Idappcom API v1

Application Programming Interface v1

Idappcom provides a simple REST API for customers to be able to programmatically access our database of threat traffic, traffic files, and SNORT security rules as a set of JSON formatted responses. Our API follows some of the conventions as suggested in the JSON:API specification.

An idappcom website user account with one or more appropriate active product subscriptions is required to be able to use this API. For more information, please contact us.

Base URL

All API v1 requests must be made via HTTPS and use the base URL of:

https://www.idappcom.com/api/v1/

Authentication

Authentication is required for all API resource requests, and should primarily be accomplished using HTTP Basic Auth (where your credentials are passed in the HTTP headers). For example, this can be done at the commandline using curl:

curl -u "APIKEY:" https://www.idappcom.com/api/v1/
curl -u "USERNAME:PASSWORD" https://www.idappcom.com/api/v1/

Please note that the colon ':' that follows the APIKEY is required. To assist with development and testing, JSON responses may be more easily viewed by supplying your username and password via your browser's 'authentication required' dialog, or passed as an 'auth' parameter in the URI:

https://www.idappcom.com/api/v1/?auth=APIKEY:
https://www.idappcom.com/api/v1/?auth=USERNAME:PASSWORD

Although both methods work for convenience, we recommend that you only use the API Key in production environments because it will help to keep your website account's Username and Password secure by preventing them from appearing in your configuration files in clear text.

Incorrect access credentials will return a HTTP 401 "Authorization Required" response.

API Rate Limit

To prevent excessive load on our servers, there is a burst limit of 60 API requests per minute. Calls in excess of this limit will be answered with a HTTP 429 "Too Many Requests" response code, therefore it is recommended to introduce a delay of one second between calls. Accounts may be suspended for repeat offenders.

API Resources

Test Request

Returns a simple list of all the available resources. Use this resource to confirm that your authorisation details are correct.

As with other requests in this API, you will get the full 'self' link in the response to confirm which resource, arguments and parameters the server thinks are actually being requested, plus additional other 'meta' values to assist with debugging, such as the Request Method and Execution Time.

Request:

GET /

Parameters:
none

Response:
A 200 OK response with JSON list of resources:

{
  "links": {
    "self": "https://www.idappcom.com/api/v1/"
  },
  "data": {
    "type": "resources",
    "id": "",
    "resources": {
      "GET /": "this list of resources",
      "GET /user": "information about your user account",
      "GET /latest": "the latest UpdatedDate for both IQIDs and SIDs",
      "GET /iqids": "list of all published IQIDs",
      "GET /iqids?from={yyyy-mm-dd}": "list of IQIDs updated since the specified date",
      "GET /iqids/{iqid_number}": "information about an individual IQID",
      "GET /iqids/{iqid_number}/kar": "Base64 encoded .KAR traffic file",
      "GET /sids": "list of all valid SIDs",
      "GET /sids?from={yyyy-mm-dd}": "list of SIDs updated since the specified date",
      "GET /sids/{sid_number}": "information about an individual SID"
    }
  },
  "meta": {
    "requestmethod": "GET",
    "resource": "",
    "arguments": [
      ""
    ],
    "exe_time": 0.01418304443359375
  }
}
		

User Info

Returns information about the user's website account, login counts, and service expiry dates.

Request:

GET /user

Parameters:
none

Response:
A 200 OK response with JSON listing user information:

{
  "links": {
    "self": "https://www.idappcom.com/api/v1/user"
  },
  "data": {
    "type": "user",
    "id": "",
    "user": {
      "UserName": "sample_username",
      "FullName": "Sam Pleuser",
      "CompanyName": "company ltd",
      "Email": "sales@idappcom.com",
      "UpdatesExpiry": "2019-12-31T00:00:00+00:00",
      "hasUpdates": true,
      "RulesExpiry": "2019-12-31T00:00:00+00:00",
      "hasRules": true,
      "RulesCode": "{RULES_CODE}",
      "ETProExpiry": "2019-12-31T00:00:00+00:00",
      "hasETPro": true,
      "LoginCount": "100",
      "FailedLogins": "0"
    }
  },
  "meta": {
    "requestmethod": "GET",
    "resource": "user",
    "arguments": [
      "user"
    ],
    "exe_time": 0.020216941833496094
  }
}
		

Latest UpdatedDates

Returns two dates for both the most recent threat reference IQID, and the most recent rule reference SID. Call this resource daily to determine if your copy of our database needs to be re-syncronised.

