API Endpoints
/
Saved Searches

urlscan.io APIs (1.0.0)

Introduction

API endpoints for urlscan.io and urlscan Pro. Most of these API endpoints require authentication.

The fastest way to start working with our APIs is by using one of the many existing commercial or open-source integrations.

External Resources

Download OpenAPI description
urlscan-openapi.json
urlscan-openapi.yaml
Overview
urlscan Support

support@urlscan.io

Languages
Servers

https://urlscan.io/

Generic

API endpoints related to the platform or the user account.

Operations

Scanning

These APIs allow URLs to be scanned and the results of the scans to be retrieved.

Operations

Search

The Search API allows users to search for historically website scans, hostnames, domains, TLS certificates and incidents.

Operations

Live Scanning

urlscan Pro - Live Scanning allows users to scan websites from different geographical locations and using different device settings.

See additional info about this proprietary feature on urlscan Pro.

Operations

Saved Searches

urlscan Pro - Saved Searches are rules that are executed inline against new incoming scans and hostnames.

Operations

Saved Searches

Request

Get a list of Saved Searches for the current user.

Security
apikeyAuth
curl -i -X GET \
  https://urlscan.io/api/v1/user/searches/ \
  -H 'api-key: YOUR_API_KEY_HERE'

Responses

Successful response

Bodyapplication/json
searchesArray of objects(savedSearchSchema)
Example: [{"search":{"_id":"{{searchId}}","datasource":"scans","query":"page.domain:postman.co","name":"Testsearch","description":"Saved Search for testing purposes","longDescription":"This Saved Search was created for testing purposes by Postman","tlp":"red","userTags":["private.privatetag"],"permissions":["team:read","team:write"]}}]
Response
application/json
{
  "searches": [
    {}
  ]
}

Create Saved Search

Request

Create a Saved Search.

Security
apikeyAuth
Bodyapplication/json
_idstring

Unique ID of the Saved Search

datasourcestring

Which data this Saved Search operates on

Enum"hostnames""scans"
descriptionstring

Short description.

longDescriptionstring

Long description.

namestring

User-facing short name.

permissionsArray of strings

Determine whether other users on the team or on urlscan Pro can see the search.

Items Enum"public:read""team:read""team:write"
querystring

Search API query

tlpstring

TLP (Traffic Light Protocol) indicator for other users on the urlscan Pro platform

Enum"green""amber""red"
usertagsArray of arrays

User-supplied tags to be applied to matching items. Need to be prefixed with pro., public., private., or team. to control visibility.

curl -i -X POST \
  https://urlscan.io/api/v1/user/searches/ \
  -H 'Content-Type: application/json' \
  -H 'api-key: YOUR_API_KEY_HERE' \
  -d '{
    "search": {
      "_id": "{{searchId}}",
      "datasource": "scans",
      "query": "page.domain:postman.co",
      "name": "Testsearch",
      "description": "Saved Search for testing purposes",
      "longDescription": "This Saved Search was created for testing purposes by Postman",
      "tlp": "red",
      "userTags": [
        "private.privatetag"
      ],
      "permissions": [
        "team:read",
        "team:write"
      ]
    }
  }'

Responses

OK

Bodyapplication/json
uuidstring(uuid)required

UUID of the created saved search

Response
application/json
{
  "uuid": "10dae531-a98a-42fc-8c6f-cb8610ec0c10"
}

Update Saved Search

Request

Update a Saved Search.

Security
apikeyAuth
Path
searchIdstringrequired
Example: {{searchId}}
Bodyapplication/json
_idstring

Unique ID of the Saved Search

datasourcestring

Which data this Saved Search operates on

Enum"hostnames""scans"
descriptionstring

Short description.

longDescriptionstring

Long description.

namestring

User-facing short name.

permissionsArray of strings

Determine whether other users on the team or on urlscan Pro can see the search.

Items Enum"public:read""team:read""team:write"
querystring

Search API query

tlpstring

TLP (Traffic Light Protocol) indicator for other users on the urlscan Pro platform

Enum"green""amber""red"
usertagsArray of arrays

User-supplied tags to be applied to matching items. Need to be prefixed with pro., public., private., or team. to control visibility.

curl -i -X PUT \
  'https://urlscan.io/api/v1/user/searches/{{searchId}}/' \
  -H 'Content-Type: application/json' \
  -H 'api-key: YOUR_API_KEY_HERE' \
  -d '{
    "search": {
      "_id": "{{searchId}}",
      "datasource": "scans",
      "query": "page.domain:postman.co",
      "name": "Testsearch",
      "description": "Saved Search for testing purposes",
      "longDescription": "This Saved Search was created for testing purposes by Postman",
      "tlp": "red",
      "userTags": [
        "private.privatetag"
      ],
      "permissions": [
        "team:read",
        "team:write"
      ]
    }
  }'

Responses

OK

Bodyapplication/json
object
Response
application/json
{
  "uuid": "10dae531-a98a-42fc-8c6f-cb8610ec0c10"
}

Delete Saved Search

Request

Delete a Saved Search

Security
apikeyAuth
Path
searchIdstringrequired
Example: {{searchId}}
curl -i -X DELETE \
  'https://urlscan.io/api/v1/user/searches/{{searchId}}/' \
  -H 'api-key: YOUR_API_KEY_HERE'

Responses

OK

Bodyapplication/json
uuidstring(uuid)required

UUID of the deleted saved search

Response
application/json
{
  "uuid": "10dae531-a98a-42fc-8c6f-cb8610ec0c10"
}

Saved Search Search Results

Request

Get the search results for a specific Saved Search.

Security
apikeyAuth
Path
searchIdstringrequired
Enum"scans""hostnames"
Example: {{searchId}}
curl -i -X GET \
  'https://urlscan.io/api/v1/user/searches/{{searchId}}/results/' \
  -H 'api-key: YOUR_API_KEY_HERE'

Responses

Successful response

Subscriptions

urlscan Pro - Subscriptions allow notifications for Saved Searches.

Operations

Hostnames

urlscan Pro - Historical information on hostnames and domains

Operations

Brands

urlscan Pro - Information about tracked brands

Operations

Files

urlscan Pro - Downloaded files

Operations

Incidents

urlscan Pro - Incidents track observables, like hostnames and domains, and automatically scan and alert on changes.

Operations