API overview
Get a conceptual and technical overview of the Validin API.
Validin’s API is designed for Cyber Threat Intelligence (CTI) platforms and security automation workflows, allowing users to ingest, analyze, and enrich indicators at scale.
The Validin API is a standard RESTful API that provides programmatic access to Validin datasets using structured HTTP requests.
Prerequisites for Integration
-
Authentication: Requires a valid API Key for all requests.
-
Access: Outbound HTTPS access to
https://api.validin.com/. -
Rate Limits: Subscription to a plan that includes API access and sufficient query volume.
-
Request Format: Standard RESTful API endpoints.
API data sources
The Validin API exposes real-time and historical data across several infrastructure elements:
| Data | Description | Use Case |
|---|---|---|
| Historical passive DNS | Records every DNS answer for a domain or IP address. | Mapping infrastructure evolution and identifying short-lived hosts. |
| WHOIS history | Historical registration and registrar data for domains. | Tracking ownership changes and pivoting on registration patterns. |
| HTTP crawl fingerprinting | Extracts server headers, favicon hashes, and body hashes from web servers. | Clustering malicious campaigns based on shared properties. |
| Certificate transparency | Ingests data from CT logs to map domain ownership and relationships. | Finding related infrastructure by pivoting on SSL certificates. |
API availability
Use the chart below to see which API features are available for your current plan:
| Validin Subscription | API Access | Support |
|---|---|---|
| Community | Limited | Basic |
| Personal | Limited | Standard |
| Pro | Expanded | Priority |
| Enterprise | Full / Custom Limits | Priority Support & SLA |
Full API endpoint reference
For a complete and up-to-date list of all available API endpoints, please refer to the official Validin API documentation:
Validin API DocumentationUpdated about 20 hours ago