BrandSafe Incidents API
Retrieve BrandSafe incidents programmatically — phishing sites, typosquatting domains, fake social profiles, and counterfeit apps.
Base URL
https://incidents.cyberxtron.com
Authentication
Every request requires two custom headers:
XTRON-ORG-KEY: your_org_key
XTRON-ORG-SECRET: your_org_secret
Contact support@cyberxtron.com to obtain credentials.
Endpoint
GET /api/v1/brandsafe/incidents
Query Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
brand_domain | string | — | Filter by monitored brand domain |
status | string[] | — | Open, In Progress, Closed |
severity | string | — | Filter by severity label |
created_date | string | — | Filter by date (YYYY-MM-DD) |
created_time | string | — | Filter by time (HH:MM:SS) |
page | integer | 1 | Page number (min: 1) |
size | integer | 10 | Results per page (min: 1, max: 100) |
Example Requests
# All open BrandSafe incidents
curl \
-H "XTRON-ORG-KEY: your_org_key" \
-H "XTRON-ORG-SECRET: your_org_secret" \
"https://incidents.cyberxtron.com/api/v1/brandsafe/incidents?status=Open"
# Filter by brand domain and severity
curl \
-H "XTRON-ORG-KEY: your_org_key" \
-H "XTRON-ORG-SECRET: your_org_secret" \
"https://incidents.cyberxtron.com/api/v1/brandsafe/incidents?brand_domain=example.com&severity=Critical"
Example Response
{
"success": true,
"data": [
{
"id": 34567,
"title": "Phishing site impersonating example.com login page",
"taskKey": "BSINC-789",
"status_statusCd": "Open",
"severity_label": "Critical",
"category_name": "Phishing",
"taskType_name": "Phishing Site",
"product_name": "BrandSafe",
"description": "A phishing site mimicking the example.com login portal was detected.",
"createdDt": 1743494400,
"updatedDt": 1743494400,
"impact": "Users may submit credentials to the attacker-controlled site.",
"recommendation": "Submit abuse reports to the registrar and hosting provider.",
"brand_name": "Example Corp",
"brand_domain": "example.com",
"platform": "Web",
"registrar": "Namecheap",
"ip_address": "203.0.113.99",
"url": "https://example-secure-login.com/login",
"webhost_authority": "Cloudflare",
"webhost_country": "United States",
"phone_numbers": null
}
],
"meta": {
"pagination": {
"total": 7,
"page": 1,
"page_size": 10,
"total_pages": 1
}
}
}
Response Fields
Common Fields
| Field | Type | Description |
|---|---|---|
id | integer | Unique numeric ID |
title | string | Incident title |
taskKey | string | Ticket key (e.g., BSINC-789) |
status_statusCd | string | Open, In Progress, Closed |
severity_label | string | Critical, High, Medium, Low |
category_name | string | Threat category |
description | string | Full details |
impact | string | Impact description |
recommendation | string | Suggested response action |
createdDt | integer | Creation Unix timestamp |
updatedDt | integer | Last update Unix timestamp |
BrandSafe-Specific Fields
| Field | Type | Description |
|---|---|---|
brand_name | string | Monitored brand name |
brand_domain | string | Monitored brand domain |
platform | string | Platform where threat was found |
url | string | URL of the infringing asset |
ip_address | string | IP address of the infringing host |
registrar | string | Domain registrar |
webhost_authority | string | Hosting provider |
webhost_country | string | Country where the site is hosted |
phone_numbers | string | Phone numbers found on the infringing site |
Error Codes
| Status | Description |
|---|---|
401 | Invalid or missing credentials |
403 | Subscription suspended or expired |
422 | Invalid query parameter value |