Client API v1

PhishFort Client API

Integrate with PhishFort's incident management platform. Report threats, track takedowns, and query phishing incidents — all through a single REST interface.

Get Started View Endpoints

Production https://capi.phishfort.com/v1/

Deprecation Notice

The statusVerbose field will be deprecated on 30th April 2026. Please use the status field instead, which returns the same computed verbose status values. See Status Values for details.

Quick Start

Authenticate every request by passing your API key in the x-api-key header. See Authentication for details.

cURLPythonNode.js

curl -X GET 'https://capi.phishfort.com/v1/whoami' \
  -H 'accept: application/json' \
  -H 'x-api-key: YOUR_API_KEY'

import requests

response = requests.get(
    "https://capi.phishfort.com/v1/whoami",
    headers={
        "accept": "application/json",
        "x-api-key": "YOUR_API_KEY",
    },
)
print(response.json())

const response = await fetch("https://capi.phishfort.com/v1/whoami", {
  headers: {
    accept: "application/json",
    "x-api-key": "YOUR_API_KEY",
  },
});
const data = await response.json();
console.log(data);

Endpoints

GET /v1/whoami

Verify your API key and list associated clients

GET /v1/incidents

List incidents with optional filters and pagination

GET /v1/incident/{id}

Get detailed info on a single incident

GET /v1/incident/subject/{subject}

Look up an incident by URL, domain, or subject

POST /v1/incident/tkd

Report an incident for takedown

POST /v1/incident/monitor

Report an incident for monitoring

POST /v1/incident/{id}/{action}

Request review action on an existing incident

POST /v1/incident/{id}/attach

Attach files to an existing incident

POST /v1/incident/{id}/comment

Add a comment to an existing incident

Response Format

All successful responses follow this structure:

{
    "message": "success",
    "data": { ... }
}

Paginated endpoints include an additional paging field. See Data Structures for full type definitions.