Detectify API (3.0.0)

Download OpenAPI specification:Download

Detectify: support@detectify.com URL: https://api.detectify.com

This page contains the documentation for the Detectify API V3 accessible at https://api.detectify.com/rest/v3

Authentication

All requests must be authenticated using an API key generated specifically for the V3 API on the API-keys page.

Using the Authorization HTTP header:

GET /rest/v3/ips HTTP/1.1
Host: api.detectify.com
Authorization: a47a82f1-7b6e-4562-8529-ff0b1e908a5b

IP Addresses

Returns all IP Addresses

This query returns all the IP addresses which have been discovered on your attack surface. The returned informations contains information about the IP such as what domain and asset it is connected to, when it was first seen, as well as metadata such as geolocation and ASN details.

Authorizations:

api-key

query Parameters

cursor	string Next cursor value to continue the pagination. This value is optional and the query will start from the first page if left blank.
limit	integer <int32> >= 1 Example: limit=20 This value will be used to determine the amount of items to be returned for each request.
first_seen_before	string <date-time> Example: first_seen_before=2023-09-18T12:12:00Z All IP addresses first seen before the given timestamp (exclusive). The timestamp is in the ISO 8601 format. The Date and time are separated by the "T" literal, and the Time and Timezone are separated by the "+" literal. For UTC time, you should simply use "Z" as the suffix, for other cases use URL encoding for the "+" literal.
first_seen_after	string <date-time> Example: first_seen_after=2023-09-18T12:12:00Z All IP addresses first seen after the given timestamp (exclusive). The timestamp is in the ISO 8601 format. The Date and time are separated by the "T" literal, and the Time and Timezone are separated by the "+" literal. For UTC time, you should simply use "Z" as the suffix, for other cases use URL encoding for the "+" literal.
disappeared_before	string <date-time> Example: disappeared_before=2023-09-18T12:12:00Z All IP addresses which disappeared before the given timestamp (exclusive). The timestamp is in the ISO 8601 format. The Date and time are separated by the "T" literal, and the Time and Timezone are separated by the "+" literal. For UTC time, you should simply use "Z" as the suffix, for other cases use URL encoding for the "+" literal.
disappeared_after	string <date-time> Example: disappeared_after=2023-09-18T12:12:00Z All IP addresses which disappeared after the given timestamp (exclusive). The timestamp is in the ISO 8601 format. The Date and time are separated by the "T" literal, and the Time and Timezone are separated by the "+" literal. For UTC time, you should simply use "Z" as the suffix, for other cases use URL encoding for the "+" literal.

Responses

Response samples

200
400
default

Content type

application/json

{"items": [{"id": "0b14fd3e-9c30-4038-9d78-b5e7d992dc01",
"ip_address": "127.0.0.1",
"active": true,
"enriched": true,
"domain_name": "example.com",
"asset_id": "5605b488634efe810dff4276e28ca7f9",
"team_id": "0e54921c386c666710134a5deecdbfe4",
"ip_version": "IPv4",
"first_seen_at": "2019-08-24T14:15:22Z",
"disappeared_at": "2019-08-24T14:15:22Z",
"autonomous_system": {"name": "EDGECAST",
"domain": "example.com",
"number": 15133
},
"geolocation": {"continent": "NA",
"continent_name": "North America",
"country": "US",
"country_name": "United States"
}
}
],
"pagination": {"self": "https://api.detectify.com/rest/v3/<path>",
"first": "https://api.detectify.com/rest/v3/<path>",
"next": "https://api.detectify.com/rest/v3/<path>?cursor=2b0b2ccb-b228-42ee-a7ae-03971489ed54"
}
}

Technology

Returns all technologies

This query returns all discovered technologies on your attack surface.

Authorizations:

api-key

query Parameters

cursor	string Next cursor value to continue the pagination. This value is optional and the query will start from the first page if left blank.
limit	integer <int32> >= 1 Example: limit=20 This value will be used to determine the amount of items to be returned for each request.
first_seen_before	string <date-time> Example: first_seen_before=2023-09-18T12:12:00Z All techs first seen before the given timestamp (exclusive). The timestamp is in the ISO 8601 format. The Date and time are separated by the "T" literal, and the Time and Timezone are separated by the "+" literal. For UTC time, you should simply use "Z" as the suffix, for other cases use URL encoding for the "+" literal.
first_seen_after	string <date-time> Example: first_seen_after=2023-09-18T12:12:00Z All techs first seen after the given timestamp (exclusive). The timestamp is in the ISO 8601 format. The Date and time are separated by the "T" literal, and the Time and Timezone are separated by the "+" literal. For UTC time, you should simply use "Z" as the suffix, for other cases use URL encoding for the "+" literal.
disappeared_before	string <date-time> Example: disappeared_before=2023-09-18T12:12:00Z All techs which disappeared before the given timestamp (exclusive). The timestamp is in the ISO 8601 format. The Date and time are separated by the "T" literal, and the Time and Timezone are separated by the "+" literal. For UTC time, you should simply use "Z" as the suffix, for other cases use URL encoding for the "+" literal.
disappeared_after	string <date-time> Example: disappeared_after=2023-09-18T12:12:00Z All techs which disappeared after the given timestamp (exclusive). The timestamp is in the ISO 8601 format. The Date and time are separated by the "T" literal, and the Time and Timezone are separated by the "+" literal. For UTC time, you should simply use "Z" as the suffix, for other cases use URL encoding for the "+" literal.

Responses

Response samples

200
400
default

Content type

application/json

{"items": [{"id": "0b14fd3e-9c30-4038-9d78-b5e7d992dc01",
"asset_id": "5605b488634efe810dff4276e28ca7f9",
"team_id": "0e54921c386c666710134a5deecdbfe4",
"domain_name": "example.com",
"service_protocol": "https",
"port": 443,
"name": "nginx",
"version": "1.25.2",
"categories": ["Web servers",
"Reverse proxies"
],
"active": true,
"first_seen_at": "2019-08-24T14:15:22Z",
"disappeared_at": "2019-08-24T14:15:22Z"
}
],
"pagination": {"self": "https://api.detectify.com/rest/v3/<path>",
"first": "https://api.detectify.com/rest/v3/<path>",
"next": "https://api.detectify.com/rest/v3/<path>?cursor=2b0b2ccb-b228-42ee-a7ae-03971489ed54"
}
}

Ports

Returns all ports

This query returns all discovered ports on your attack surface, including information to which IP and asset it was discovered on.

Authorizations:

api-key

query Parameters

cursor	string Next cursor value to continue the pagination. This value is optional and the query will start from the first page if left blank.
limit	integer <int32> >= 1 Example: limit=20 This value will be used to determine the amount of items to be returned for each request.
first_seen_before	string <date-time> Example: first_seen_before=2023-09-18T12:12:00Z All ports first seen with open status before the given timestamp (exclusive). The timestamp is in the ISO 8601 format. The Date and time are separated by the "T" literal, and the Time and Timezone are separated by the "+" literal. For UTC time, you should simply use "Z" as the suffix, for other cases use URL encoding for the "+" literal.
first_seen_after	string <date-time> Example: first_seen_after=2023-09-18T12:12:00Z All ports first seen with open status after the given timestamp (exclusive). The timestamp is in the ISO 8601 format. The Date and time are separated by the "T" literal, and the Time and Timezone are separated by the "+" literal. For UTC time, you should simply use "Z" as the suffix, for other cases use URL encoding for the "+" literal.
disappeared_before	string <date-time> Example: disappeared_before=2023-09-18T12:12:00Z All ports which disappeared before the given timestamp (exclusive). The timestamp is in the ISO 8601 format. The Date and time are separated by the "T" literal, and the Time and Timezone are separated by the "+" literal. For UTC time, you should simply use "Z" as the suffix, for other cases use URL encoding for the "+" literal.
disappeared_after	string <date-time> Example: disappeared_after=2023-09-18T12:12:00Z All ports which disappeared after the given timestamp (exclusive). The timestamp is in the ISO 8601 format. The Date and time are separated by the "T" literal, and the Time and Timezone are separated by the "+" literal. For UTC time, you should simply use "Z" as the suffix, for other cases use URL encoding for the "+" literal.
status	Array of strings Example: status=OPEN,CLOSED,FILTERED Return only ports having any of the listed statuses.
port	Array of integers <int32> [ items <int32 > [ 0 .. 65535 ] ] Example: port=80,443 Return only port numbers from the supplied list.

Responses

Response samples

200
400
default

Content type

application/json

{"items": [{"id": "0b14fd3e-9c30-4038-9d78-b5e7d992dc01",
"team_id": "0e54921c386c666710134a5deecdbfe4",
"asset_id": "5605b488634efe810dff4276e28ca7f9",
"domain_name": "example.com",
"ip_address": "127.0.0.1",
"port": 443,
"status": "OPEN",
"first_seen_at": "2019-08-24T14:15:22Z",
"disappeared_at": "2019-08-24T14:15:22Z"
}
],
"pagination": {"self": "https://api.detectify.com/rest/v3/<path>",
"first": "https://api.detectify.com/rest/v3/<path>",
"next": "https://api.detectify.com/rest/v3/<path>?cursor=2b0b2ccb-b228-42ee-a7ae-03971489ed54"
}
}

Breaches

Returns all breaches

This query returns all policy breaches which have been detected on your assets.

