Overview
API Concepts Manage API Key
Internet Data
DNSIQ® WHOISIQ™ SSL Certificates Blacklist Lookup Host Attributes
Attack Analytics
Newly Observed Domains Newly Observed Hosts Malware Phishing Scam Content
Digital Footprint
Global Inventory API Global Inventory Schema
Coming Soon
Enrich
PassiveTotal
Getting Started Actions Artifact Articles Data Card Enrichment Services Monitor Project SSL Certificates Tag Artifact Trackers Host Attributes Cookies Components Passive DNS Whois Bulk Enrichment
Additional Resources
Workspace Management API
RiskIQ.com

Account

The Account endpoints allow you to see all the information related to your account.

 

What It Looks Like

Get Account

Read current account metadata and settings.

Curl Example

$ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account

Response

{
    "username": "sim.gretina@example.org",
    "firstName": "Sim",
    "lastName": "Gretina",
    "fullName": "Sim Gretina",
    "organization": "gretina_org"
    "firstActive": "2016-12-02",
    "lastActive": "2017-04-10",
    "verified": "True",
    "suppliedOrganization": "gretina_org",
    "jobRole": "Other",
    "enterpriseUser": "True",
    "country": "united_states",
    "phoneNumber": "555 415 4155",
    "stateOrRegion": "california",
    "accountStatus": "enterprise",
    "user_id": "80f5a4f51a303ab4461731a67cde18e552b9d76961467f2a98a0f6974",
    "user_hash": "c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714",
    "event_code": null,
    "approvedSources": "alienvault, crawl, emerging_threats, farsight",
    "projectPrivateQuotaExceeded": false,
    "searchWebQuotaExceeded": false,
    "searchApiQuotaExceeded": false,
    "projectPublicQuotaExceeded": false,
    "admin": false,
    "ssoIntegrationId": null,
    "ssoAuthPartnerId": null,
    "ssoSuccess": true,
    "features": {
        "two_factor_enabled": true,
        "analyst_insights": false,
        "analyst_projects": false,
        "async_heatmap": true,
        "tab_update": true,
        "exposed_services": false,
        "data_table_improvement": true,
        "project_selector_v2": true,
        "whois_history": false,
        "server_side_facets": true,
        "projects_tabs": true,
        "projects_share": true,
        "data_table_paginated": true
    },
    "guest": false,
    "roles": [
        "user"
    ],
    "monitorFrequency": "weekly",
    "workspaceId": null,
    "permissions": []
}
			

Get History

Read API usage history of the account.

Curl Example

# Retrieve account history
$ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account/history
# filter by source
$ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account/history?source=api
# filter by focus
$ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account/history?focus=riskiq.com
# filter by dt
$ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account/history?dt=2020-04-27
            

Response

{
    "history": [
        {
            "focus": "example.org",
            "dt": "2017-03-06 17:12:16",
            "context": "",
            "guid": null,
            "username": "sim.gretina@example.org",
            "source": "api",
            "type": "search"
        },
        {
            "focus": "simgretina.example.org",
            "dt": "2017-03-06 17:38:41",
            "context": "",
            "guid": null,
            "username": "sim.gretina@example.org",
            "source": "api",
            "type": "search"
        }
    ]
}
			

Get Monitors

Get active monitors

Curl Example

$ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account/monitors

Response

{
    "monitors": [
        {
            "tags": [
                "caravan",
                "registered"
            ],
            "focus": "example.org"
        },
        {
            "tags": [
                "google",
                "routable",
                "dns"
            ],
            "focus": "8.8.8.8"
        }
    ]
}
			

Get Organization

Read current organization metadata

Curl Example

$ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account/organization

Response

{
    "activeMembers": [
        "sim.gretina@example.org",
        "jamie.berry@example.org",
        "caravan.palace@example.org"
    ],
    "searchQuota": 9999,
    "seats": 150,
    "watchQuota": 368,
    "active": true,
    "id": "gretina_org",
    "registered": "2015-09-21 19:43:49",
    "status": "enterprise",
    "name": "gretina_org",
    "acceptableDomains": [
        "example.org"
    ],
    "inactiveMembers": [],
    "admins": [
        "sim.gretina@example.org"
    ],
    "lastActive": "2016-11-21 17:31:38",
    "seats": null,
    "features": null,
    "showTeamSearchHistory": null,
    "defaultDomains": null,
    "disabledMembers": null,
    "usersNotSignedUpYet": null,
    "hasFalconCreds": false,
    "sources": null
}
			

Get Quotas

Read current account and organization quotas.

