Get Indicator
curl --request GET \
--url https://api.example.com/v1/indicators/{id} \
--header 'Authorization: <api-key>'import requests
url = "https://api.example.com/v1/indicators/{id}"
headers = {"Authorization": "<api-key>"}
response = requests.get(url, headers=headers)
print(response.text)const options = {method: 'GET', headers: {Authorization: '<api-key>'}};
fetch('https://api.example.com/v1/indicators/{id}', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.example.com/v1/indicators/{id}",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => [
"Authorization: <api-key>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"net/http"
"io"
)
func main() {
url := "https://api.example.com/v1/indicators/{id}"
req, _ := http.NewRequest("GET", url, nil)
req.Header.Add("Authorization", "<api-key>")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.get("https://api.example.com/v1/indicators/{id}")
.header("Authorization", "<api-key>")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.example.com/v1/indicators/{id}")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Get.new(url)
request["Authorization"] = '<api-key>'
response = http.request(request)
puts response.read_body{
"indicator": {
"id": "<string>",
"type": "INDICATOR_TYPE_UNSPECIFIED",
"value": "<string>",
"categories": [
"THREAT_CATEGORY_UNSPECIFIED"
],
"severity": "SEVERITY_UNSPECIFIED",
"confidenceScore": 123,
"tlp": "TLP_MARKING_UNSPECIFIED",
"state": "INDICATOR_STATE_UNSPECIFIED",
"firstSeen": "2023-11-07T05:31:56Z",
"lastSeen": "2023-11-07T05:31:56Z",
"validUntil": "2023-11-07T05:31:56Z",
"sources": [
{
"id": "<string>",
"name": "<string>",
"reliability": 123,
"reportedAt": "2023-11-07T05:31:56Z"
}
],
"sightings": [
{
"sourceId": "<string>",
"observedAt": "2023-11-07T05:31:56Z",
"count": "<string>"
}
],
"enrichment": {
"geo": {
"countryCode": "<string>",
"city": "<string>",
"latitude": 123,
"longitude": 123
},
"asn": {
"number": 123,
"organization": "<string>"
},
"reverseDns": "<string>",
"malwareFamilies": [
"<string>"
],
"attackTechniques": [
"<string>"
],
"aiSummary": "<string>",
"riskScore": 123,
"enrichedAt": "2023-11-07T05:31:56Z"
},
"tags": [
"<string>"
],
"labels": [
{
"key": "<string>",
"value": "<string>"
}
],
"createdAt": "2023-11-07T05:31:56Z",
"updatedAt": "2023-11-07T05:31:56Z",
"protocol": "PROTOCOL_UNSPECIFIED",
"sensorType": "SENSOR_TYPE_UNSPECIFIED"
}
}{
"code": 123,
"message": "<string>",
"details": [
{
"@type": "<string>"
}
]
}Indicators
Get Indicator
Retrieve a single threat indicator by ID.
GET
/
v1
/
indicators
/
{id}
Get Indicator
curl --request GET \
--url https://api.example.com/v1/indicators/{id} \
--header 'Authorization: <api-key>'import requests
url = "https://api.example.com/v1/indicators/{id}"
headers = {"Authorization": "<api-key>"}
response = requests.get(url, headers=headers)
print(response.text)const options = {method: 'GET', headers: {Authorization: '<api-key>'}};
fetch('https://api.example.com/v1/indicators/{id}', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.example.com/v1/indicators/{id}",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => [
"Authorization: <api-key>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"net/http"
"io"
)
func main() {
url := "https://api.example.com/v1/indicators/{id}"
req, _ := http.NewRequest("GET", url, nil)
req.Header.Add("Authorization", "<api-key>")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.get("https://api.example.com/v1/indicators/{id}")
.header("Authorization", "<api-key>")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.example.com/v1/indicators/{id}")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Get.new(url)
request["Authorization"] = '<api-key>'
response = http.request(request)
puts response.read_body{
"indicator": {
"id": "<string>",
"type": "INDICATOR_TYPE_UNSPECIFIED",
"value": "<string>",
"categories": [
"THREAT_CATEGORY_UNSPECIFIED"
],
"severity": "SEVERITY_UNSPECIFIED",
"confidenceScore": 123,
"tlp": "TLP_MARKING_UNSPECIFIED",
"state": "INDICATOR_STATE_UNSPECIFIED",
"firstSeen": "2023-11-07T05:31:56Z",
"lastSeen": "2023-11-07T05:31:56Z",
"validUntil": "2023-11-07T05:31:56Z",
"sources": [
{
"id": "<string>",
"name": "<string>",
"reliability": 123,
"reportedAt": "2023-11-07T05:31:56Z"
}
],
"sightings": [
{
"sourceId": "<string>",
"observedAt": "2023-11-07T05:31:56Z",
"count": "<string>"
}
],
"enrichment": {
"geo": {
"countryCode": "<string>",
"city": "<string>",
"latitude": 123,
"longitude": 123
},
"asn": {
"number": 123,
"organization": "<string>"
},
"reverseDns": "<string>",
"malwareFamilies": [
"<string>"
],
"attackTechniques": [
"<string>"
],
"aiSummary": "<string>",
"riskScore": 123,
"enrichedAt": "2023-11-07T05:31:56Z"
},
"tags": [
"<string>"
],
"labels": [
{
"key": "<string>",
"value": "<string>"
}
],
"createdAt": "2023-11-07T05:31:56Z",
"updatedAt": "2023-11-07T05:31:56Z",
"protocol": "PROTOCOL_UNSPECIFIED",
"sensorType": "SENSOR_TYPE_UNSPECIFIED"
}
}{
"code": 123,
"message": "<string>",
"details": [
{
"@type": "<string>"
}
]
}Fetch one indicator by its deterministic ID (derived from sensor event fingerprint).
Indicator states
Only indicators inENRICHED or VERIFIED state are returned via the public API. Raw pipeline events are not exposed.
Example
curl -s https://api.reyhford.com/v1/indicators/{id} \
-H "Authorization: Bearer $REYHFORD_API_KEY"
Response fields
Includes protocol, source IP, destination port, MITRE technique/tactic, confidence score, sensor metadata, and optional IP reputation JSON.Authentication
Requires WorkOS JWT or API key withindicators:read scope.⌘I