Authorizations:

api-key

query Parameters

cursor	string Next cursor value to continue the pagination. This value is optional and the query will start from the first page if left blank.
limit	integer <int32> >= 1 Example: limit=20 This value will be used to determine the amount of items to be returned for each request.
first_seen_before	string <date-time> Example: first_seen_before=2023-09-18T12:12:00Z All breaches first seen with new status before the given timestamp (exclusive). The timestamp is in the ISO 8601 format. The Date and time are separated by the "T" literal, and the Time and Timezone are separated by the "+" literal. For UTC time, you should simply use "Z" as the suffix, for other cases use URL encoding for the "+" literal.
first_seen_after	string <date-time> Example: first_seen_after=2023-09-18T12:12:00Z All breaches first seen with new status after the given timestamp (exclusive). The timestamp is in the ISO 8601 format. The Date and time are separated by the "T" literal, and the Time and Timezone are separated by the "+" literal. For UTC time, you should simply use "Z" as the suffix, for other cases use URL encoding for the "+" literal.
disappeared_before	string <date-time> Example: disappeared_before=2023-09-18T12:12:00Z All breaches which disappeared before the given timestamp (exclusive). The timestamp is in the ISO 8601 format. The Date and time are separated by the "T" literal, and the Time and Timezone are separated by the "+" literal. For UTC time, you should simply use "Z" as the suffix, for other cases use URL encoding for the "+" literal.
disappeared_after	string <date-time> Example: disappeared_after=2023-09-18T12:12:00Z All breaches which disappeared after the given timestamp (exclusive). The timestamp is in the ISO 8601 format. The Date and time are separated by the "T" literal, and the Time and Timezone are separated by the "+" literal. For UTC time, you should simply use "Z" as the suffix, for other cases use URL encoding for the "+" literal.
status_updated_before	string <date-time> Example: status_updated_before=2023-09-18T12:12:00Z All breaches where status last updated before the given timestamp (exclusive). The timestamp is in the ISO 8601 format. The Date and time are separated by the "T" literal, and the Time and Timezone are separated by the "+" literal. For UTC time, you should simply use "Z" as the suffix, for other cases use URL encoding for the "+" literal.
status_updated_after	string <date-time> Example: status_updated_after=2023-09-18T12:12:00Z All breaches where status last updated after the given timestamp (exclusive). The timestamp is in the ISO 8601 format. The Date and time are separated by the "T" literal, and the Time and Timezone are separated by the "+" literal. For UTC time, you should simply use "Z" as the suffix, for other cases use URL encoding for the "+" literal.

Responses

Response samples

200
400
default

Content type

application/json

{"items": [{"id": "0b14fd3e-9c30-4038-9d78-b5e7d992dc01",
"policy_id": "0b14fd3e-9c30-4038-9d78-b5e7d992dc01",
"policy_name": "My Policy",
"asset_id": "5605b488634efe810dff4276e28ca7",
"asset_name": "example.com",
"severity": "INFO",
"active": true,
"status": "NEW",
"status_updated_at": "2019-08-24T14:15:22Z",
"first_seen_at": "2019-08-24T14:15:22Z",
"disappeared_at": "2019-08-24T14:15:22Z"
}
],
"pagination": {"self": "https://api.detectify.com/rest/v3/<path>",
"first": "https://api.detectify.com/rest/v3/<path>",
"next": "https://api.detectify.com/rest/v3/<path>?cursor=2b0b2ccb-b228-42ee-a7ae-03971489ed54"
}
}

Connectors

Returns all connectors.

Returns all connectors owned by the supplied teams as specified by their tokens.

query Parameters

cursor	string Next cursor value to continue the pagination. This value is optional and the query will start from the first page if left blank.
limit	integer <int32> >= 1 Example: limit=20 This value will be used to determine the amount of items to be returned for each request.

Responses

Response samples

200
400
default

Content type

application/json

{"items": [{"id": "0b14fd3e-9c30-4038-9d78-b5e7d992dc01",
"name": "detectify-aws-connector",
"team_token": "5605b488634efe810dff4276e28ca7f9",
"last_run": {"status": "SUCCESS",
"error": "Invalid credentials: Make sure the access keys are active",
"completed_at": "2023-09-18T12:12:00Z"
},
"provider": "AWS_ROLE_BASED",
"created_at": "2023-09-18T12:12:00Z",
"updated_at": "2023-09-18T12:12:00Z"
}
],
"pagination": {"self": "https://api.detectify.com/rest/v3/<path>",
"first": "https://api.detectify.com/rest/v3/<path>",
"next": "https://api.detectify.com/rest/v3/<path>?cursor=2b0b2ccb-b228-42ee-a7ae-03971489ed54"
}
}