{"id":19873071,"url":"https://github.com/checkpointsw/reputation-service-api","last_synced_at":"2025-08-21T16:24:54.157Z","repository":{"id":39998484,"uuid":"232097222","full_name":"CheckPointSW/reputation-service-api","owner":"CheckPointSW","description":"Leverage the Check Point’s threat intelligence to enrich your SIEM and SOAR solutions and to secure your business applications and websites by using simple RESTful APIs.","archived":false,"fork":false,"pushed_at":"2025-07-13T14:05:47.000Z","size":2474,"stargazers_count":28,"open_issues_count":1,"forks_count":7,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-07-13T14:38:34.024Z","etag":null,"topics":["reputation-service"],"latest_commit_sha":null,"homepage":"https://app.swaggerhub.com/apis-docs/Check-Point/reputation-service/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CheckPointSW.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-01-06T12:34:23.000Z","updated_at":"2025-07-13T14:05:51.000Z","dependencies_parsed_at":"2025-05-02T09:39:50.285Z","dependency_job_id":"103b272f-64ef-4936-bbaf-6d928468cb43","html_url":"https://github.com/CheckPointSW/reputation-service-api","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/CheckPointSW/reputation-service-api","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CheckPointSW%2Freputation-service-api","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CheckPointSW%2Freputation-service-api/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CheckPointSW%2Freputation-service-api/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CheckPointSW%2Freputation-service-api/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CheckPointSW","download_url":"https://codeload.github.com/CheckPointSW/reputation-service-api/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CheckPointSW%2Freputation-service-api/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271507275,"owners_count":24771823,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-21T02:00:08.990Z","response_time":74,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["reputation-service"],"created_at":"2024-11-12T16:17:42.505Z","updated_at":"2025-08-21T16:24:54.138Z","avatar_url":"https://github.com/CheckPointSW.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Check Point Reputation Service API\n\n - [What can you expect to get from the APIs](#what-can-you-expect-to-get-from-the-apis) \n - [Getting Started with the Reputation Service API](#getting-started-with-the-reputation-service-api)\n - [Get your API Key from us](#get-your-api-key)\n - [Swagger - for easy API usage and reference](#swagger)\n - [How to generate an authentication token?](#authentication)\n - [The services APIs](#the-services-apis)\n - [Response](#response)\n - [Response Status Codes](#response-status-codes)\n\n## **Overview**\n\nLeverage **Check Point’s** threat intelligence to enrich your SIEM and SOAR solutions, and secure your business applications and websites using simple RESTful APIs.\n\n**Check Point's Reputation Service API** offers the following capabilities:\n\n- [**URL Reputation**](#url-reputation-service) - Returns the classification and associated risk of accessing a given **domain or URL**.\n- [**File Reputation**](#file-reputation-service) - Returns the risk level of downloading a file based on its **hash (MD5/SHA1/SHA256)**.\n- [**IP Reputation**](#ip-reputation-service) - Returns the classification and associated risk of accessing a resource hosted on a given **IP address**.\n\n\n## What can you expect to get from the APIs\n\nAn important field from the response is the assessed risk of accessing the queried resource.\nEach risk (0-100) is accompanied with the **Confidence** and the **Severity**, and our **Recommended Action**.