency": "weekly",
    "workspaceId": null,
    "permissions": []
}
			

Get History

Read API usage history of the account.

Curl Example

 # Retrieve account history
                
$ curl --header "Authorization: Basic $ENCODED_API_KEY" https://api.riskiq.net/pt/v2/account/history
# filter by source
$ curl --header "Authorization: Basic $ENCODED_API_KEY" https://api.riskiq.net/pt/v2/account/history?source=api
# filter by focus
$ curl --header "Authorization: Basic $ENCODED_API_KEY" https://api.riskiq.net/pt/v2/account/history?focus=riskiq.com
# filter by dt
$ curl --header "Authorization: Basic $ENCODED_API_KEY" https://api.riskiq.net/pt/v2/account/history?dt=2020-04-27 19:00:00

Parameters

Field Field Type Description
source (optional)String history type (api/ui), defaults to both
Allowed values: api, ui
dt (optional)String filter to this datetime
focus (optional)String filter by focus (domain, ip, etc)

Sample Response

{
    "history": [
        {
            "focus": "example.org",
            "dt": "2017-03-06 17:12:16",
            "context": "",
            "guid": null,
            "username": "sim.gretina@example.org",
            "source": "api",
            "type": "search"
        },
        {
            "focus": "simgretina.example.org",
            "dt": "2017-03-06 17:38:41",
            "context": "",
            "guid": null,
            "username": "sim.gretina@example.org",
            "source": "api",
            "type": "search"
        }
    ]
}
			

Get Monitors

Get active monitors

Curl Example

curl --header "Authorization: Basic $ENCODED_API_KEY" https://api.riskiq.net/pt/v2/account/monitors

Sample Response

{
    "monitors": [
        {
            "tags": [
                "caravan",
                "registered"
            ],
            "focus": "example.org"
        },
        {
            "tags": [
                "google",
                "routable",
                "dns"
            ],
            "focus": "8.8.8.8"
        }
    ]
}
			

Get Organization

Read current organization metadata

Curl Example

curl --header "Authorization: Basic $ENCODED_API_KEY" https://api.riskiq.net/pt/v2/account/organization

Sample Response

{
    "activeMembers": [
        "sim.gretina@example.org",
        "jamie.berry@example.org",
        "caravan.palace@example.org"
    ],
    "searchQuota": 9999,
    "seats": 150,
    "watchQuota": 368,
    "active": true,
    "id": "gretina_org",
    "registered": "2015-09-21 19:43:49",
    "status": "enterprise",
    "name": "gretina_org",
    "acceptableDomains": [
        "example.org"
    ],
    "inactiveMembers": [],
    "admins": [
        "sim.gretina@example.org"
    ],
    "lastActive": "2016-11-21 17:31:38",
    "seats": null,
    "features": null,
    "showTeamSearchHistory": null,
    "defaultDomains": null,
    "disabledMembers": null,
    "usersNotSignedUpYet": null,
    "hasFalconCreds": false,
    "sources": null
}
			

Get Quotas

Read current account and organization quotas.

Curl Example

curl --header "Authorization: Basic $ENCODED_API_KEY" https://api.riskiq.net/pt/v2/account/quota

Sample Response

{
    "organization": {
        "counts": {
            "basic_monitors": 0,
            "keyword_monitors": 0,
            "projects_private": 0,
            "projects_public": 0,
            "search_api": 0,
            "search_web": 0
        },
        "freebies": {
            "search_api": 0,
            "search_web": 0
        },
        "guid": "00000000-0000-0000-0000-000000000000",
        "last_reset": "0000-00-00 00:00:00",
        "limits": {
            "search_api": 15,
            "basic_monitors": 100,
            "monitor_results": 1,
            "projects_private": 1,
            "monitor_frequency": "weekly",
            "keyword_monitors": 1,
            "search_web": 200,
            "projects_public": 1000,
            "create_crawls": 0,
            "crawl_submissions": 0
        },
        "next_reset": "0000-00-00 00:00:00",
        "organization": "riskiq",
        "owner": "riskiq",
        "profile": {
            "analysis": "free",
            "workflow": "free"
        },
        "username": null
    },
    "user": {
        "counts": {
            "basic_monitors": 0,
            "keyword_monitors": 0,
            "projects_private": 0,
            "projects_public": 0,
            "search_api": 0,
            "search_web": 0
        },
        "freebies": {
            "search_api": 0,
            "search_web": 0
        },
        "guid": "00000000-0000-0000-0000-000000000000",
        "last_reset": "0000-00-00 00:00:00",
        "limits": {
            "search_api": 15,
            "basic_monitors": 100,
            "monitor_results": 1,
            "projects_private": 1,
            "monitor_frequency": "weekly",
            "keyword_monitors": 1,
            "search_web": 200,
            "projects_public": 1000,
            "create_crawls": 0,
            "crawl_submissions": 0
        },
        "next_reset": "0000-00-00 00:00:00",
        "organization": "riskiq",
        "owner": "username@example.com",
        "profile": {
            "analysis": "small",
            "workflow": "small"
        },
        "quotas": {
            "account_type": "enterprise"
        },
        "username": "username@example.com"
    }
}
			

