Getting Started with Port Six API
Quick Start (5 Minutes)
1. Get Your API Key
Sign up for an account and generate your API key from the dashboard. Your key format will be: sk_live_xxxx...xxxx
2. Test Your Connection
curl -H "X-API-Key: YOUR_API_KEY" \
https://api.portsix.io/api/v1/healthExpected response:
{
"status": "ok",
"version": "1.0",
"rate_limit": {
"limit": 1000,
"remaining": 999,
"reset": 1700000000
}
}3. Your First Lookup
Check if an IP is malicious:
curl -H "X-API-Key: YOUR_API_KEY" \
https://api.portsix.io/api/v1/ip/1.1.1.1Congratulations! You just queried our threat intelligence API.
Understanding Core Concepts
Observables
Observables are the fundamental units of threat intelligence - IPs, domains, URLs, and file hashes. Each observable has:
- A type (ipv4, domain, url, sha256, etc.)
- A risk_score (0-100) indicating threat level
- Tags (behavioral classification)
- Enrichment data (GeoIP, WHOIS, etc.)
- Confidence score (0-100)
Enrichment
Every observable is enriched with contextual data:
- IP Enrichment: Geographic location, network ownership, cloud provider, anonymization detection
- Domain Enrichment: WHOIS data, DNS records, domain reputation, SSL certificates
Common Workflows
Real-Time IP Reputation Check
# Check a suspicious IP
curl -H "X-API-Key: YOUR_API_KEY" \
https://api.portsix.io/api/v1/ip/203.0.113.45
# Response shows it's a Cobalt Strike C2 server
{
"type": "ipv4",
"value": "203.0.113.45",
"risk_score": 85,
"threat_intel": {
"tags": ["behavior:c2", "malware_family:cobalt-strike"],
"confidence": 95,
"first_seen": "2025-01-15T00:00:00Z",
"last_seen": "2026-01-29T12:00:00Z"
}
}Rate Limits & Tiers
See our pricing page for detailed information on rate limits, credit allocations, and tier features.
Next Steps
- Tagging Taxonomy - Understand our behavioral classification system
- Use Cases - Real-world applications for SIEM, threat hunting, incident response
- API Documentation - Complete API reference with code examples
- Integration Guide - Step-by-step integration for security tools