It is recommended that you store the UpdatedDate for each threat (IQID) or rule (SID) and then compare your database's most recent dates with the dates returned from this resource. If the dates of your most recent IQID or SID do not match, then use the Live Threat Database (/iqids?from={YYYY-MM-DD}) and Live Rules Database (/sids?from={YYYY-MM-DD}) resources below, passing your most recent date for each as the 'from' parameter, to obtain the list of new or updated IQIDs and SIDs that you require.

Request:

GET /latest

Parameters:
none

Response:
A 200 OK response with JSON listing two dates:

{
  "links": {
    "self": "https://www.idappcom.com/api/v1/latest"
  },
  "data": {
    "type": "latest",
    "id": "",
    "latest": {
      "iqids": "2019-11-22T15:08:40+00:00",
      "sids": "2019-11-22T13:33:05+00:00"
    }
  },
  "meta": {
    "requestmethod": "GET",
    "resource": "latest",
    "arguments": [
      "latest"
    ],
    "exe_time": 0.198868989944458
  }
}
		

Live Threat Database

Returns a list of our IQID threat reference numbers from our live database, either for the entire database or for a date limited subset.

Use this resource initially to download the whole list, and then periodically to obtain new and updated entries since your last download. We rarely delete entries, but these could be determined by comparing a new full download with your existing list.

Requests:

GET /iqids
GET /iqids?from={YYYY-MM-DD}

Parameter:

?from={YYYY-MM-DD}

Optional parameter that allows you to restrict the list to only those that have been updated since the specified date.

Response:
A 200 OK response with JSON listing the threat's IQID and the UpdatedDate:

{
  "links": {
    "self": "https://www.idappcom.com/api/v1/iqids?from=2019-11-18"
  },
  "data": {
    "type": "iqids",
    "id": "",
    "iqids": {
      "20350": "2019-11-20T16:40:25+00:00",
      "20363": "2019-11-20T16:56:53+00:00",
      "20364": "2019-11-20T16:56:53+00:00",
...
      "20381": "2019-11-20T16:56:54+00:00",
      "20382": "2019-11-20T16:56:54+00:00",
      "20383": "2019-11-20T16:56:54+00:00"
    }
  },
  "meta": {
    "requestmethod": "GET",
    "resource": "iqids",
    "arguments": [
      "iqids"
    ],
    "from": "2019-11-18",
    "exe_time": 0.04765486717224121
  }
}
		

Possible Errors:
Invalid 'from' values will return a HTTP 400 "Bad Request" response.

Individual Threat Information

Returns information for a single IQID threat. Use this resource to obtain a threat's name, descriptions, publish dates, CVSS scores, list of external references, and list of SIDs of related SNORT security rules.

Request:

GET /iqids/{IQID}

Parameter:

{IQID}

The IQID reference number for the threat.

Response:
A 200 OK response with JSON listing all information about an individual threat:

{
  "links": {
    "self": "https://www.idappcom.com/api/v1/iqids/9911"
  },
  "data": {
    "type": "iqid",
    "id": "9911",
    "iqid": {
      "ProductionID": 8555,
      "IQID": 9911,
      "ThreatName": "Drupal Core Password Hashing API Denial Of Service Vuln S",
      "GroupName": "December 2014",
      "Description": "Drupal core is vulnerable to a denial of service attack... .",
      "HelpText": "Drupal Core Password Hashing API Denial Of Service Vuln... .",
      "Vendor": "Drupal",
      "Applications": "Drupal",
      "DatePublished": "2014-11-20T00:00:00+00:00",
      "DateUpdated": "2014-11-20T00:00:00+00:00",
      "Type": "Vulnerability",
      "Category": "Input Validation Error",
      "Impact": "Denial Of Service",
      "Exploitability": "Network",
      "Source": "From Attacker/To Server",
      "Protocol": "HTTP",
      "Severity": "Medium",
      "CVSSVector": "(AV:N/AC:L/Au:N/C:N/I:N/A:P)",
      "CVSSScore": "5.0",
      "CVSSv3Vector": "",
      "CVSSv3Score": "",
      "References": [
        "http://xforce.iss.net/xforce/xfdb/98861",
        "https://www.exploit-db.com/exploits/35415",
        "https://packetstormsecurity.com/files/129341"
      ],
      "SIDs": [
        8008132
      ]
    }
  },
  "meta": {
    "requestmethod": "GET",
    "resource": "iqids/9911",
    "arguments": [
      "iqids",
      "9911"
    ],
    "exe_time": 0.05106401443481445
  }
}		

Possible Errors:
Invalid IQID values will return either a HTTP 404 "Not Found", or a HTTP 400 "Bad Request" response.