Curl Example

$ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account/quota

Response

{
    "organization": {
        "counts": {
            "basic_monitors": 0,
            "keyword_monitors": 0,
            "projects_private": 0,
            "projects_public": 0,
            "search_api": 0,
            "search_web": 0
        },
        "freebies": {
            "search_api": 0,
            "search_web": 0
        },
        "guid": "00000000-0000-0000-0000-000000000000",
        "last_reset": "0000-00-00 00:00:00",
        "limits": {
            "search_api": 15,
            "basic_monitors": 100,
            "monitor_results": 1,
            "projects_private": 1,
            "monitor_frequency": "weekly",
            "keyword_monitors": 1,
            "search_web": 200,
            "projects_public": 1000,
            "create_crawls": 0,
            "crawl_submissions": 0
        },
        "next_reset": "0000-00-00 00:00:00",
        "organization": "riskiq",
        "owner": "riskiq",
        "profile": {
            "analysis": "free",
            "workflow": "free"
        },
        "username": null
    },
    "user": {
        "counts": {
            "basic_monitors": 0,
            "keyword_monitors": 0,
            "projects_private": 0,
            "projects_public": 0,
            "search_api": 0,
            "search_web": 0
        },
        "freebies": {
            "search_api": 0,
            "search_web": 0
        },
        "guid": "00000000-0000-0000-0000-000000000000",
        "last_reset": "0000-00-00 00:00:00",
        "limits": {
            "search_api": 15,
            "basic_monitors": 100,
            "monitor_results": 1,
            "projects_private": 1,
            "monitor_frequency": "weekly",
            "keyword_monitors": 1,
            "search_web": 200,
            "projects_public": 1000,
            "create_crawls": 0,
            "crawl_submissions": 0
        },
        "next_reset": "0000-00-00 00:00:00",
        "organization": "riskiq",
        "owner": "username@example.com",
        "profile": {
            "analysis": "small",
            "workflow": "small"
        },
        "quotas": {
            "account_type": "enterprise"
        },
        "username": "username@example.com"
    }
}
			

Get Sources

Check sources being used for queries.

Curl Example

 
# get all sources
$ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account/sources
# get virustotal source as url parameter
$ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account/sources?source=virustotal
			

Response

{
  "sources": [
    {
        "authRequired": false,
        "authMethod": {
            "apiKey": ""
        },
        "active": true,
        "website": "https://www.alienvault.com",
        "auth": true,
        "description": "Alienvault provides free access to their passive DNS        and OTX platform for registered users.",
        "source": "alienvault",
        "label": "Alienvault",
        "configuration": {},
        "controllable": true,
        "type": [
            "pdns"
        ],
        "access": [
            "free",
            "commercial"
        ],
        "org_configuration": null
    },
    ...
    {
        "authRequired": false,
        "authMethod": {
            "apiKey": ""
        },
        "active": true,
        "website": "https://www.virustotal.com/",
        "auth": true,
        "description": "",
        "source": "virustotal",
        "label": "Virustotal",
        "configuration": {},
        "controllable": true,
        "type": [
            "pdns"
        ],
        "access": [
            "free",
            "commercial"
        ],
        "org_configuration": null
    }
  ]
}
			

Get Teamstream

Read team activity.

Curl Example

# Retrieve all history (might take a while)
$ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account/organization/teamstream
# filter by focus
$ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account/organization/teamstream?focus=example.org
			

Response

{
  "teamstream": [
    {
        "focus": "example.org",
        "dt": "2016-08-24 18:40:06",
        "context": 3075,
        "guid": null,
        "username": "caravan.palace@example.org",
        "additional": {},
        "source": "web",
        "type": "search"
    },
    ...
    {
        "focus": "electro.example.org",
        "dt": "2016-08-24 18:40:06",
        "context": 3075,
        "guid": null,
        "username": "jamie.berry@example.org",
        "additional": {},
        "source": "web",
        "type": "search"
    }
  ]
}
			

Get items with the specified classification

Retrieve items with the specified classification.

Curl Example

# Retrieve all classification
$ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account/classifications
# filter by classification
$ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account/classifications?classification=malicious
            

Response

{
    "malicious": [],
    "non_malicious": [
        "109.230.11.40"
    ],
    "suspicious": []
}