DFIR Suite API Documentation
The DFIR Suite API provides programmatic access to phishing email analysis, IOC enrichment, and a growing set of security tools — all through a simple REST interface secured with API key authentication.
Quick Start
1
Create an API key
Head to the API Keys page and generate a new key. Copy it — you will only see it once.
2
Make your first request
Call the phishing analysis endpoint with a sample email source.
curl -X POST https://dfir-lab.ch/api/v1/phishing/analyze \
-H "Authorization: Bearer sk-dfir-your-key-here" \
-H "Content-Type: application/json" \
-d '{"raw_email": "<your .eml content>"}'3
Check the response
The API returns a JSON object with the analysis results, verdict, and confidence score. Every successful call deducts credits from your account based on the endpoint used.
Base URL
https://dfir-lab.ch/api/v1
Available Endpoints
| Endpoint | Method | Description | Credits |
|---|---|---|---|
| /phishing/analyze | POST | Heuristic email analysis | 1 |
| /phishing/analyze/ai | POST | AI-enhanced analysis | 10 |
| /phishing/dns | POST | Domain DNS analysis | 1 |
| /phishing/blacklist | POST | IP DNSBL check | 1 |
| /phishing/safe-browsing | POST | Google Safe Browsing | 2 |
| /phishing/url-expand | POST | URL redirect chain | 1 |
| /exposure/scan | POST | Attack surface scan | 10 |
| /health | GET | Service status | 0 |
Authentication
Include your API key in the Authorization header of every request using the Bearer scheme:
Authorization: Bearer sk-dfir-your-key-here