Skip to content Dark Web Informer
Support
Sign In Subscribe

API Docs

API Swagger can be visited by clicking here!

API Update · 2025/12/06

New Endpoint: /ioc/full

A new export endpoint is now available under IOC → Exports. It provides a full IOC history export in JSON format. It is highly recommended to use scripts to download the file. It is very large, please be patient while downloading.

GET /api/ioc/full JSON Tracking almost 5 years of IOCs
API Update · 2025/11/25

New Endpoint: /export_news_latest.jsonl

A new export endpoint is now available under News → Exports. It provides cybersecurity news in NDJSON format, aggregated from 9 trusted cybersecurity news sources. Additional sources will be added gradually.

GET /api/export_news_latest.jsonl NDJSON Tracking 15+ days of data and growing

By using this API, you agree to the Terms of Service and the Privacy Policy.

Endpoint

Method GET Content-Type application/json
Daily quota: 50 requests (reset at 00:00 UTC) Rate: 5 key/min · 5 IP/min Exports: 2/min Nonce window: 120s

Modes

Threat Feed – Retrieval

  • /get_latest — Get latest alert
  • /get_recent — Get recent alerts
  • /get_recent_alerts_by_actor — Get alerts by threat actor
  • /get_alert — Get single alert by ID
  • /get_alerts_since — Get alerts since timestamp
  • /get_messages — Get full raw feed (includes ransomware)
  • /get_messages_plus — Get capped raw feed (excluding ransomware)

Threat Feed – Search

  • /search — Search feed

Threat Feed – Stats & Lists

  • /get_stats — Get feed stats
  • /get_stats/threat_actors — Get threat actor counts
  • /get_threat_actors/top — Get top threat actors
  • /get_stats/categories — Get category counts
  • /get_categories — List categories
  • /get_stats/countries — Get country counts
  • /get_countries — List victim countries
  • /get_titles — List titles
  • /get_industry — List industries
  • /get_networks — List networks
  • /get_threat_actors — List threat actors
  • /get_victim_organization — List victim organizations

Threat Feed – Exports

  • /export_feed.json — Export threat feed JSON
  • /export_feed.csv — Export threat feed CSV

Ransomware – Retrieval

  • /get_ransomware — Get merged ransomware feed
  • /get_ransomware_by_group — Get ransomware by group

Ransomware – Stats & Lists

  • /get_ransomware_stats — Get ransomware stats
  • /get_ransomware_groups — List ransomware groups

Ransomware – Exports

  • /export_ransomware.json — Export ransomware feed JSON

IOC – Retrieval

  • /ioc/history — Get IOC history

IOC – Exports

  • /ioc/export.json — Export IOC JSON
  • /ioc/export.csv — Export IOC CSV
  • /ioc/full — Export full IOC JSON

News - Exports

  • /export_news_latest.jsonl — Export latest news documents (NDJSON)

API Sandbox

Send authenticated requests, inspect rate-limit headers, and copy a curl command.

Ready

Response

No response yet.

Headers


            

            

              
curl

              

            

          


          

        


        
        

          
Client code

          

            

              
Python (requests)

              
import time, secrets, string, requests, json

API_BASE = "https://api.darkwebinformer.com"
API_KEY  = "YOUR_API_KEY"
ALPHABET = string.ascii_letters + string.digits + "-"

def make_nonce():
    return f"{int(time.time())}:{''.join(secrets.choice(ALPHABET) for _ in range(12))}"

def get(endpoint, params=None, accept="application/json"):
    url = f"{API_BASE}{endpoint}"
    headers = {
        "X-API-Key": API_KEY,
        "X-Nonce": make_nonce(),
        "Accept": accept,
    }
    r = requests.get(url, headers=headers, params=params, timeout=30)
    r.raise_for_status()
    if accept == "text/csv":
        print(r.text)
    else:
        print(json.dumps(r.json(), indent=2))

if __name__ == "__main__":
    get("/api/get_stats")

            

            

              
curl

              
curl -s -D - \
  'https://api.darkwebinformer.com/api/get_stats' \
  -H 'Accept: application/json' \
  -H 'X-API-Key: YOUR_API_KEY' \
  -H 'X-Nonce: $(date +%s):abcdefABCDEF'

            

          

        


        
        

          
Errors

          

            
              
HTTPCodeWhen

            
            
              

                400
                nonce_invalid / bad_request / ua_required
                Missing or malformed nonce; invalid params; missing User-Agent
              

              

                401
                unauthorised
                Missing/invalid API key, or inactive/expired
              

              

                403
                cors_origin / forbidden
                Origin not allow-listed or scope denied
              

              

                404
                not_found
                Unknown endpoint
              

              

                405
                method_not_allowed
                HTTP method not supported for this path
              

              

                409
                nonce_expired / nonce_replay
                Nonce outside window or already used
              

              

                415
                accept_not_supported
                Unsupported Accept for the requested resource
              

              

                429
                rate_ip / rate_key / rate_daily / rate_export / rate_upstream / rate_mint
                Per-minute, daily, export, upstream, or nonce-mint limit reached
              

              

                500
                internal
                Unexpected server error (includes upstream failures in this build)