Introduction
Welcome to the CurrentThreat API! The CurrentThreat API is provided free of charge for non-commercial and commercial use. Access to the API is granted at the sole discretion of TekFive and may be subject to limitations, including but not limited to rate limits, request quotas, and other usage restrictions. CurrentThreat strives to provide accurate and up-to-date threat intelligence data through the API. However, the accuracy and availability of the data are not guaranteed. TekFive reserves the right to update, modify, or remove any data or features from the API without prior notice.
This example API documentation page was created with Slate.
Authentication
To authenticate with the CurrentThreat API, include the Bearer token in the HTTP request header as follows:
Authorization: Bearer YOUR_ACCESS_TOKEN
Replace YOUR_ACCESS_TOKEN with the token generated from your CurrentThreat user profile. Below is an example of how to use the Bearer token to authenticate and make a sample API request:
GET /api/malware HTTP/1.1
Host: currentthreat.com
Authorization: Bearer YOUR_ACCESS_TOKEN
Pagination
The CurrentThreat API utilizes pagination to efficiently handle large datasets. Responses that return multiple items, such as lists of malware packages, are paginated using a combination of metadata and data elements. This approach ensures that API clients can easily navigate through the results and retrieve the data in manageable chunks.
Metadata
A paged API response includes metadata that provides information about the pagination details. This metadata is found at the root of JSON response body. Key elements in the metadata include:
- page: Indicates the current page number of the response. This value is zero-indexed (i.e. the first page is "0").
- pageSize: The maximum number of data items included in a page. This value is set by CurrentThreat and cannot be overridden by the caller.
- totalPages: The total number of pages available for the given query.
Data
The data property in the API is an array that contains the actual content for the current page of results. The structure of the objects in this array depends on the API endpoint being called.
Example API Response
Here's an example of how pagination is structured in the API response:
{
"metadata": {
"page": 0,
"pageSize": 2,
"totalPages": 10
},
"data": [
{
"id": 0,
"name": "Data Item 1"
},
{
"id": 1,
"name": "Data Item 2"
}
]
}
Navigating Through Pages
To access subsequent pages of the dataset, you can add a page parameter to any paged response API endpoint.
GET /malware?page=2 HTTP/1.1
Host: currentthreat.com
Authorization: Bearer YOUR_ACCESS_TOKEN
Malware
Get All Malware Packages
curl "https://currentthreat.com/api/malware" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
The above command returns JSON structured like this:
{
"metadata": {
"page": 0,
"pageSize": 100,
"totalPages": 2
},
"data": [
{
"id": 1011,
"type": "pypi",
"name": "zure-mgmt-containerregistry",
"description": "More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.",
"trackedAt": 1689770205841,
"malwareReportUrls": [
"https://blog.sonatype.com/more-than-200-cryptominers-flood-npm-and-pypi-registry"
]
},
{
"id": 1010,
"type": "pypi",
"name": "zure-mgmt-authorization",
"description": "More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.",
"trackedAt": 1689770205840,
"malwareReportUrls": [
"https://blog.sonatype.com/more-than-200-cryptominers-flood-npm-and-pypi-registry"
]
}
]
}
This endpoint retrieves all malware packages.
HTTP Request
GET https://currentthreat.com/api/malware
Query Parameters
| Parameter | Default | Description |
|---|---|---|
| type | null | The malware package type used to filter results. Must be one of npm, maven, pypi, composer, golang or nuget. This parameter can be repeated. |
| name | null | The malwarepackage name used to filter results. |
| author | null | The malware package author used to filter results. |
| page | 0 | The page index to return. |
Malware Package Response Structure
The malware packages returned from this endpoint contain the following fields. * id - The unique, CurrentThreat specific identifier for this malware package. * type - The package type for this malware. One of the following. * npm * maven * pypi * composer * golang * nuget * name - The malware package name. * version - An optional array of versions identified for this malware package. * trackedAt - The timestamp in milliseconds from the Epoch when this malware package was added to CurrentThreat. * malwareReportUrls - An array of URLs of webpages that identified this package as malware.
Errors
The CurrentThreat API uses the following error codes:
| Error Code | Meaning |
|---|---|
| 400 | Bad Request -- Your request is invalid. |
| 401 | Unauthorized -- Your API key is wrong. |
| 403 | Forbidden -- Your user account has been deactivated. |
| 404 | Not Found -- The API endpoint being requested does not exists. |
| 429 | Too Many Requests -- You're making too many API calls. |
| 500 | Internal Server Error -- We had a problem with our server. Try again later. |
| 503 | Service Unavailable -- We're temporarily offline for maintenance. Please try again later. |