API Examples

This page has various API examples in Python, Java, PHP, and using cURL.

Python

Example 1: A query to get all threat indicators which are IP Addresses of proxies in ThreatExchange.

import requests
import json
import ast
import urllib

app_id = '555' # Replace this with your app ID
app_secret = '1234' # Replace this with your app secret
type_ = 'IP_ADDRESS'
text = 'proxy'

query_params = urllib.urlencode({
'access_token' : app_id + '|' + app_secret,
'type' : type_,
'text' : text
})

r = requests.get('https://graph.facebook.com/v2.4/threat_indicators?' + query_params)

print json.dumps(ast.literal_eval(r.text), sort_keys=True,indent=4,separators=(',', ': '))

Example 2: A query to get all IP Addresses of proxies uploaded by the Facebook Administrator app in ThreatExchange.

import requests
import json
import ast
import urllib

app_id = '555' # Replace this with your app ID
app_secret = '1234' # Replace this with your app secret
type_ = 'IP_ADDRESS'
owner_app_id = 820763734618599
text = 'proxy'

query_params = urllib.urlencode({
'access_token' : app_id + '|' + app_secret,
'type' : type_,
'owner' : owner_app_id,
'text' : text
})

r = requests.get('https://graph.facebook.com/v2.4/threat_descriptors?' + query_params)

print json.dumps(ast.literal_eval(r.text), sort_keys=True,indent=4,separators=(',', ': '))

Example 3: A query to get all malware analyses uploaded to ThreatExchange uploaded between Fri, 07 Feb 2014 22:51:29 GMT and Sat, 08 Feb 2014 10:51:29 GMT.

import requests
import json
import ast
import urllib

app_id = '5555' # Replace this with your app ID
app_secret = '1234' # Replace this with your app secret
start_time = 1391813489
end_time = 1391856689

query_params = urllib.urlencode({
'access_token' : app_id + '|' + app_secret,
'since' : start_time,
'until' : end_time
})

r = requests.get('https://graph.facebook.com/v2.4/malware_analyses?' + query_params)

print json.dumps(ast.literal_eval(r.text), sort_keys=True,indent=4,separators=(',', ': '))

Example 4: A query to get all malware families uploaded to ThreatExchange between yesterday and today.

import requests
import json
import ast
import urllib

app_id = '555' # Replace this with your app ID
app_secret = '1234' # Replace this with your app secret
start_time = 'yesterday'
end_time = 'now'

query_params = urllib.urlencode({
'access_token' : app_id + '|' + app_secret,
'since' : start_time,
'until' : end_time
})

r = requests.get('https://graph.facebook.com/v2.4/malware_families?' + query_params)

print json.dumps(ast.literal_eval(r.text), sort_keys=True,indent=4,separators=(',', ': '))

Java

Example 1: A query to get all threat indicators which are IP Addresses of proxies in ThreatExchange.

import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import java.util.Scanner;

public class ThreatIndicators {

public final static void main(String[] args) throws Exception {
String url = "https://graph.facebook.com/v2.4/threat_indicators?";
String appID = "5555"; // Replace this with your app ID
String appSecret = "12345"; // Replace this with your app secret
String type = "IP_ADDRESS";
String text = "proxy";

String query = String.format("access_token=%s&type=%s&text=%s",
appID + "|" + appSecret,
type,
text
);
URLConnection connection = new URL(url + query).openConnection();
InputStream response = connection.getInputStream();
System.out.print(convertStreamToString(response));
response.close();
}

static String convertStreamToString(InputStream inputStream){
Scanner scanner = new Scanner(inputStream).useDelimiter("\\A");
return scanner.hasNext() ? scanner.next() : "";
}

}

Example 2: A query to get all IP Addresses of proxies uploaded by the Facebook Administrator app in ThreatExchange.

import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import java.util.Scanner;

public class ThreatDescriptors {

public final static void main(String[] args) throws Exception {
String url = "https://graph.facebook.com/v2.4/threat_descriptors?";
String appID = "555"; // Replace this with your app ID
String appSecret = "12345"; // Replace this with your app secret
String type = "IP_ADDRESS";
String ownerAppID = "820763734618599";
String text = "proxy";

String query = String.format("access_token=%s&type=%s&owner=%s&text=%s",
appID + "|" + appSecret,
type,
ownerAppID,
text
);
URLConnection connection = new URL(url + query).openConnection();
InputStream response = connection.getInputStream();
System.out.print(convertStreamToString(response));
response.close();
}

static String convertStreamToString(InputStream inputStream){
Scanner scanner = new Scanner(inputStream).useDelimiter("\\A");
return scanner.hasNext() ? scanner.next() : "";
}

}

Example 3: A query to get all malware analyses uploaded to ThreatExchange uploaded between Fri, 07 Feb 2014 22:51:29 GMT and Sat, 08 Feb 2014 10:51:29 GMT.

import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import java.util.Scanner;

public class MalwareAnalyses {

public final static void main(String[] args) throws Exception {
String url = "https://graph.facebook.com/v2.4/malware_analyses?";
String appID = "555"; // Replace this with your app ID
String appSecret = "1234"; // Replace this with your app secret
String since = "1391813489";
String until = "1391856689";

