API Endpoints
/
Saved Searches

urlscan.io APIs (1.0.0)

Introduction

API endpoints for urlscan.io and urlscan Pro. Most of these API endpoints require authentication.

The fastest way to start working with our APIs is by using one of the many existing commercial or open-source integrations.

External Resources

Download OpenAPI description
urlscan-openapi.json
urlscan-openapi.yaml
Overview
urlscan Support

support@urlscan.io

Languages
Servers

http://urlscan.io/

Generic

API endpoints related to the platform or the user account.

Operations

Scanning

These APIs allow URLs to be scanned and the results of the scans to be retrieved.

Operations

Search

The Search API allows users to search for historically website scans, hostnames, domains, TLS certificates and incidents.

Operations

Live Scanning

urlscan Pro - Live Scanning allows users to scan websites from different geographical locations and using different device settings.

See additional info about this proprietary feature on urlscan Pro.

Operations

Saved Searches

urlscan Pro - Saved Searches are rules that are executed inline against new incoming scans and hostnames.

Operations

Saved Searches

Request

Get a list of Saved Searches for the current user.

Security
apikeyAuth
curl -i -X GET \
  http://urlscan.io/api/v1/user/searches/ \
  -H 'api-key: YOUR_API_KEY_HERE'

Responses

Successful response

Bodyapplication/json
searchesArray of objects(savedSearchSchema)
Response
application/json
{
  "searches": [
    {}
  ]
}

Create Saved Search

Request

Create a Saved Search.

Security
apikeyAuth
Bodyapplication/json
_idstring

Unique ID of the Saved Search

datasourcestring

Which data this Saved Search operates on

Enum"hostnames""scans"
descriptionstring

Short description.

longDescriptionstring

Long description.

namestring

User-facing short name.

permissionsArray of strings

Determine whether other users on the team or on urlscan Pro can see the search.

Items Enum"public:read""team:read""team:write"
querystring

Search API query

tlpstring

TLP (Traffic Light Protocol) indicator for other users on the urlscan Pro platform

Enum"green""amber""red"
usertagsArray of arrays

User-supplied tags to be applied to matching items. Need to be prefixed with pro., public., private., or team. to control visibility.

curl -i -X POST \
  http://urlscan.io/api/v1/user/searches/ \
  -H 'Content-Type: application/json' \
  -H 'api-key: YOUR_API_KEY_HERE' \
  -d '{
    "_id": "string",
    "datasource": "hostnames",
    "description": "string",
    "longDescription": "string",
    "name": "string",
    "permissions": [
      "public:read"
    ],
    "query": "string",
    "tlp": "green",
    "usertags": []
  }'

Responses

OK

Bodyapplication/json
uuidstring(uuid)required

UUID of the created saved search

Response
application/json
{
  "uuid": "10dae531-a98a-42fc-8c6f-cb8610ec0c10"
}

Update Saved Search

Request

Update a Saved Search.

Security
apikeyAuth
Path
searchIdstringrequired
Example: {{searchId}}
Bodyapplication/json
searchobjectrequired
Example: {"_id":"{{searchId}}","datasource":"scans","query":"page.domain:postman.co","name":"Testsearch","description":"Saved Search for testing purposes - modified","longDescription":"This Saved Search was created for testing purposes by Postman","tlp":"red","userTags":["private.privatetag"],"permissions":["team:read","team:write"]}
search.​_idstring

The search ID

Example: "{{searchId}}"
search.​datasourcestringrequired

The data source for the search

Enum"scans""hostnames"
Example: "scans"
search.​querystringrequired

The search query

Example: "page.domain:postman.co"
search.​namestringrequired

The name of the saved search

Example: "Testsearch"
search.​descriptionstring

A short description of the saved search

Example: "Saved Search for testing purposes - modified"
search.​longDescriptionstring

A longer description of the saved search

Example: "This Saved Search was created for testing purposes by Postman"
search.​tlpstring

Traffic Light Protocol classification

Enum"red""amber""green""white"
Example: "red"
search.​userTagsArray of strings

User-defined tags

Example: ["private.privatetag"]
search.​permissionsArray of strings

Access permissions for the saved search

Example: ["team:read","team:write"]
curl -i -X PUT \
  'http://urlscan.io/api/v1/user/searches/{{searchId}}/' \
  -H 'Content-Type: application/json' \
  -H 'api-key: YOUR_API_KEY_HERE' \
  -d '{
    "search": {
      "_id": "{{searchId}}",
      "datasource": "scans",
      "query": "page.domain:postman.co",
      "name": "Testsearch",
      "description": "Saved Search for testing purposes - modified",
      "longDescription": "This Saved Search was created for testing purposes by Postman",
      "tlp": "red",
      "userTags": [
        "private.privatetag"
      ],
      "permissions": [
        "team:read",
        "team:write"
      ]
    }
  }'

Responses

OK

Bodyapplication/json
object
Response
application/json
{
  "uuid": "10dae531-a98a-42fc-8c6f-cb8610ec0c10"
}

Delete Saved Search

Request

Delete a Saved Search

Security
apikeyAuth
Path
searchIdstringrequired
Example: {{searchId}}
curl -i -X DELETE \
  'http://urlscan.io/api/v1/user/searches/{{searchId}}/' \
  -H 'api-key: YOUR_API_KEY_HERE'

Responses

OK

Bodyapplication/json
uuidstring(uuid)required

UUID of the deleted saved search

Response
application/json
{
  "uuid": "10dae531-a98a-42fc-8c6f-cb8610ec0c10"
}

Saved Search Search Results

Request

Get the search results for a specific Saved Search.

Security
apikeyAuth
Path
searchIdstringrequired
Enum"scans""hostnames"
Example: {{searchId}}
curl -i -X GET \
  'http://urlscan.io/api/v1/user/searches/{{searchId}}/results/' \
  -H 'api-key: YOUR_API_KEY_HERE'

Responses

Successful response

Subscriptions

urlscan Pro - Subscriptions allow notifications for Saved Searches.

Operations

Hostnames

urlscan Pro - Historical information on hostnames and domains

Operations

Brands

urlscan Pro - Information about tracked brands

Operations

Files

urlscan Pro - Downloaded files

Operations

Incidents

urlscan Pro - Incidents track observables, like hostnames and domains, and automatically scan and alert on changes.

Operations