Security Threat Detection API API Reference
The security APIs help you detect and block security threats.
Swagger OpenAPI Specification | .NET Framework Client | .NET Core Client | Java Client | Node.JS Client | Python Client | Drupal Client
API Endpoint
https://api.cloudmersive.com
Schemes: https
Version: v1
Authentication
Apikey
API Key Authentication
ContentThreatDetection
Automatically detect threats in an input string
Auto-detects a wide range of threat types in input string, including Cross-Site Scripting (XSS), SQL Injection (SQLI), XML External Entitites (XXE), Server-side Request Forgeries (SSRF), and JSON Insecure Deserialization (JID).
User-facing text input.
Code Example:
Request Content-Types: application/json, text/json
Request Example
"string"
OK
Response Content-Types: application/json, text/json, application/xml, text/xml
Response Example (200 OK)
{
"Successful": "boolean",
"CleanResult": "boolean",
"ContainedJsonInsecureDeserializationAttack": "boolean",
"ContainedXssThreat": "boolean",
"ContainedXxeThreat": "boolean",
"ContainedSqlInjectionThreat": "boolean",
"ContainedSsrfThreat": "boolean",
"IsXML": "boolean",
"IsJSON": "boolean",
"IsURL": "boolean",
"OriginalInput": "string"
}
Detect Insecure Deserialization JSON (JID) attacks in a string
Detects Insecure Deserialization JSON (JID) attacks from text input.
User-facing text input.
Code Example:
Request Content-Types: application/json, text/json
Request Example
"string"
Response Content-Types: application/json, text/json, application/xml, text/xml
Response Example (200 OK)
{
"Successful": "boolean",
"ContainedJsonInsecureDeserializationAttack": "boolean",
"OriginalInput": "string"
}
Check text input for SQL Injection (SQLI) attacks
Detects SQL Injection (SQLI) attacks from text input.
User-facing text input.
Code Example:
Request Content-Types: application/json, text/json
Request Example
"string"
OK
Response Content-Types: application/json, text/json, application/xml, text/xml
Response Example (200 OK)
{
"Successful": "boolean",
"ContainedSqlInjectionAttack": "boolean",
"OriginalInput": "string"
}
Protect text input from Cross-Site-Scripting (XSS) attacks through normalization
Detects and removes XSS (Cross-Site-Scripting) attacks from text input through normalization. Returns the normalized result, as well as information on whether the original input contained an XSS risk.
User-facing text input.
Code Example:
Request Content-Types: application/json, text/json
Request Example
"string"
OK
Response Content-Types: application/json, text/json, application/xml, text/xml
Response Example (200 OK)
{
"Successful": "boolean",
"ContainedXss": "boolean",
"OriginalInput": "string",
"NormalizedResult": "string"
}
Protect text input from XML External Entity (XXE) attacks
Detects XXE (XML External Entity) attacks from XML text input.
User-facing text input.
Code Example:
Request Content-Types: application/json, text/json
Request Example
"string"
OK
Response Content-Types: application/json, text/json, application/xml, text/xml
Response Example (200 OK)
{
"Successful": "boolean",
"ContainedXxe": "boolean"
}
NetworkThreatDetection
Check a URL for Server-side Request Forgery (SSRF) threats
Checks if an input URL is at risk of being an SSRF (Server-side request forgery) threat or attack.
Input URL request
Code Example:
Request Content-Types: application/json, text/json
Request Example
{
"URL": "string",
"BlockedDomains": [
"string"
]
}
OK
Response Content-Types: application/json, text/json, application/xml, text/xml
Response Example (200 OK)
{
"CleanURL": "boolean",
"ThreatLevel": "string"
}
Check if IP address is a known threat
Check if the input IP address is a known threat IP address. Checks against known bad IPs, botnets, compromised servers, and other lists of threats.
IP address to check, e.g. "55.55.55.55". The input is a string so be sure to enclose it in double-quotes.
Code Example:
Request Content-Types: application/json, text/json
Request Example
"string"
OK
Response Content-Types: application/json, text/json, application/xml, text/xml
Response Example (200 OK)
{
"IsThreat": "boolean",
"ThreatType": "string"
}
Check if IP address is a Bot client threat
Check if the input IP address is a Bot, robot, or otherwise a non-user entity. Leverages real-time signals to check against known high-probability bots..
IP address to check, e.g. "55.55.55.55". The input is a string so be sure to enclose it in double-quotes.
Code Example:
Request Content-Types: application/json, text/json
Request Example
"string"
OK
Response Content-Types: application/json, text/json, application/xml, text/xml
Response Example (200 OK)
{
"IsBot": "boolean"
}
Check if IP address is a Tor node server
Check if the input IP address is a Tor exit node server. Tor servers are a type of privacy-preserving technology that can hide the original IP address who makes a request.
IP address to check, e.g. "55.55.55.55". The input is a string so be sure to enclose it in double-quotes.