Threat File

This resource returns a Base64 encoded .KAR traffic file for replay within Traffic IQ Professional.

Request:

GET /iqids/{IQID}/kar

Parameter:

{IQID}

The IQID reference number for the threat.

Response:
A 200 OK response with JSON listing file name, size, created/updated dates, and a Base64 encoded file for an individual threat:

{
  "links": {
    "self": "https://www.idappcom.com/api/v1/iqids/9911/kar"
  },
  "data": {
    "type": "filedata",
    "id": "9911",
    "filedata": {
      "FileID": 30458,
      "FileName": "Drupal Core Password Hashing API Denial Of Service Vul S.kar",
      "FileSize": 9486535,
      "Created": "2015-01-06T11:19:49+00:00",
      "Updated": "2015-01-07T11:28:15+00:00",
      "base64": "lRfDaPQA+SABSeDH/y ... {LOTS OF BINARY DATA} ... mJHEOi5XyYiKnAA=="
    }
  },
  "meta": {
    "requestmethod": "GET",
    "resource": "iqids/9911/kar",
    "arguments": [
      "iqids",
      "9911",
      "kar"
    ],
    "exe_time": 0.8705909252166748
  }
}		

Possible Errors:
Invalid IQID values will return either a HTTP 404 "Not Found", or a HTTP 400 "Bad Request" response.

Live Rules Database

Returns the current entire (or a date limited) list of SID identifiers for our Snort security rules.

Use this resource initially to obtain the whole list, and then periodically to obtain new and updated entries since your last download. We rarely delete entries, but these could be determined by comparing a new full download with your existing list.

Requests:

GET /sids
GET /sids?from={YYYY-MM-DD}

Parameter:

?from={YYYY-MM-DD}

Optional parameter that allows you to restrict the list to only those that have been updated since the specified date.

Response:
A 200 OK response with JSON listing of all SID numbers and their UpdatedDate:

{
  "links": {
    "self": "https://www.idappcom.com/api/v1/sids?from=2019-11-20"
  },
  "data": {
    "type": "sids",
    "id": "",
    "sids": {
      "8018667": "2019-11-20T16:56:53+00:00",
      "8018675": "2019-11-20T16:56:53+00:00",
      "8018676": "2019-11-20T16:56:53+00:00",
...
      "8018692": "2019-11-20T16:56:53+00:00",
      "8018693": "2019-11-20T16:56:53+00:00",
      "8018694": "2019-11-20T16:56:53+00:00"
    }
  },
  "meta": {
    "requestmethod": "GET",
    "resource": "sids",
    "arguments": [
      "sids"
    ],
    "from": "2019-11-20",
    "exe_time": 0.033084869384765625
  }
}
		

Possible Errors:
Invalid 'from' values will return a HTTP 400 "Bad Request" response.

Individual Rule Information

Returns information for a single SID rule.

Request:

GET /sids/{SID}

Parameter:

{SID}

The SID reference number for the rule.

Response:
A 200 OK response with JSON listing all information about an individual rule:

{
  "links": {
    "self": "https://www.idappcom.com/api/v1/sids/8008132"
  },
  "data": {
    "type": "sid",
    "id": "8008132",
    "sid": {
      "SID": 8008132,
      "RuleText": "alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (...)",
      "AddedDate": "2005-11-01T00:00:00+00:00",
      "UpdatedDate": "2005-11-01T00:00:00+00:00"
    }
  },
  "meta": {
    "requestmethod": "GET",
    "resource": "sids/8008132",
    "arguments": [
      "sids",
      "8008132"
    ],
    "exe_time": 0.03322601318359375
  }
}		

Possible Errors:
Invalid SID values will return either a HTTP 404 "Not Found", or a HTTP 400 "Bad Request" response.

Interactive User Interface

View this API and interact with it with a live user interface. Powered by OpenAPI and Swagger.

More information

Please direct any questions about this API to support@idappcom.com.