Skip to content
Support
Sign In Subscribe

API Docs
Changelog

Recent Updates

2026/2/16 New

API consumers can now hotlink ransomware screenshots directly by appending ?key=your-api-key to any image URL returned in the Ransomware feed/export. This allows embedding threat intel screenshots in dashboards, reports, and external tools without downloading them first. 

https://dwi.darkwebinformer.com/dwi/screenshots/insomnia/Copier%20Careers.png?key=your-api-key

NOTE: Screenshot hotlinking is rate-limited to 60 requests per 20 minutes per API key. This is separate from your daily API call quota. All image requests are actively monitored. Scraping or bulk-downloading of screenshots is strictly prohibited and constitutes a violation of the Terms of Service you agreed to upon signing up for the API. If scraping or abuse is detected, your API access may be terminated immediately without refund. If you need higher limits or bulk access, please reach out to me directly.

Image URLs + ?key= Ransomware API
2026/1/22

Added 277 new alerts to the threat feeds under the Cyber Attack category, primarily consisting of news articles covering recent cyber attacks.

Cyber Attack 277 Alerts
2025/12/06

New export endpoint available under IOC → Exports. Provides a full IOC history export in JSON format. Recommended to use scripts to download — the file is very large.

GET /api/ioc/full JSON
2025/11/25

New export endpoint available under News → Exports. Provides cybersecurity news in NDJSON format, aggregated from 9 trusted cybersecurity news sources. Additional sources will be added gradually.

GET /api/export_news_latest.jsonl NDJSON

By using this API, you agree to the Terms of Service and the Privacy Policy.

Endpoint

Method GET Content-Type application/json
Daily quota: 50 requests (reset at 00:00 UTC) Rate: 5 key/min · 5 IP/min Exports: 2/min Nonce window: 120s

Modes

Threat Feed – Retrieval

  • /api/get_latest — Get latest alert
  • /api/get_recent — Get recent alerts
  • /api/get_recent_alerts_by_actor — Get alerts by threat actor
  • /api/get_alert — Get single alert by ID
  • /api/get_alerts_since — Get alerts since timestamp
  • /api/get_messages — Get full raw feed (includes ransomware)
  • /api/get_messages_plus — Get capped raw feed (excluding ransomware)

Ransomware – Retrieval

  • /api/get_ransomware — Get merged ransomware feed
  • /api/get_ransomware_by_group — Get ransomware by group

IOC – Retrieval

  • /api/ioc/history — Get IOC history

Threat Feed – Search

  • /api/search — Search feed

Ransomware – Stats & Lists

  • /api/get_ransomware_stats — Get ransomware stats
  • /api/get_ransomware_groups — List ransomware groups

IOC – Exports

  • /api/ioc/export.json — Export IOC JSON
  • /api/ioc/export.csv — Export IOC CSV
  • /api/ioc/full — Export full IOC JSON

Threat Feed – Stats & Lists

  • /api/get_stats — Get feed stats
  • /api/get_stats/threat_actors — Get threat actor counts
  • /api/get_threat_actors/top — Get top threat actors
  • /api/get_stats/categories — Get category counts
  • /api/get_categories — List categories
  • /api/get_stats/countries — Get country counts
  • /api/get_countries — List victim countries
  • /api/get_titles — List titles
  • /api/get_industry — List industries
  • /api/get_networks — List networks
  • /api/get_threat_actors — List threat actors
  • /api/get_victim_organization — List victim organizations

Ransomware – Exports

  • /api/export_ransomware.json — Export ransomware feed JSON

News – Exports

  • /api/export_news_latest.jsonl — Export latest news documents (NDJSON)

Threat Feed – Exports

  • /api/export_feed.json — Export threat feed JSON
  • /api/export_feed.csv — Export threat feed CSV

API Sandbox

Send authenticated requests, inspect rate-limit headers, and copy a curl command.

Ready

Response

No response yet.

Headers


            

            

              

                
curl

                
              

              

            

          


          

        


        
        

          
Client code

          

            

              

                
Python

                
              

              
import time, secrets, string, requests, json

API_BASE = "https://api.darkwebinformer.com"
API_KEY  = "YOUR_API_KEY"
ALPHABET = string.ascii_letters + string.digits + "-"

def make_nonce():
    return f"{int(time.time())}:{''.join(secrets.choice(ALPHABET) for _ in range(12))}"

def get(endpoint, params=None, accept="application/json"):
    url = f"{API_BASE}{endpoint}"
    headers = {
        "X-API-Key": API_KEY,
        "X-Nonce": make_nonce(),
        "Accept": accept,
    }
    r = requests.get(url, headers=headers, params=params, timeout=30)
    r.raise_for_status()
    if accept == "text/csv":
        print(r.text)
    else:
        print(json.dumps(r.json(), indent=2))

if __name__ == "__main__":
    get("/api/get_stats")

            

            

              

                
JavaScript

                
              

              
const API_BASE = "https://api.darkwebinformer.com";
const API_KEY  = "YOUR_API_KEY";

function makeNonce() {
  const ts = Math.floor(Date.now() / 1000);
  const hex = Array.from(crypto.getRandomValues(new Uint8Array(8)))
    .map(b => b.toString(16).padStart(2, "0")).join("");
  return `${ts}:${hex}`;
}

async function get(endpoint) {
  const res = await fetch(`${API_BASE}${endpoint}`, {
    headers: {
      "X-API-Key": API_KEY,
      "X-Nonce":   makeNonce(),
      "Accept":    "application/json",
    },
  });
  if (!res.ok) throw new Error(`HTTP ${res.status}`);
  return res.json();
}

get("/api/get_stats").then(d => console.log(d));

            

            

              

                
curl

                
              

              
curl -s -D - \
  'https://api.darkwebinformer.com/api/get_stats' \
  -H 'Accept: application/json' \
  -H 'X-API-Key: YOUR_API_KEY' \
  -H 'X-Nonce: $(date +%s):abcdefABCDEF'

            

          

        


        
        

          
Errors

          

            
              
HTTPCodeWhen

            
            
              

                400
                nonce_invalid / bad_request / ua_required
                Missing or malformed nonce; invalid params; missing User-Agent
              

              

                401
                unauthorized
                Missing/invalid API key, or inactive/expired
              

              

                403
                cors_origin / forbidden
                Origin not allow-listed or scope denied
              

              

                404
                not_found
                Unknown endpoint
              

              

                405
                method_not_allowed
                HTTP method not supported for this path
              

              

                409
                nonce_expired / nonce_replay
                Nonce outside window or already used
              

              

                415
                accept_not_supported
                Unsupported Accept for the requested resource
              

              

                429
                rate_ip / rate_key / rate_daily / rate_export / rate_upstream / rate_mint
                Per-minute, daily, export, upstream, or nonce-mint limit reached
              

              

                500
                internal
                Unexpected server error (includes upstream failures in this build)