API Examples
This page has various API examples in Python, Java, PHP, and using cURL.
Python
Example 1: A query to get all threat indicators which are IP Addresses of proxies in ThreatExchange.
import requests
import json
import ast
import urllib
app_id = '555' # Replace this with your app ID
app_secret = '1234' # Replace this with your app secret
type_ = 'IP_ADDRESS'
text = 'proxy'
query_params = urllib.urlencode({
'access_token' : app_id + '|' + app_secret,
'type' : type_,
'text' : text
})
r = requests.get('https://graph.facebook.com/v2.4/threat_indicators?' + query_params)
print json.dumps(ast.literal_eval(r.text), sort_keys=True,indent=4,separators=(',', ': '))Example 2: A query to get all IP Addresses of proxies uploaded by the Facebook Administrator app in ThreatExchange.
import requests
import json
import ast
import urllib
app_id = '555' # Replace this with your app ID
app_secret = '1234' # Replace this with your app secret
type_ = 'IP_ADDRESS'
owner_app_id = 820763734618599
text = 'proxy'
query_params = urllib.urlencode({
'access_token' : app_id + '|' + app_secret,
'type' : type_,
'owner' : owner_app_id,
'text' : text
})
r = requests.get('https://graph.facebook.com/v2.4/threat_descriptors?' + query_params)
print json.dumps(ast.literal_eval(r.text), sort_keys=True,indent=4,separators=(',', ': '))Example 3: A query to get all malware analyses uploaded to ThreatExchange uploaded between Fri, 07 Feb 2014 22:51:29 GMT and Sat, 08 Feb 2014 10:51:29 GMT.
import requests
import json
import ast
import urllib
app_id = '5555' # Replace this with your app ID
app_secret = '1234' # Replace this with your app secret
start_time = 1391813489
end_time = 1391856689
query_params = urllib.urlencode({
'access_token' : app_id + '|' + app_secret,
'since' : start_time,
'until' : end_time
})
r = requests.get('https://graph.facebook.com/v2.4/malware_analyses?' + query_params)
print json.dumps(ast.literal_eval(r.text), sort_keys=True,indent=4,separators=(',', ': '))Example 4: A query to get all malware families uploaded to ThreatExchange between yesterday and today.
import requests
import json
import ast
import urllib
app_id = '555' # Replace this with your app ID
app_secret = '1234' # Replace this with your app secret
start_time = 'yesterday'
end_time = 'now'
query_params = urllib.urlencode({
'access_token' : app_id + '|' + app_secret,
'since' : start_time,
'until' : end_time
})
r = requests.get('https://graph.facebook.com/v2.4/malware_families?' + query_params)
print json.dumps(ast.literal_eval(r.text), sort_keys=True,indent=4,separators=(',', ': '))Java
Example 1: A query to get all threat indicators which are IP Addresses of proxies in ThreatExchange.
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import java.util.Scanner;
public class ThreatIndicators {
public final static void main(String[] args) throws Exception {
String url = "https://graph.facebook.com/v2.4/threat_indicators?";
String appID = "5555"; // Replace this with your app ID
String appSecret = "12345"; // Replace this with your app secret
String type = "IP_ADDRESS";
String text = "proxy";
String query = String.format("access_token=%s&type=%s&text=%s",
appID + "|" + appSecret,
type,
text
);
URLConnection connection = new URL(url + query).openConnection();
InputStream response = connection.getInputStream();
System.out.print(convertStreamToString(response));
response.close();
}
static String convertStreamToString(InputStream inputStream){
Scanner scanner = new Scanner(inputStream).useDelimiter("\\A");
return scanner.hasNext() ? scanner.next() : "";
}
}Example 2: A query to get all IP Addresses of proxies uploaded by the Facebook Administrator app in ThreatExchange.
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import java.util.Scanner;
public class ThreatDescriptors {
public final static void main(String[] args) throws Exception {
String url = "https://graph.facebook.com/v2.4/threat_descriptors?";
String appID = "555"; // Replace this with your app ID
String appSecret = "12345"; // Replace this with your app secret
String type = "IP_ADDRESS";
String ownerAppID = "820763734618599";
String text = "proxy";
String query = String.format("access_token=%s&type=%s&owner=%s&text=%s",
appID + "|" + appSecret,
type,
ownerAppID,
text
);
URLConnection connection = new URL(url + query).openConnection();
InputStream response = connection.getInputStream();
System.out.print(convertStreamToString(response));
response.close();
}
static String convertStreamToString(InputStream inputStream){
Scanner scanner = new Scanner(inputStream).useDelimiter("\\A");
return scanner.hasNext() ? scanner.next() : "";
}
}Example 3: A query to get all malware analyses uploaded to ThreatExchange uploaded between Fri, 07 Feb 2014 22:51:29 GMT and Sat, 08 Feb 2014 10:51:29 GMT.
