Powerful API & Integrations

Integrate WF SecurityCloud directly into your existing systems and workflows

curl -X GET https://api.wfsecuritycloud.com/v1/threats \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

Enterprise-grade REST API

Build powerful integrations with our well-documented and secure API

Real-time data

Get immediate access to threat data, attacks and security events in real-time

Secure authentication

OAuth 2.0 and API keys with granular permission control

Comprehensive endpoints

100+ endpoints for all aspects of security management

High performance

Under 50ms response time with 99.99% uptime SLA

Detailed documentation

Interactive API documentation with code examples in all languages

Webhooks

Get push notifications when important security events occur

Popular API Endpoints

Examples of what you can do with our API

GET /api/v1/threats/realtime

Fetch real-time data about ongoing threats and attacks

GET /api/v1/clients/{id}/events

List all security events for a specific client

POST /api/v1/blocklist/add

Add IP addresses or domains to the block list

GET /api/v1/analytics/dashboard

Fetch aggregated data for dashboards and reports

POST /api/v1/alerts/configure

Configure custom alerts based on specific criteria

GET /api/v1/intelligence/ioc

Fetch Indicators of Compromise (IoC) from our threat intelligence

Code examples

Get started quickly with our ready-made code examples

import requests

# Configure API clientapi_key = "YOUR_API_KEY"
base_url = "https://api.wfsecuritycloud.com/v1"

headers = {
    "Authorization": f"Bearer {api_key}",
    "Content-Type": "application/json"
}

# Hämta aktiva hot
response = requests.get(f"{base_url}/threats/active", headers=headers)
threats = response.json()

# Analysera hot per klient
for threat in threats['data']:
    print(f"Klient: {threat['client_id']}")
    print(f"Hottyp: {threat['type']}")
    print(f"Allvarlighetsgrad: {threat['severity']}")
    print(f"Blockerad: {threat['blocked']}")
    print("---")
const axios = require('axios');

// Konfigurera API-klient
const apiKey = 'YOUR_API_KEY';
const baseUrl = 'https://api.wfsecuritycloud.com/v1';

const client = axios.create({
  baseURL: baseUrl,
  headers: {
    'Authorization': `Bearer ${apiKey}`,
    'Content-Type': 'application/json'
  }
});

// Hämta aktiva hot
async function getActiveThreats() {
  try {
    const response = await client.get('/threats/active');
    const threats = response.data;
    
    threats.data.forEach(threat => {
      console.log(`Klient: ${threat.client_id}`);
      console.log(`Hottyp: ${threat.type}`);
      console.log(`Allvarlighetsgrad: ${threat.severity}`);
      console.log('---');
    });
  } catch (error) {
    console.error('Error:', error);
  }
}

getActiveThreats();
using System;
using System.Net.Http;
using System.Threading.Tasks;
using Newtonsoft.Json;

public class WFSClient
{
    private readonly HttpClient client;
    private const string BaseUrl = "https://api.wfsecuritycloud.com/v1";
    
    public WFSClient(string apiKey)
    {
        client = new HttpClient();
        client.DefaultRequestHeaders.Add("Authorization", $"Bearer {apiKey}");
    }
    
    public async Task GetActiveThreats()
    {
        var response = await client.GetAsync($"{BaseUrl}/threats/active");
        var json = await response.Content.ReadAsStringAsync();
        var threats = JsonConvert.DeserializeObject(json);
        
        foreach (var threat in threats.Data)
        {
            Console.WriteLine($"Klient: {threat.ClientId}");
            Console.WriteLine($"Hottyp: {threat.Type}");
            Console.WriteLine($"Allvarlighetsgrad: {threat.Severity}");
            Console.WriteLine("---");
        }
    }
}
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import com.google.gson.Gson;

public class WFSClient {
    private final HttpClient client;
    private final String apiKey;
    private static final String BASE_URL = "https://api.wfsecuritycloud.com/v1";
    
    public WFSClient(String apiKey) {
        this.apiKey = apiKey;
        this.client = HttpClient.newHttpClient();
    }
    
    public void getActiveThreats() throws Exception {
        HttpRequest request = HttpRequest.newBuilder()
            .uri(URI.create(BASE_URL + "/threats/active"))
            .header("Authorization", "Bearer " + apiKey)
            .header("Content-Type", "application/json")
            .GET()
            .build();
            
        HttpResponse response = client.send(request, 
            HttpResponse.BodyHandlers.ofString());
            
        Gson gson = new Gson();
        ThreatResponse threats = gson.fromJson(response.body(), 
            ThreatResponse.class);
            
        for (Threat threat : threats.data) {
            System.out.println("Klient: " + threat.clientId);
            System.out.println("Hottyp: " + threat.type);
            System.out.println("Allvarlighetsgrad: " + threat.severity);
            System.out.println("---");
        }
    }
}

Webhooks for real-time notifications

Get immediate notification when important events occur

threat.detected

Triggered when a new threat is detected

{ "event": "threat.detected", "client_id": "client_123", "threat_type": "ransomware", "severity": "critical", "timestamp": "2025-01-10T14:23:45Z" }

attack.blocked

Triggered when an attack is blocked

{ "event": "attack.blocked", "source_ip": "185.234.218.xxx", "target": "rdp", "action": "blocked", "timestamp": "2025-01-10T14:23:45Z" }

client.offline

Triggered when a client goes offline

{ "event": "client.offline", "client_id": "client_123", "last_seen": "2025-01-10T14:20:00Z", "alert_level": "warning" }

threshold.exceeded

Triggered when thresholds are exceeded

{ "event": "threshold.exceeded", "metric": "attack_rate", "value": 1500, "threshold": 1000, "timestamp": "2025-01-10T14:23:45Z" }

API Rate Limits

Plan Calls per hour Burst limit Webhooks
Starter 1,000 50/min 10
Professional 10,000 200/min 50
Enterprise Unlimited Custom Unlimited

Start building with our API today

Get immediate access to API keys and start integrating

Get API access Read documentation

Frequently asked questions

Answers to the most common questions about this page

What authentication is used?
Bearer token authentication with API keys. Send Authorization: Bearer YOUR_API_KEY in the header. For Enterprise we also offer mTLS and OAuth 2.0.
What is the rate limit?
Standard: 1,000 calls/minute per API key. Enterprise customers get higher or custom limits. Rate limit headers are returned in every response: X-RateLimit-Remaining.
Is there an SDK for my language?
Official SDKs for PHP, Python and Node.js. For other languages our REST API works directly with standard HTTP libraries. Complete documentation.
Do you support webhooks?
Yes, push-based webhooks for real-time events (new threats, blocked attacks, status changes). HMAC signing is included for secure verification.
Where are the API servers located?
Primarily in Sweden (Stockholm), with edge caching in Frankfurt and London for low EU latency. Median response time: 10.10 ms.
Can we integrate into SIEM/SOC?
Yes. We have ready-made integrations for Splunk, Elastic SIEM, Microsoft Sentinel and Wazuh. Or build your own with our REST API/webhooks.
Does API access cost extra?
API is included with Professional and Enterprise licenses. For dedicated API-only access, contact us for pricing.

Explore more

Learn more about how WF SecurityCloud works

Threat Intelligence

The data source for the API — live global cyberattacks.

Read more →

Documentation

Complete API reference, SDK guides and code examples.

Read more →

SLA

99.9% uptime guarantee, support hours and service credits.

Read more →

Book a Demo

See API integrations live in a personal walkthrough.

Read more →