Get Sources

Check sources being used for queries.

Curl Example

 # get all sources
                
$ curl --header "Authorization: Basic $ENCODED_API_KEY" https://api.riskiq.net/pt/v2/account/sources
# get virustotal source as url parameter
$ curl --header "Authorization: Basic $ENCODED_API_KEY" https://api.riskiq.net/pt/v2/account/sources?source=virustotal

Parameters

Field Field Type Description
source (optional)String the source to filter on

Sample Response

{
  "sources": [
    {
        "authRequired": false,
        "authMethod": {
            "apiKey": ""
        },
        "active": true,
        "website": "https://www.alienvault.com",
        "auth": true,
        "description": "Alienvault provides free access to their passive DNS        and OTX platform for registered users.",
        "source": "alienvault",
        "label": "Alienvault",
        "configuration": {},
        "controllable": true,
        "type": [
            "pdns"
        ],
        "access": [
            "free",
            "commercial"
        ],
        "org_configuration": null
    },
    ...
    {
        "authRequired": false,
        "authMethod": {
            "apiKey": ""
        },
        "active": true,
        "website": "https://www.virustotal.com/",
        "auth": true,
        "description": "",
        "source": "virustotal",
        "label": "Virustotal",
        "configuration": {},
        "controllable": true,
        "type": [
            "pdns"
        ],
        "access": [
            "free",
            "commercial"
        ],
        "org_configuration": null
    }
  ]
}
			

Get Teamstream

Read team activity.

Curl Example

 # Retrieve all history (might take a while)
                
$ curl --header "Authorization: Basic $ENCODED_API_KEY" https://api.riskiq.net/pt/v2/account/organization/teamstream
# filter by focus
$ curl --header "Authorization: Basic $ENCODED_API_KEY" https://api.riskiq.net/pt/v2/account/organization/teamstream?focus=example.org

Parameters

Field Field Type Description
source (optional)String filter to this source (api/ui), defaults to both
Allowed values: api, ui
dt (optional)Datetime filter to this datetime
focus (optional)String filter by focus (domain, ip, etc)

Sample Response

{
  "teamstream": [
    {
        "focus": "example.org",
        "dt": "2016-08-24 18:40:06",
        "context": 3075,
        "guid": null,
        "username": "caravan.palace@example.org",
        "additional": {},
        "source": "web",
        "type": "search"
    },
    ...
    {
        "focus": "electro.example.org",
        "dt": "2016-08-24 18:40:06",
        "context": 3075,
        "guid": null,
        "username": "jamie.berry@example.org",
        "additional": {},
        "source": "web",
        "type": "search"
    }
  ]
}
			

Get items with the specified classification

Retrieve items with the specified classification.

Curl Example

 # Retrieve all classification
                
$ curl --header "Authorization: Basic $ENCODED_API_KEY" https://api.riskiq.net/pt/v2/account/classifications
# filter by classification
$ curl --header "Authorization: Basic $ENCODED_API_KEY" https://api.riskiq.net/pt/v2/account/classifications?classification=malicious
# filter by query and classification
$ curl --header "Authorization: Basic $ENCODED_API_KEY" https://api.riskiq.net/pt/v2/account/classifications?classification=malicious&query=192.65.247.0
# filter by queries
$ curl --header "Authorization: Basic $ENCODED_API_KEY" https://api.riskiq.net/pt/v2/account/classifications?queries=192.65.247.0,109.236.35.40

Parameters

Field Field Type Description
classification (optional)String classification for which to retrieve items for.
Allowed values: malicious, non_malicious, suspicious
query (optional)String filter by query (domain, ip)
queries (optional)String[] classification for which to retrieve items for

Sample Response

{
    "malicious": [],
    "non_malicious": [
        "109.230.11.40"
    ],
    "suspicious": []
}