\n\n**Risk Threshold Guide**\n\n| **Risk Range** | **Description** | **Confidence** | **Severity** | **Recommended Action** |\n| -------------- | ------------------------------------------------------------------------------------ | --------------- | ------------- | ----------------------- |\n| Risk=0 | Indications of a legit website. | High | N/A | Allow list |\n| Risk=34 | The service couldn't classify the domain. not enough data for this resource. | Low/Medium/High | Low/Medium | N/A |\n| Risk=50 | Anonymizers, hosting and parked websites, Unknown files. | Medium/High | Medium | N/A |\n| Risk=64 | Browsing to the resource should be done with extra caution. | Low | High/Critical | Caution |\n| Risk=80 | There are circumstantial evidences that ties the resource to malicious activity. | Medium | High/Critical | Block |\n| Risk=100 | Known malicious resource by at least one trusted vendors. | High | High/Critical | Block |\n\nFurther context details like **Classification**, **Categories**, **Popularity** and more can be found in the full json [Response](#response).\nExpect different fields corresponding to the service type you choose (URL / IP / FILE).\n\n## Getting Started with the Reputation Service API \n\n### Get your API Key \n\nTo get started with the APIs, please [contact us](mailto:TCAPI_SUPPORT@checkpoint.com). \nWe will provide you with a trial API key along with a daily quota. If you exceed your quota, the API will return a 429 (Too Many Requests) status code.\n\n## Swagger\n\nCheck out our [Swagger UI](https://app.swaggerhub.com/apis-docs/Check-Point/reputation-service/) to easily explore and use the API.\n\n## Authentication\n\n### **Rep-Auth Service**\n\nAuthentication to the reputation service is aquired using a token generated by the **rep-auth** service.\n* The token expires after one week, to renew the authentication - send a new token request.\n* A token should look like this: `exp=1578566241~acl=/*~hmac=95add7c04faa2e7831b451fd45503e4a2ac0598c7e84a5ace7dd611d7b483e5f`\n\n#### **How to generate a token**?\n\nTo generate a token, send an **HTTPS GET** request to the following endpoint: \u003chttps://rep.checkpoint.com/rep-auth/service/v1.0/request\u003e\n\n* Include the Client-Key header with your trial API key in your request.\n* If the header is missing or invalid, the server will respond with an **HTTP 401 Unauthorized** status code.\n\n**How do I know that the token has expired?**\n\nIf your token has expired, the service will respond with an **HTTP 403 Forbidden** status code.\n\n## The services APIs\n\n### **URL Reputation Service**\n\n#### Request\n\nSend an **HTTPS POST** request to the following endpoint: https://rep.checkpoint.com/url-rep/service/v3.0/query?resource={url}\n\nRequest headers: \n\n - \"Client-Key\":  Your trial API key.\n - \"token\": the token you have received from the rep-auth service.\n\nRequest body, use JSON format:\n \n```js\n{\n \"request\": [{\n \"resource\": \"{url}\"\n }]\n}\n```\n\n| **Parameter Name** | **Type** | **is Optional** | **Description** |\n| ------------------ | -------- | --------------- | ------------------------------ |\n| resource | String | No | the URL to query about |\n\n#### **URL classifications**\n\n| **Classification** | **Description** | **Severity** |\n| ------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ |\n| Adware | A website that operates in legal gray areas by collecting users’ private data without clear consent, displaying unwanted or intrusive content (such as pop-up ads), or embedding sub-applications that initiate unsolicited downloads. Visit [Checkpoint's blog: \"What is Adware?\" for further education](https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-adware/) | Low |\n| Volatile Website | A website that contains malicious software, for example: hacking websites. | Medium |\n| Benign | A legit website, which don't serve any malicious purpose. | N/A |\n| CnC Server | A C\u0026C server is used by attackers to issue commands to, and receive data from, malware-infected devices (also known as bots or zombies). | Critical |\n| Compromised Website | A Legit website that was hacked and now serves a malicious purpose. | High |\n| Phishing | A website that attempt to obtain sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity, like a known company. Learn more at [Phishing Attacks. How does it work?](https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-phishing/)   | High |\n| Infecting Website | A website that may infect it’s visitors with malware. | High |\n| Infecting URL | A URL that may infect it’s visitors with malware. | High |\n| Web