Code Example:
Request Content-Types: application/json, text/json
Request Example
"string"
OK
Response Content-Types: application/json, text/json, application/xml, text/xml
Response Example (200 OK)
{
"IsTorNode": "boolean"
}
Schema Definitions
StringAutomaticThreatDetection: object
Result of performing an Insecure Deserialization JSON protection operation
- Successful: boolean
-
True if the operation was successful, false otherwise
- CleanResult: boolean
- ContainedJsonInsecureDeserializationAttack: boolean
-
True if the input contained Insecure Deserialization JSON, false otherwise
- ContainedXssThreat: boolean
-
True if the input contained XSS attack, false otherwise
- ContainedXxeThreat: boolean
-
True if the input contained XXE attack, false otherwise
- ContainedSqlInjectionThreat: boolean
-
True if the input contained SQL Injection attack, false otherwise
- ContainedSsrfThreat: boolean
-
True if the input contained an Server-Side Request Forgery (SSRF) URL attack, false otherwise
- IsXML: boolean
-
True if the input string is XML, false otherwise
- IsJSON: boolean
-
True if the input string is JSON, false otherwise
- IsURL: boolean
-
True if the input string is a URL, false otherwise
- OriginalInput: string
-
Original input string
Example
{
"Successful": "boolean",
"CleanResult": "boolean",
"ContainedJsonInsecureDeserializationAttack": "boolean",
"ContainedXssThreat": "boolean",
"ContainedXxeThreat": "boolean",
"ContainedSqlInjectionThreat": "boolean",
"ContainedSsrfThreat": "boolean",
"IsXML": "boolean",
"IsJSON": "boolean",
"IsURL": "boolean",
"OriginalInput": "string"
}
StringInsecureDeserializationJsonDetection: object
Result of performing an Insecure Deserialization JSON protection operation
- Successful: boolean
-
True if the operation was successful, false otherwise
- ContainedJsonInsecureDeserializationAttack: boolean
-
True if the input contained Insecure Deserialization JSON, false otherwise
- OriginalInput: string
-
Original input string
Example
{
"Successful": "boolean",
"ContainedJsonInsecureDeserializationAttack": "boolean",
"OriginalInput": "string"
}
StringSqlInjectionDetectionResult: object
Result of performing an SQL Injection protection operation
- Successful: boolean
-
True if the operation was successful, false otherwise
- ContainedSqlInjectionAttack: boolean
-
True if the input contained SQL Injection attacks, false otherwise
- OriginalInput: string
-
Original input string
Example
{
"Successful": "boolean",
"ContainedSqlInjectionAttack": "boolean",
"OriginalInput": "string"
}
StringXssProtectionResult: object
Result of performing an XSS protection operation
- Successful: boolean
-
True if the operation was successful, false otherwise
- ContainedXss: boolean
-
True if the input contained XSS scripting, false otherwise
- OriginalInput: string
-
Original input string
- NormalizedResult: string
-
Normalized string result, with XSS removed
Example
{
"Successful": "boolean",
"ContainedXss": "boolean",
"OriginalInput": "string",
"NormalizedResult": "string"
}
StringXxeDetectionResult: object
Result of performing an XXE threat detection operation
- Successful: boolean
-
True if the operation was successful, false otherwise
- ContainedXxe: boolean
-
True if the input contained XXE threats, false otherwise
Example
{
"Successful": "boolean",
"ContainedXxe": "boolean"
}
UrlSsrfThreatDetectionRequestFull: object
Request to determine if a URL is an SSRF threat check
- URL: string
-
URL to validate
- BlockedDomains: string[]
-
Top level domains that you do not want to allow access to, e.g. mydomain.com - will block all subdomains as well
-
string
Example
{
"URL": "string",
"BlockedDomains": [
"string"
]
}
UrlSsrfThreatDetectionResponseFull: object
Result of checking a URL for SSRF threats
- CleanURL: boolean
-
True if the URL is clean, false if it is at risk of containing an SSRF threat or attack
- ThreatLevel: string
-
Threat level of the URL; possible values are High, Medium, Low and None
Example
{
"CleanURL": "boolean",
"ThreatLevel": "string"
}
IPThreatDetectionResponse: object
Result of performing a IP threat check on an IP address
- IsThreat: boolean
-
True if the input IP address is a threat, false otherwise
- ThreatType: string
-
Specifies the type of IP threat; possible values include Blocklist, Botnet, WebBot
Example
{
"IsThreat": "boolean",
"ThreatType": "string"
}
ThreatDetectionBotCheckResponse: object
Result of performing a Bot check on an IP address
- IsBot: boolean
-
True if the input IP address is a Bot or Robot, false otherwise
Example
{
"IsBot": "boolean"
}
ThreatDetectionTorNodeResponse: object
Result of performing a Tor node check on an IP address
- IsTorNode: boolean
-
True if the input IP address is a Tor exit node, false otherwise
Example
{
"IsTorNode": "boolean"
}