Authentication
Use scoped client API keys.
Public API access is controlled by client API keys managed in the Domain Intelligence portal. A key reaches nothing by default until it is assigned an API group.
Headers
Prefer the standard bearer token form:
Authorization: Bearer <api-key>X-API-Key is also supported for clients that cannot send bearer tokens:
X-API-Key: <api-key>Groups
| Group | Access |
|---|---|
infostealers | Allows GET /v1/infostealers and GET /v1/infostealers/{host}. |
Security notes
- Treat API keys as bearer secrets.
- Use HTTPS only.
- Do not put keys in URLs, query strings, logs, or screenshots.
401means the key is missing or invalid.403means the key is valid but lacks the required group.