What are the Metadata services?

More and more companies are integrating our API with their cybersecurity products or directly into their applications or services. And we love it!
Now we want to go one step further and help our customers and partners learn more about the blacklists we handle with a new extension of our API: Metadata services.

Thanks to metadata services, developers can now access information that used to be accessible only from the Apility.io engineering team:

  • How many blacklists of IP addresses, domains or emails are there?
  • What detailed information about each blacklist is there?
  • When was the information last updated?
  • And more!

This information is easily accessible on our website or on the customer dashboard, but we wanted it to also be accessible to our customers through our API. And that’s what we’ve developed.

List of bad IP addresses, domains or emails

If for example, a user opens this link you will be able to get the list of blacklists of IP addresses:

If a user wants to get this list with the new metadata API she only needs to use the new List of all blacklists by type. For example:

$ curl -X GET "https://api.apility.net/metadata/badip/lists"

The response should be (truncated):

{
    "NIXSPAM-IP": {
        "group": "abuse",
        "refresh": "Every 15 minutes",
        "last_update": "1543164604",
        "visibility": "Public",
        "site": "http://www.nixspam.org",
        "type": "badip",
        "description": "The iX blacklist is made of over 500,000 automatically generated entries per day without distinguishing open proxies from relays, dialup gateways, and so on. After 12 hours the IP address will be removed if there is no new spam from there.",
        "source": "NiX Spam IP DNSBL and blacklist",
        "name": "NiX Spam IP blacklist",
        "count": "40645",
        "problem": "It lists any active address instantly whilst removing older entries. That's the idea of the iX blacklist.",
        "enabled": "True"
    },
    ...
    ,
    "ZEUS-BADIP-IP": {
        "group": "abuse",
        "refresh": "Every 60 minutes",
        "last_update": "1543163417",
        "visibility": "Public",
        "site": "https://zeustracker.abuse.ch",
        "type": "badip",
        "description": "ZeuS Tracker offers various IP-blocklists that contains known ZeuS Command&Control server (C&C) assocaited with the ZeuS crimeware. ZeuS Tracker offers blocklists in various formats and for different purposes.",
        "source": "ZEUS-BADIP-IP Blacklist - IP of ZeuS Command&Control",
        "name": "ZEUS-BADIP-IP Blacklist - IP of ZeuS Command&Control",
        "count": "107",
        "problem": "This blocklists only includes IPv4 addresses that are used by the ZeuS trojan. It is the recommened blocklist if you want to block only ZeuS IPs. It excludes IP addresses that ZeuS Tracker believes to be hijacked (level 2) or belong to a free web hosting provider (level 3). Hence the false postive rate should be much lower compared to the standard ZeuS Standard IP blocklist.",
        "enabled": "True"
    }
}

Get full details of a given blacklist

If a user now clicks on the “read more” text she will be able to see the full details of a specific blacklist:

Example Apility.io show blacklist details

If a user wants to get the full details of a blacklist with the new metadata API she only needs to use the new Get full details of a blacklist. For example:

$ curl -X GET "https://api.apility.net/metadata/badip/lists/NIXSPAM-IP"

The response should be:

{
        "group": "abuse",
        "refresh": "Every 15 minutes",
        "last_update": "1543164604",
        "visibility": "Public",
        "site": "http://www.nixspam.org",
        "type": "badip",
        "description": "The iX blacklist is made of over 500,000 automatically generated entries per day without distinguishing open proxies from relays, dialup gateways, and so on. After 12 hours the IP address will be removed if there is no new spam from there.",
        "source": "NiX Spam IP DNSBL and blacklist",
        "name": "NiX Spam IP blacklist",
        "count": "40645",
        "problem": "It lists any active address instantly whilst removing older entries. That's the idea of the iX blacklist.",
        "enabled": "True"
}

What’s next?

In order to use this service, it is necessary to register in the platform and obtain an API Key. You are allowed to use it even with a free account, so all you have to do to start using the service is register now!