Hosting | A service that rents out server space to make websites accessible on the internet. | Medium |\n| File Hosting | A service that rents out server space to make files accessible on the internet. | Medium |\n| Parked | A website with no original content, often displaying ads. | Medium |\n| Spam | The url is used for spam. | High |\n| Cryptominer | The url is used for [cryptomining](https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-malware/what-is-crypto-malware/). | High |\n| Web Service | The URL is part of a platform (Email/Marketing platform for example). | High |\n| Malicious | Malicious websites, which serve for malicious purposes. | High |\n| Unclassified | The service couldn't classify the domain. there is not enough data about this resource. | N/A |\n\n### **File Reputation Service**\n\n#### Request \n\nSend an **HTTPS POST** request to the following endpoint: \u003chttps://rep.checkpoint.com/file-rep/service/v3.0/query?resource={file-hash}\u003e\n\nRequest headers: \n\n - \"Client-Key\":  Your trial API key.\n - \"token\": the token you have received from the rep-auth service.\n\nrequest body, use JSON format:\n\n```js\n{\n \"request\": [{\n \"resource\": \"{file-hash}\"\n }]\n}\n```\n\n| **Parameter Name** | **Type** | **Is Optional** | **Description** |\n| ------------------ | -------- | --------------- | ---------------------------------------- |\n| resource | String | No | SHA256 / MD5 / SHA1 of the file to query |\n\n### **File classifications**\n\n| **Classification** | **Description** | **Severity** |\n| ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ |\n| Unclassified | The service couldn't classify the hash. there is not enough data about this hash. | N/A |\n| Adware | Adware is a form of software that downloads or displays unwanted ads when a user is online, collects marketing data and other information without the user's knowledge or redirects search requests to advertising websites. | Low |\n| Riskware | Riskware are legitimate programs that can cause damage when exploited by malicious users – in order to delete, block, modify, or copy data, and disrupt the performance of computers or networks.| Medium |\n| Malware | A malicious file that can harm computers or networks. | High |\n| Benign | A legitimate file safe to run or process. | Medium |\n| Unknown | The service has never seen this file before. | N/A |\n| Spam | The file is used for spam. | High |\n| Cryptominer | The file is used for cryptomining. | High |\n| Phishing | File that attempt to obtain sensitive information such as usernames, passwords, and credit card details. | High |\n\n### **IP Reputation Service**\n\n#### Request\n\nSend an **HTTPS POST** request to the following endpoint: https://rep.checkpoint.com/ip-rep/service/v3.0/query?resource={ip}\n\nRequest headers: \n\n - \"Client-Key\":  Your trial API key.\n - \"token\": the token you have received from the rep-auth service.\n\nrequest body, use JSON format:\n\n```js\n{\n \"request\": [{\n \"resource\": \"{ip}\"\n }]\n}\n```\n\n| **Parameter Name** | **Type** | **Is Optional** | **Description** |\n| ------------------ | -------- | --------------- | --------------- |\n| resource | String | No | The IP to query |\n\n### **IP classifications**\n\n| **Classification** | **Description** | **Severity** |\n| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ |\n| Unclassified | The service couldn't classify the IP. there is not enough data about this IP. | N/A |\n| Adware | The IP's domains are operating in the gray areas of the law collecting private data on the users and display unwanted content. | Low |\n| Volatile | The IP's domains contain malicious software, for example hacking websites. | Medium |\n| Benign | A legit IP, which doesn't serve any malicious purpose. | N/A |\n| CnC Server | A Command and Control server used for cummunicating with malware. | Critical |\n| Compromised Server | A legit IP that was hacked and now serves a malicious purpose. | High |\n| Phishing | The IP's domains attempt to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity like a known company. | High |\n| Infection Source | The IP's domains may infect its visitors with malware. | High |\n| Web Hosting | The IP's domains allow to rent server space to make websites accessible on the internet. | Medium |\n| File Hosting | The IP's domains allow to renter server space to make files accessible on the internet. | Medium |\n| Parked | The IP's domains permanently do not have content. it may contain advertising content on pages that have been registered but do not yet have original content. | Medium |\n| Scanner | The IP is a known internet scanner. | Medium |\n| Anonymiser | The IP is a known TOR anonymity internet. | Medium |\n| Cryptominer | The IP's domains are used for cryptomining. | High |\n| Spam | The IP's domains are used for spam. | High |\n| Compromised Host | The IP belongs to a website which was hacked. | Medium |\n \n \n## **Response**\n\n\u003ctable\u003e\n \u003cthead\u003e\n \u003ctr class=\"header\"\u003e\n \u003cth\u003e\u003cstrong\u003eAttribute Name\u003c/strong\u003e\u003c/th\u003e\n \u003cth\u003e\u003cstrong\u003eType\u003c/strong\u003e\u003c/th\u003e\n \u003cth\u003e\u003cstrong\u003eDescription\u003c/strong\u003e\u003c/th\u003e\n \u003cth\u003e\u003cstrong\u003eInner Attribute\u003c/strong\u003e\u003c/th\u003e\n \u003cth\u003e\u003cstrong\u003eInner Attribute Description\u003c/strong\u003e\u003c/th\u003e\n \u003c/tr\u003e\n \u003c/thead\u003e\n \u003ctbody\u003e\n \u003ctr class=\"odd\"\u003e\n \u003ctd\u003estatus\u003c/td\u003e\n \u003ctd\u003eObject\u003c/td\u003e\n \u003ctd\u003eReflect the application status\u003c/td\u003e\n \u003ctd\u003e\u003cul\u003e\n \u003cli\u003e\u003cp\u003ecode\u003c/p\u003e\u003c/li\u003e\n \u003cli\u003e\u003cp\u003elabel\u003c/p\u003e\u003c/li\u003e\n \u003cli\u003e\u003cp\u003emessage\u003c/p\u003e\u003c/li\u003e\n \u003c/ul\u003e\u003c/td\u003e\n \u003ctd\u003e\u003cp\u003ecode: 2001\u003cbr /\u003e\n label: SUCCESS\u003cbr /\u003e\n message: Succeeded to generate reputation\u003c/p\u003e\n \u003cp\u003ecode: 2006\u003cbr /\u003e\n label: PARTIAL_SUCCESS\u003cbr /\u003e\n message: Some vendors are unavailable\u003c/p\u003e\n \u003c/tr\u003e\n \u003ctr class=\"even\"\u003e\n \u003ctd\u003eresource\u003c/td\u003e\n \u003ctd\u003eString\u003c/td\u003e\n \u003ctd\u003eThe URL from the request\u003c/td\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr class=\"odd\"\u003e\n \u003ctd\u003ereputation\u003c/td\u003e\n \u003ctd\u003eObject\u003c/td\u003e\n \u003ctd\u003eReputation meta-data\u003c/td\u003e\n \u003ctd\u003eclassification\u003c/td\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr class=\"even\"\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003eseverity\u003c/td\u003e\n \u003ctd\u003eThe severity of the classification.\u003cbr/\u003e\n Possible values:\n \u003cul\u003e\n \u003cli\u003eN/A\u003c/li\u003e\n \u003cli\u003eLow\u003c/li\u003e\n \u003cli\u003eMedium\u003c/li\u003e\n \u003cli\u003eHigh\u003c/li\u003e\n \u003cli\u003eCritical\u003c/li\u003e\n \u003c/ul\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr class=\"odd\"\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003econfidence\u003c/td\u003e\n \u003ctd\u003e\u003cp\u003eHow much the service is confident with the reputation response.\u003cbr/\u003e\n Possible values:\u003c/p\u003e\n \u003cul\u003e\n \u003cli\u003eN/A\u003c/li\u003e\n \u003cli\u003eLow\u003c/li\u003e\n \u003cli\u003eMedium\u003c/li\u003e\n \u003cli\u003eHigh\u003c/li\u003e\n \u003c/ul\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n\u003c/table\u003e\n\n### **Response Status Codes**\n\n| **HTTP Response Code** | **Description** |\n| ---------------------- | ---------------------------------------------------------------------------------------------------------------------- |\n| 200 | OK |\n| 400 | Bad request - either the resource is not valid or the request parameter doesn't match the resource in the request body |\n| 401 | Bad or missing \"Client-Key\" header |\n| 403 | Bad or missing \"token\" header |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcheckpointsw%2Freputation-service-api","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcheckpointsw%2Freputation-service-api","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcheckpointsw%2Freputation-service-api/lists"}