String query = String.format("access_token=%s&since=%s&until=%s",
appID + "|" + appSecret,
since,
until
);
URLConnection connection = new URL(url + query).openConnection();
InputStream response = connection.getInputStream();
System.out.print(convertStreamToString(response));
response.close();
}

static String convertStreamToString(InputStream inputStream){
Scanner scanner = new Scanner(inputStream).useDelimiter("\\A");
return scanner.hasNext() ? scanner.next() : "";
}

}

Example 4: A query to get all malware families uploaded to ThreatExchange between yesterday and today.

import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import java.util.Scanner;

public class MalwareFamilies {

public final static void main(String[] args) throws Exception {
String url = "https://graph.facebook.com/v2.4/malware_families?";
String appID = "555"; // Replace this with your app ID
String appSecret = "1234"; // Replace this with your app secret
String since = "yesterday";
String until = "now";

String query = String.format("access_token=%s&since=%s&until=%s",
appID + "|" + appSecret,
since,
until
);
URLConnection connection = new URL(url + query).openConnection();
InputStream response = connection.getInputStream();
System.out.print(convertStreamToString(response));
response.close();
}

static String convertStreamToString(InputStream inputStream){
Scanner scanner = new Scanner(inputStream).useDelimiter("\\A");
return scanner.hasNext() ? scanner.next() : "";
}

}

PHP

Example 1: A query to get all threat indicators which are IP Addresses of proxies in ThreatExchange.

<?php
$appID = "555"; // Replace this with your AppID
$appSecret = "1234"; // Replace this with your App Secret
$type = 'IP_ADDRESS';
$text = 'proxy';
$access_token = $appID . "|" . $appSecret;

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,
"https://graph.facebook.com/v2.5/threat_indicators?" .
"access_token=" . $access_token .
"&amp;type=" . $type .
"&amp;text=" . $text);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$response = curl_exec($ch);
$json = json_encode(json_decode($response), JSON_PRETTY_PRINT);
print($json . PHP_EOL);
curl_close($ch);
?>

Example 2: A query to get all IP Addresses of proxies uploaded by the Facebook Administrator app in ThreatExchange.

<?php
$appID = "555"; // Replace this with your AppID
$appSecret = "1234"; // Replace this with your App Secret
$type = 'IP_ADDRESS';
$text = 'proxy';
$ownerAppID = "820763734618599";
$access_token = $appID . "|" . $appSecret;

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,
"https://graph.facebook.com/v2.5/threat_descriptors?" .
"access_token=" . $access_token .
"&amp;type=" . $type .
"&amp;owner=" . $ownerAppID .
"&amp;text=" . $text);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$response = curl_exec($ch);
$json = json_encode(json_decode($response), JSON_PRETTY_PRINT);
print($json . PHP_EOL);
curl_close($ch);
?>

Example 3: A query to get all malware analyses uploaded to ThreatExchange uploaded between Fri, 07 Feb 2014 22:51:29 GMT and Sat, 08 Feb 2014 10:51:29 GMT.

<?php
$appID = "555"; // Replace this with your AppID
$appSecret = "1234"; // Replace this with your App Secret
$since = '1391813489';
$until = '1391856689';
$access_token = $appID . "|" . $appSecret;

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,
"https://graph.facebook.com/v2.5/malware_analyses?" .
"access_token=" . $access_token .
"&amp;since=" . $since .
"&amp;until=" . $until);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$response = curl_exec($ch);
$json = json_encode(json_decode($response), JSON_PRETTY_PRINT);
print($json . PHP_EOL);
curl_close($ch);
?>

Example 4: A query to get all malware families uploaded to ThreatExchange between yesterday and today.

<?php
$appID = "555"; // Replace this with your AppID
$appSecret = "1234"; // Replace this with your App Secret
$since = 'yesterday';
$until = 'now';
$access_token = $appID . "|" . $appSecret;

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,
"https://graph.facebook.com/v2.5/malware_families?" .
"access_token=" . $access_token .
"&amp;since=" . $since .
"&amp;until=" . $until);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$response = curl_exec($ch);
$json = json_encode(json_decode($response), JSON_PRETTY_PRINT);
print($json . PHP_EOL);
curl_close($ch);
?>

cURL

Example 1: A query to get all threat indicators which are IP Addresses of proxies in ThreatExchange.

curl -i -X GET \
"https://graph.facebook.com/v2.4/threat_indicators?type=IP_ADDRESS&amp;text=proxy&amp;access_token=555%7C1234"

Example 2: A query to get all IP Addresses of proxies uploaded by the Facebook Administrator app in ThreatExchange.

curl -i -X GET \
"https://graph.facebook.com/v2.4/threat_descriptors?type=IP_ADDRESS&amp;owner=820763734618599&amp;text=proxy&amp;access_token=555%7C1234"

Example 3: A query to get all malware analyses uploaded to ThreatExchange uploaded between Fri, 07 Feb 2014 22:51:29 GMT and Sat, 08 Feb 2014 10:51:29 GMT.

curl -i -X GET \
"https://graph.facebook.com/v2.4/malware_analyses?since=1391813489&amp;until=1391856689&amp;access_token=5555%7C1234"

Example 4: A query to get all malware families uploaded to ThreatExchange between yesterday and today.

curl -i -X GET \
"https://graph.facebook.com/v2.5/malware_families?since=yesterday&amp;until=now&amp;access_token=555%7C1234"