API Documentation
Getting Started
Domain Risk Analysis API
Fast, synchronous domain-level risk assessment for high-volume screening and real-time validation.
Overview
What is Domain Risk Analysis?
Domain Risk Analysis provides fast, synchronous risk assessment for domains and URLs. It checks for typosquatting, suspicious keywords, domain age, and SSL certificate issues—ideal for high-volume screening and real-time validation.
Synchronous
2-5 seconds
Pricing
$0.0025/scan
Domain Analysis
No content scraping
What It Analyzes
- • Domain patterns (typosquatting, suspicious keywords)
- • DNS and RDAP (domain age, registration)
- • SSL certificate validation
When to Use Domain Risk Analysis
- • High-volume URL screening (1000s/day)
- • Real-time validation requirements
- • Domain-level threat detection only
- • Cost-sensitive operations
Analyze a Domain
Send a POST request to analyze a domain for security risks. The analysis is synchronous and returns a risk ID and results immediately.
Endpoint
POST https://api.urlert.com/v1/domain-risksRequest Body
{
"url": "https://secure-login.paypa1.com/verify-account"
}Code Examples
curl -X POST https://api.urlert.com/v1/domain-risks \
-H "Authorization: Bearer u_sk_your_api_token_here" \
-H "Content-Type: application/json" \
-d '{"url": "https://secure-login.paypa1.com/verify-account"}'import requests
response = requests.post(
'https://api.urlert.com/v1/domain-risks',
headers={
'Authorization': 'Bearer u_sk_your_api_token_here',
'Content-Type': 'application/json'
},
json={'url': 'https://secure-login.paypa1.com/verify-account'}
)
data = response.json()
print(data['risk_id'])const response = await fetch('https://api.urlert.com/v1/domain-risks', {
method: 'POST',
headers: {
'Authorization': 'Bearer u_sk_your_api_token_here',
'Content-Type': 'application/json'
},
body: JSON.stringify({ url: 'https://secure-login.paypa1.com/verify-account' })
});
const data = await response.json();
console.log(data.risk_id);Response (200 OK)
{
"risk_id": "990e8400-e29b-41d4-a716-446655440004",
"status": "completed",
"created_at": "2024-01-15T10:30:00Z"
}Response Schema
Detailed structure of the domain risk analysis response object.
Top-Level Fields
| Field | Type | Description |
|---|
The main risk assessment report containing the verdict, threat classification, and supporting evidence from domain and network analysis.
| Field | Type | Description |
|---|
Individual findings from domain and network analysis. Each finding has a predefined ID from the evidence catalogue.
| Field | Type | Description |
|---|
Example Responses
{
"risk_id": "990e8400-e29b-41d4-a716-446655440004",
"url": "https://example.com",
"created_at": "2024-01-15T10:30:00Z",
"report": {
"request_url": "https://example.com",
"final_assessment": "Benign",
"threat_type": "Benign",
"confidence_score": 95,
"executive_summary": "No security issues detected.",
"evidence_findings": []
}
}{
"risk_id": "990e8400-e29b-41d4-a716-446655440004",
"url": "https://secure-login.paypa1.com/verify-account",
"created_at": "2024-01-15T10:30:00Z",
"report": {
"request_url": "https://secure-login.paypa1.com/verify-account",
"final_assessment": "Malicious",
"threat_type": "Phishing / Credential Theft",
"confidence_score": 90,
"executive_summary": "The domain 'paypa1.com' is a high-confidence typosquat of 'paypal.com' and is newly registered (3 days old). The subdomain 'secure-login' also contains suspicious keywords.",
"evidence_findings": [
{
"finding_id": "DR-DOM-002",
"severity": "Critical",
"source_agent": "StaticAnalysisAgent",
"description": "Suspected typosquatting detected.",
"details": "The domain 'paypa1.com' appears to be typosquatting 'paypal.com' (character substitution: 'l' → '1')."
},
{
"finding_id": "DR-NET-001",
"severity": "Critical",
"source_agent": "NetworkAnalysisAgent",
"description": "Domain is very newly registered.",
"details": "The domain 'paypa1.com' was registered 3 days ago."
},
{
"finding_id": "DR-DOM-003",
"severity": "Low",
"source_agent": "StaticAnalysisAgent",
"description": "Suspicious keywords found in domain.",
"details": "The subdomain 'secure-login' contains a 'credential' keyword: 'login'.",
"category": "credential"
},
{
"finding_id": "DR-NET-016",
"severity": "Informational",
"source_agent": "NetworkAnalysisAgent",
"description": "Site uses a free Certificate Authority.",
"details": "The SSL certificate was issued by 'Let's Encrypt', a free CA."
}
]
}
}Rate Limits
Domain Risk Analysis endpoints are rate limited per organization, per minute.
| Operation | Limit | Description |
|---|---|---|
| POST /v1/domain-risks | 20/minute | Analyze domains for risk |
| GET /v1/domain-risks/:risk_id | 20/minute | Retrieve analysis results |
Best Practices
- • Screen in Bulk: Use this API for high-volume, cost-sensitive screening (1000s/day).
- • Validate in Real-Time: Integrate into signup flows or link validation for fast feedback (2-5s).
- • Handle All Assessments: Your integration should handle Malicious, Suspicious, Benign, and Unknown results.
- • Secure Your Token: Never expose your API token in client-side code or public repositories. Use environment variables.
- • Handle Errors: Always check response status codes and handle errors appropriately (insufficient balance, rate limits, etc.).