{ "swagger": "2.0", "info": { "version": "v1", "title": "securityapi", "description": "The security APIs help you detect and block security threats." }, "host": "api.cloudmersive.com", "schemes": [ "https" ], "paths": { "/security/threat-detection/content/automatic/detect/string": { "post": { "tags": [ "ContentThreatDetection" ], "summary": "Automatically detect threats in an input string", "description": "Auto-detects a wide range of threat types in input string, including Cross-Site Scripting (XSS), SQL Injection (SQLI), XML External Entitites (XXE), Server-side Request Forgeries (SSRF), and JSON Insecure Deserialization (JID).", "operationId": "ContentThreatDetection_AutomaticThreatDetectionString", "consumes": [ "application/json", "text/json" ], "produces": [ "application/json", "text/json", "application/xml", "text/xml" ], "parameters": [ { "name": "value", "in": "body", "description": "User-facing text input.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/StringAutomaticThreatDetection" } } }, "security": [ { "Apikey": [] } ] } }, "/security/threat-detection/content/insecure-deserialization/json/detect/string": { "post": { "tags": [ "ContentThreatDetection" ], "summary": "Detect Insecure Deserialization JSON (JID) attacks in a string", "description": "Detects Insecure Deserialization JSON (JID) attacks from text input.", "operationId": "ContentThreatDetection_DetectInsecureDeserializationJsonString", "consumes": [ "application/json", "text/json" ], "produces": [ "application/json", "text/json", "application/xml", "text/xml" ], "parameters": [ { "name": "value", "in": "body", "description": "User-facing text input.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/StringInsecureDeserializationJsonDetection" } } }, "security": [ { "Apikey": [] } ] } }, "/security/threat-detection/content/sql-injection/detect/string": { "post": { "tags": [ "ContentThreatDetection" ], "summary": "Check text input for SQL Injection (SQLI) attacks", "description": "Detects SQL Injection (SQLI) attacks from text input.", "operationId": "ContentThreatDetection_CheckSqlInjectionString", "consumes": [ "application/json", "text/json" ], "produces": [ "application/json", "text/json", "application/xml", "text/xml" ], "parameters": [ { "name": "value", "in": "body", "description": "User-facing text input.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/StringSqlInjectionDetectionResult" } } }, "security": [ { "Apikey": [] } ] } }, "/security/threat-detection/content/xss/detect/string": { "post": { "tags": [ "ContentThreatDetection" ], "summary": "Protect text input from Cross-Site-Scripting (XSS) attacks through normalization", "description": "Detects and removes XSS (Cross-Site-Scripting) attacks from text input through normalization. Returns the normalized result, as well as information on whether the original input contained an XSS risk.", "operationId": "ContentThreatDetection_ProtectXss", "consumes": [ "application/json", "text/json" ], "produces": [ "application/json", "text/json", "application/xml", "text/xml" ], "parameters": [ { "name": "value", "in": "body", "description": "User-facing text input.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/StringXssProtectionResult" } } }, "security": [ { "Apikey": [] } ] } }, "/security/threat-detection/content/xxe/detect/xml/string": { "post": { "tags": [ "ContentThreatDetection" ], "summary": "Protect text input from XML External Entity (XXE) attacks", "description": "Detects XXE (XML External Entity) attacks from XML text input.", "operationId": "ContentThreatDetection_CheckXxe", "consumes": [ "application/json", "text/json" ], "produces": [ "application/json", "text/json", "application/xml", "text/xml" ], "parameters": [ { "name": "value", "in": "body", "description": "User-facing text input.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/StringXxeDetectionResult" } } }, "security": [ { "Apikey": [] } ] } }, "/security/threat-detection/network/url/ssrf/detect": { "post": { "tags": [ "NetworkThreatDetection" ], "summary": "Check a URL for Server-side Request Forgery (SSRF) threats", "description": "Checks if an input URL is at risk of being an SSRF (Server-side request forgery) threat or attack.", "operationId": "NetworkThreatDetection_DetectSsrfUrl", "consumes": [ "application/json", "text/json" ], "produces": [ "application/json", "text/json", "application/xml", "text/xml" ], "parameters": [ { "name": "request", "in": "body", "description": "Input URL request", "required": true, "schema": { "$ref": "#/definitions/UrlSsrfThreatDetectionRequestFull" } } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/UrlSsrfThreatDetectionResponseFull" } } }, "security": [ { "Apikey": [] } ] } }, "/security/threat-detection/network/ip/is-threat": { "post": { "tags": [ "NetworkThreatDetection" ], "summary": "Check if IP address is a known threat", "description": "Check if the input IP address is a known threat IP address. Checks against known bad IPs, botnets, compromised servers, and other lists of threats.", "operationId": "NetworkThreatDetection_IsThreat", "consumes": [ "application/json", "text/json" ], "produces": [ "application/json", "text/json", "application/xml", "text/xml" ], "parameters": [ { "name": "value", "in": "body", "description": "IP address to check, e.g. \"55.55.55.55\". The input is a string so be sure to enclose it in double-quotes.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/IPThreatDetectionResponse" } } }, "security": [ { "Apikey": [] } ] } }, "/security/threat-detection/network/ip/is-bot": { "post": { "tags": [ "NetworkThreatDetection" ], "summary": "Check if IP address is a Bot client threat", "description": "Check if the input IP address is a Bot, robot, or otherwise a non-user entity. Leverages real-time signals to check against known high-probability bots..", "operationId": "NetworkThreatDetection_IsBot", "consumes": [ "application/json", "text/json" ], "produces": [ "application/json", "text/json", "application/xml", "text/xml" ], "parameters": [ { "name": "value", "in": "body", "description": "IP address to check, e.g. \"55.55.55.55\". The input is a string so be sure to enclose it in double-quotes.