API Reference

CyberXTron provides two REST APIs for programmatic access to platform data:

Incidents API

Base URL: https://incidents.cyberxtron.com

The Incidents API provides access to all incidents generated by DarkFlash, Shadowspot, and BrandSafe. Use it to retrieve, filter, and update incidents, integrate with your SIEM or ticketing system, or build custom workflows.

→ Incidents API Documentation → Full interactive reference

ThreatBolt API

Base URL: https://apix.cyberxtron.com/v1

The ThreatBolt API provides access to CyberXTron's threat intelligence feeds — malicious IPs, domains, URLs, and file hashes. Use it for on-demand IOC retrieval and custom integrations.

→ ThreatBolt API Documentation → Full interactive reference

Authentication

Both APIs use Bearer token authentication:

curl -H "Authorization: Bearer YOUR_API_KEY" \
  https://incidents.cyberxtron.com/api/v1/incidents

API keys are managed under Settings → API Keys in the CyberXTron dashboard.

Base URLs Summary

API	Base URL	Interactive Docs
Incidents	`https://incidents.cyberxtron.com`	incidents.cyberxtron.com/api-guide
ThreatBolt	`https://apix.cyberxtron.com/v1`	apix.cyberxtron.com/v1/api-guide
TAXII 2.1	`https://taxii.cyberxtron.com/taxii2`	TAXII 2.1 Guide

Incidents API​

ThreatBolt API​

Authentication​

Base URLs Summary​

Incidents API

ThreatBolt API

Authentication

Base URLs Summary