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import java.util.Scanner;
public class MalwareAnalyses {
public final static void main(String[] args) throws Exception {
String url = "https://graph.facebook.com/v2.4/malware_analyses?";
String appID = "555"; // Replace this with your app ID
String appSecret = "1234"; // Replace this with your app secret
String since = "1391813489";
String until = "1391856689";
String query = String.format("access_token=%s&since=%s&until=%s",
appID + "|" + appSecret,
since,
until
);
URLConnection connection = new URL(url + query).openConnection();
InputStream response = connection.getInputStream();
System.out.print(convertStreamToString(response));
response.close();
}
static String convertStreamToString(InputStream inputStream){
Scanner scanner = new Scanner(inputStream).useDelimiter("\\A");
return scanner.hasNext() ? scanner.next() : "";
}
}Example 4: A query to get all malware families uploaded to ThreatExchange between yesterday and today.
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import java.util.Scanner;
public class MalwareFamilies {
public final static void main(String[] args) throws Exception {
String url = "https://graph.facebook.com/v2.4/malware_families?";
String appID = "555"; // Replace this with your app ID
String appSecret = "1234"; // Replace this with your app secret
String since = "yesterday";
String until = "now";
String query = String.format("access_token=%s&since=%s&until=%s",
appID + "|" + appSecret,
since,
until
);
URLConnection connection = new URL(url + query).openConnection();
InputStream response = connection.getInputStream();
System.out.print(convertStreamToString(response));
response.close();
}
static String convertStreamToString(InputStream inputStream){
Scanner scanner = new Scanner(inputStream).useDelimiter("\\A");
return scanner.hasNext() ? scanner.next() : "";
}
}PHP
Example 1: A query to get all threat indicators which are IP Addresses of proxies in ThreatExchange.
<?php $appID = "555"; // Replace this with your AppID $appSecret = "1234"; // Replace this with your App Secret $type = 'IP_ADDRESS'; $text = 'proxy'; $access_token = $appID . "|" . $appSecret; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://graph.facebook.com/v2.5/threat_indicators?" . "access_token=" . $access_token . "&type=" . $type . "&text=" . $text); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $response = curl_exec($ch); $json = json_encode(json_decode($response), JSON_PRETTY_PRINT); print($json . PHP_EOL); curl_close($ch); ?>
Example 2: A query to get all IP Addresses of proxies uploaded by the Facebook Administrator app in ThreatExchange.
<?php $appID = "555"; // Replace this with your AppID $appSecret = "1234"; // Replace this with your App Secret $type = 'IP_ADDRESS'; $text = 'proxy'; $ownerAppID = "820763734618599"; $access_token = $appID . "|" . $appSecret; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://graph.facebook.com/v2.5/threat_descriptors?" . "access_token=" . $access_token . "&type=" . $type . "&owner=" . $ownerAppID . "&text=" . $text); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $response = curl_exec($ch); $json = json_encode(json_decode($response), JSON_PRETTY_PRINT); print($json . PHP_EOL); curl_close($ch); ?>
Example 3: A query to get all malware analyses uploaded to ThreatExchange uploaded between Fri, 07 Feb 2014 22:51:29 GMT and Sat, 08 Feb 2014 10:51:29 GMT.
<?php $appID = "555"; // Replace this with your AppID $appSecret = "1234"; // Replace this with your App Secret $since = '1391813489'; $until = '1391856689'; $access_token = $appID . "|" . $appSecret; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://graph.facebook.com/v2.5/malware_analyses?" . "access_token=" . $access_token . "&since=" . $since . "&until=" . $until); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $response = curl_exec($ch); $json = json_encode(json_decode($response), JSON_PRETTY_PRINT); print($json . PHP_EOL); curl_close($ch); ?>
Example 4: A query to get all malware families uploaded to ThreatExchange between yesterday and today.
<?php $appID = "555"; // Replace this with your AppID $appSecret = "1234"; // Replace this with your App Secret $since = 'yesterday'; $until = 'now'; $access_token = $appID . "|" . $appSecret; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://graph.facebook.com/v2.5/malware_families?" . "access_token=" . $access_token . "&since=" . $since . "&until=" . $until); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $response = curl_exec($ch); $json = json_encode(json_decode($response), JSON_PRETTY_PRINT); print($json . PHP_EOL); curl_close($ch); ?>
cURL
Example 1: A query to get all threat indicators which are IP Addresses of proxies in ThreatExchange.
curl -i -X GET \ "https://graph.facebook.com/v2.4/threat_indicators"\ "?type=IP_ADDRESS&text=proxy&access_token=555%7C1234"
Example 2: A query to get all IP Addresses of proxies uploaded by the Facebook Administrator app in ThreatExchange.
curl -i -X GET \ "https://graph.facebook.com/v2.4/threat_descriptors"\ "?type=IP_ADDRESS&owner=820763734618599&text=proxy&access_token=555%7C1234"
Example 3: A query to get all malware analyses uploaded to ThreatExchange uploaded between Fri, 07 Feb 2014 22:51:29 GMT and Sat, 08 Feb 2014 10:51:29 GMT.
curl -i -X GET \ "https://graph.facebook.com/v2.4/malware_analyses"\ "?since=1391813489&until=1391856689&access_token=5555%7C1234"
Example 4: A query to get all malware families uploaded to ThreatExchange between yesterday and today.
curl -i -X GET \ "https://graph.facebook.com/v2.5/malware_families"\ "?since=yesterday&until=now&access_token=555%7C1234"
