API Information
Use Our API
If you'll be doing just a few lookups each day, you can use our simple API. This method accepts an HTTP POST request and returns a response indicating a url's status in our database.
Request ParametersName | Value |
---|---|
url | The URL to check. This should be either urlencoded or base64 encoded. |
format | The format in which you would like the response data. Valid options are 'xml', 'php', and 'json'. The default behavior is to return XML. Example responses can be found below. |
app_key | Your application key. Optional, but without it the rate at which you can make requests will be much more limited. |
http://checkurl.staging.phishtank.com/checkurl/
User Agent String
We require that you use a descriptive User Agent string in your application to identify the application. If your User Agent is blank or generic, you may recieve an increased number of rate limited requests or be redirected to additional security checks. The recommended format is:
Header ParametersName | Value |
---|---|
User-Agent | Descriptive user agent string, e.g. phishtank/[username] |
Rate Limiting
To reduce abuse and maintain our servers' ability to serve all of our users, we have implemented request rate limits for both methods. In all cases you will get a higher limit by using a valid API key, to encourage people to register their applications. Going over-limit will result in an HTTP 509 error. Users going grossly over the limit and not throttling their apps may, at our discretion, be blocked at the firewall level. You will find information in the response headers regarding the limit:
Response | Description |
---|---|
X-Request-Limit-Interval | The amount of time over which the request rate is enforced. This will be in the format of '<number> Seconds'. Example: '300 Seconds' |
X-Request-Limit | A number representing the maximum number of requests within the time period given in X-Request-Limit-Interval |
X-Request-Count | A number representing the number of connections already made within that time period. Remaining requests = (X-Request-Limit - X-Request-Count) |
If you find your application is constantly hitting the limit, please feel free to get in touch with us via the developers mailing list. Odds are good that if you're using the API and hitting the limit often, the best solution is to periodically download a local copy of the database and do your lookups locally.
Sample Reponses
XML<response> <meta> ... </meta> <results> <url0> <url>https://www.example.org/</url> <in_database>true</in_database> <phish_id>11728</phish_id> <phish_detail_page> http://www.staging.phishtank.com/phish_detail.php?phish_id=11728 </phish_detail_page> <verified>true</verified> <verified_at>2006-10-01T02:32:23+00:00</verified_at> <valid>true</valid> <submitted_at>2006-10-01T02:28:46+00:00</submitted_at> </url0> </results> </response>PHP/JSON
array('results' => array('url' => 'https://www.example.org/', 'in_database' => true, 'phish_id' => 11728, 'phish_detail_page' => 'http://www.staging.phishtank.com/phish_detail.php?phish_id=11728', 'verified' => 'y', 'verified_at' => '2006-10-01T02:32:23+00:00', 'valid' => 'y' ) )