ThreatWinds Developer Documentation

ThreatWinds is the API that provides comprehensive information on cyber-security threats and their interrelationships.

Introduction

ThreatWinds gives you programmatic access to a comprehensive threat intelligence platform covering malware, phishing, C2 infrastructure, and the relationships between them. Use the REST API to integrate threat data into your security tools, build custom dashboards, or feed your own detection pipelines.

This documentation covers authentication, all API endpoints, request/response formats, and rate limits. If you run into issues or have questions, reach out to our support team.

Getting started

• Quickstart
• Auth API
• Compute API
• Billing API
• AI API
• Feeds API
• Analytics API
• Search API
• Ingest API

Get involved

ThreatWinds is built on community-contributed data. You can contribute your own threat intelligence using the Ingest API to help make the platform more accurate and comprehensive for everyone.

Whether you have indicators for a specific campaign or broader threat trends, your contributions improve the intelligence available to the entire community.

See the Ingest API docs to learn how to contribute threat intelligence data.