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/ThreatDetectionBotCheckResponse" } } }, "security": [ { "Apikey": [] } ] } }, "/security/threat-detection/network/ip/is-tor-node": { "post": { "tags": [ "NetworkThreatDetection" ], "summary": "Check if IP address is a Tor node server", "description": "Check if the input IP address is a Tor exit node server. Tor servers are a type of privacy-preserving technology that can hide the original IP address who makes a request.", "operationId": "NetworkThreatDetection_IsTorNode", "consumes": [ "application/json", "text/json" ], "produces": [ "application/json", "text/json", "application/xml", "text/xml" ], "parameters": [ { "name": "value", "in": "body", "description": "IP address to check, e.g. \"55.55.55.55\". The input is a string so be sure to enclose it in double-quotes.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/ThreatDetectionTorNodeResponse" } } }, "security": [ { "Apikey": [] } ] } } }, "definitions": { "StringAutomaticThreatDetection": { "description": "Result of performing an Insecure Deserialization JSON protection operation", "type": "object", "properties": { "Successful": { "description": "True if the operation was successful, false otherwise", "type": "boolean" }, "CleanResult": { "type": "boolean" }, "ContainedJsonInsecureDeserializationAttack": { "description": "True if the input contained Insecure Deserialization JSON, false otherwise", "type": "boolean" }, "ContainedXssThreat": { "description": "True if the input contained XSS attack, false otherwise", "type": "boolean" }, "ContainedXxeThreat": { "description": "True if the input contained XXE attack, false otherwise", "type": "boolean" }, "ContainedSqlInjectionThreat": { "description": "True if the input contained SQL Injection attack, false otherwise", "type": "boolean" }, "ContainedSsrfThreat": { "description": "True if the input contained an Server-Side Request Forgery (SSRF) URL attack, false otherwise", "type": "boolean" }, "IsXML": { "description": "True if the input string is XML, false otherwise", "type": "boolean" }, "IsJSON": { "description": "True if the input string is JSON, false otherwise", "type": "boolean" }, "IsURL": { "description": "True if the input string is a URL, false otherwise", "type": "boolean" }, "OriginalInput": { "description": "Original input string", "type": "string" } } }, "StringInsecureDeserializationJsonDetection": { "description": "Result of performing an Insecure Deserialization JSON protection operation", "type": "object", "properties": { "Successful": { "description": "True if the operation was successful, false otherwise", "type": "boolean" }, "ContainedJsonInsecureDeserializationAttack": { "description": "True if the input contained Insecure Deserialization JSON, false otherwise", "type": "boolean" }, "OriginalInput": { "description": "Original input string", "type": "string" } } }, "StringSqlInjectionDetectionResult": { "description": "Result of performing an SQL Injection protection operation", "type": "object", "properties": { "Successful": { "description": "True if the operation was successful, false otherwise", "type": "boolean" }, "ContainedSqlInjectionAttack": { "description": "True if the input contained SQL Injection attacks, false otherwise", "type": "boolean" }, "OriginalInput": { "description": "Original input string", "type": "string" } } }, "StringXssProtectionResult": { "description": "Result of performing an XSS protection operation", "type": "object", "properties": { "Successful": { "description": "True if the operation was successful, false otherwise", "type": "boolean" }, "ContainedXss": { "description": "True if the input contained XSS scripting, false otherwise", "type": "boolean" }, "OriginalInput": { "description": "Original input string", "type": "string" }, "NormalizedResult": { "description": "Normalized string result, with XSS removed", "type": "string" } } }, "StringXxeDetectionResult": { "description": "Result of performing an XXE threat detection operation", "type": "object", "properties": { "Successful": { "description": "True if the operation was successful, false otherwise", "type": "boolean" }, "ContainedXxe": { "description": "True if the input contained XXE threats, false otherwise", "type": "boolean" } } }, "UrlSsrfThreatDetectionRequestFull": { "description": "Request to determine if a URL is an SSRF threat check", "type": "object", "properties": { "URL": { "description": "URL to validate", "type": "string" }, "BlockedDomains": { "description": "Top level domains that you do not want to allow access to, e.g. mydomain.com - will block all subdomains as well", "type": "array", "items": { "type": "string" } } } }, "UrlSsrfThreatDetectionResponseFull": { "description": "Result of checking a URL for SSRF threats", "type": "object", "properties": { "CleanURL": { "description": "True if the URL is clean, false if it is at risk of containing an SSRF threat or attack", "type": "boolean" }, "ThreatLevel": { "description": "Threat level of the URL; possible values are High, Medium, Low and None", "type": "string" } } }, "IPThreatDetectionResponse": { "description": "Result of performing a IP threat check on an IP address", "type": "object", "properties": { "IsThreat": { "description": "True if the input IP address is a threat, false otherwise", "type": "boolean" }, "ThreatType": { "description": "Specifies the type of IP threat; possible values include Blocklist, Botnet, WebBot", "type": "string" } } }, "ThreatDetectionBotCheckResponse": { "description": "Result of performing a Bot check on an IP address", "type": "object", "properties": { "IsBot": { "description": "True if the input IP address is a Bot or Robot, false otherwise", "type": "boolean" } } }, "ThreatDetectionTorNodeResponse": { "description": "Result of performing a Tor node check on an IP address", "type": "object", "properties": { "IsTorNode": { "description": "True if the input IP address is a Tor exit node, false otherwise", "type": "boolean" } } } }, "securityDefinitions": { "Apikey": { "type": "apiKey", "description": "API Key Authentication", "name": "Apikey", "in": "header" } } }