API Documentation
Reference documentation for the blackhat.ie threat intelligence API.
Authentication
Most endpoints require authentication via request headers.
Standard authentication header:
X-Internal-Token: <your-token>Admin endpoints additionally require:
X-Admin-Token: <your-admin-token>Public endpoints (no authentication required):
/health/rss.xml/audio/feed.xml/audio/:date/stream/stix/bundleEndpoints
Intelligence
/api/v1/postsQuery intelligence posts with filtering and pagination.
| Parameter | Description |
|---|---|
source_id | Filter by source ID |
category | Filter by category |
threat_level | Filter by threat level |
search | Full-text search query |
from_date | Start date filter (ISO 8601) |
to_date | End date filter (ISO 8601) |
limit | Results per page (max 100) |
offset | Pagination offset |
/api/v1/posts/latestGet the most recent intelligence posts.
| Parameter | Description |
|---|---|
hours | Lookback window in hours (max 168) |
limit | Number of results |
/api/v1/posts/:idGet a single intelligence post by ID.
/api/v1/articlesQuery synthesised intelligence articles.
| Parameter | Description |
|---|---|
threat_level | Filter by threat level |
featured | Filter featured articles only |
limit | Results per page |
offset | Pagination offset |
/api/v1/articles/latestGet the most recent articles.
| Parameter | Description |
|---|---|
hours | Lookback window in hours |
limit | Number of results |
/api/v1/articles/:slugGet a single article by its URL slug.
Threat Actors
/api/v1/actorsList all tracked threat actors with associated post counts.
/api/v1/actors/:nameGet threat actor detail with linked intelligence posts.
Sectors
/api/v1/sectorsList all sectors with associated post counts.
/api/v1/sectors/:slugGet sector detail with posts and statistics.
MITRE ATT&CK
/api/v1/mitre/heatmapGet technique and tactic frequency data for heatmap visualisation.
| Parameter | Description |
|---|---|
days | Lookback window in days (max 90) |
/api/v1/mitre/techniques/:idGet intelligence posts tagged with a specific MITRE technique.
Compliance
/api/v1/compliance/overviewGet compliance tag frequencies across intelligence.
| Parameter | Description |
|---|---|
days | Lookback window in days |
/api/v1/compliance/:frameworkGet posts tagged with a specific compliance framework (NIS2, DORA, GDPR).
OSINT
/api/v1/osintList indicators of compromise.
| Parameter | Description |
|---|---|
type | Filter by indicator type (ip, domain, hash, cve, url, email) |
limit | Number of results |
/api/v1/osint/searchSearch indicators of compromise.
| Parameter | Description |
|---|---|
q | Search query (minimum 2 characters) |
/api/v1/osint/statsGet IOC counts grouped by indicator type.
Audio Briefings
/api/v1/audioList available audio briefings.
/api/v1/audio/latestGet metadata for the latest audio briefing.
/api/v1/audio/:date/streamPublicStream the MP3 audio briefing for a given date.
Feeds
/api/v1/rss.xmlPublicRSS 2.0 feed of intelligence reports.
/api/v1/audio/feed.xmlPublicPodcast RSS feed for audio briefings.
Export
/api/v1/stix/bundlePublicExport intelligence as a STIX 2.1 bundle.
| Parameter | Description |
|---|---|
days | Lookback window in days (max 90) |
Stats
/api/v1/statsGet platform-wide statistics.
/api/v1/healthPublicHealth check endpoint.
Rate Limits
| Endpoint Type | Limit | Exceeded Response |
|---|---|---|
| Read endpoints | 120 requests/minute | HTTP 429 |
| Admin endpoints | 10 requests/minute | HTTP 429 |
Response Format
All responses are JSON. Errors return a standard error object:
{"detail": "error message"}