B2B Threat Feed API
For authenticated corporate systems — SOAR, SOC automation, custom integrations.
Authentication
Every request needs a Bearer API key issued from your tenant portal (IT Admin or higher):
Authorization: Bearer csk_...
Keys are tenant-scoped. Issue one from [your-company].shield.cysense.com under
"B2B API Keys" — the raw key is shown exactly once at issuance.
Search an indicator
GET /v1/feed/search?q=evil.com Authorization: Bearer csk_...
Response:
{
"found": true,
"indicator": {
"id": "ind1",
"indicator_type": "domain",
"threat_classification": "phishing",
"confidence_score": 0.95,
"last_seen_at": 1700000000000
}
}
Unlike the public homepage search, this route does not require a Turnstile challenge.
Rate limits
Each key has a per-minute request cap set at issuance (default 60/min). Exceeding it returns:
HTTP 429
{ "error": "rate_limit_exceeded" }
Errors
| Status | Meaning |
|---|---|
| 401 | Missing, malformed, or inactive API key |
| 429 | Rate limit exceeded for this key |
| 400 | q parameter missing |