API Documentation

FightPhishing.com provides a free public API for accessing phishing threat data. Rate limited to 100 requests per IP per hour.

Base URL

https://fightphishing.com

All endpoints return JSON unless a different format is specified. CORS is enabled on /api/v1/* endpoints.

GET/api/v1/blacklist

Returns the active domain blacklist. Supports multiple export formats and pagination.

Parameters

Name	Type	Default	Description
`format`	string	json	Response format: json, csv, txt, or hosts
`limit`	number	100	Number of results (max 1000)
`offset`	number	0	Pagination offset
`since`	string	—	ISO date filter (e.g. 2024-01-01)

Response Headers

X-Total-Count: total active domains
X-Last-Updated: last blacklist update timestamp

Example

curl "https://fightphishing.com/api/v1/blacklist?format=json&limit=5"

GET/api/check-url

Check if a URL or domain is on the blacklist. Never fetches the URL — database lookup only.

Parameters

Name	Type	Default	Description
`url`	string	required	URL or domain to check

Example

curl "https://fightphishing.com/api/check-url?url=example-phish.com"

GET/api/search

Search across phishing URLs, news articles, and scam reports.

Parameters

Name	Type	Default	Description
`q`	string	required	Search query
`category`	string	all	Filter: all, urls, news, or scams
`page`	number	1	Page number
`limit`	number	20	Results per page (max 50)

Example

curl "https://fightphishing.com/api/search?q=paypal&category=urls"

GET/api/rss/:feed

RSS 2.0 feeds for each dashboard. Feed names: professional, elder, general, blacklist.

Example

curl "https://fightphishing.com/api/rss/professional"

POST/api/subscribe

Parameters

Name	Type	Default	Description
`webhook_url`	string	required	Discord/Slack webhook URL (body JSON)
`feed_type`	string	required	professional, elder, general, blacklist, or all (body JSON)

Example

curl -X POST "https://fightphishing.com/api/subscribe" \
  -H "Content-Type: application/json" \
  -d '{"webhook_url":"https://hooks.slack.com/...","feed_type":"all"}'