Skip to main content

Before You Begin

To complete this quickstart, you will need:
  • An active Pulsedive account: Sign up for free!
  • A simple command-line tool like curl or your preferred HTTP client.
Although you can access our API without an API key, using an API key gives you higher rate limits and smoother access to Pulsedive’s data. You can find your API key in your account dashboard.

Fetch Indicator Data

Query the /indicator.php endpoint by indicator value. This is one of the most common calls users make. 
curl "https://pulsedive.com/api/indicator.php \
  ?indicator=1.1.1.1 \
  &pretty=1 \
  &key=<YOUR_API_KEY>"
You’ll receive detailed threat intelligence on the indicator, including risk scores, associated threats, and detailed scan data.

Use Explore to Search Across Data

Need to search across multiple indicators? Use the /explore.php endpoint with a query string. 
curl "https://pulsedive.com/api/explore.php \
  ?q=ioc=*evil* \
  &limit=5 \
  &pretty=1 \
  &key=<YOUR_API_KEY>"
This returns up to five results matching your pattern, including filtering options like risk, type, and threat. To learn more about query syntax, operators, and wildcards, visit Query Language.

Scan and Enrich an Indicator

Want deeper insight? Request enrichment and scoring for an indicator using the /analyze.php endpoint.
1

Initiate a scan

Request enrichment and scoring for your indicator. This tells Pulsedive to gather threat intelligence, generate insights, and perform risk scoring.
# Scan for passive (non-intrusive) analysis
curl "https://pulsedive.com/api/analyze.php \
  ?value=evil.com \
  &probe=0 \
  &pretty=1 \
  &key=<YOUR_API_KEY>"
Passive scans (probe=0) collect data without direct contact (WHOIS, DNS). You can also request an active scan (probe=1) for comprehensive intelligence, but with noisier, direct contact.
By default, Pulsedive performs enrichment on new indicators without saving the indicator. To save it to Pulsedive’s database, add submit=1 to your request. Existing indicators are always updated with fresh scan results.
You will receive a response like:
    {
      "success": "Added request to queue.",
      "sid": 2100188,
      "qids": [
        {
          "indicator": "evil.com",
          "qid": 2100254203
        }
      ]
    }
Your request is added to the queue immediately, but processing happens asynchronously in the background.
2

Poll for results

Use the returned queue ID (qid) to check for results:
curl "https://pulsedive.com/api/analyze.php \
  ?qid=123456 \
  &pretty=1 \
  &key=<YOUR_API_KEY>"

What’s Next?

Once you’re authenticated and have your first API responses: