Access to the API services

Note: Access to API services is tied to the features configured on the company account (e.g. device and policy configuration is restricted to the types enabled on the account, access to non-standard features such as SIEM integration).

Additionally, API keys can be restricted to specific services using the Admin Portal.

The API returns HTTP/403 when the account lacks access to the feature identified by the API service. The extended error code returned is 24000:

    "additional_info": {
        "detail": "",
        "error_code": 24000
    "status_code": 403,
    "error_description": "This feature is not enabled on this account"


The API supports:

  • Full CRUD for devices
  • Full CRUD for custom policies
  • Full CRUD for user-defined lists
  • Managing ThreatList settings


The REST API supports access to CheckIOC and log file status.

Access to reporting services is restricted - please contact your ThreatSTOP sales representative if you are interested in reports services.

The REST API does not support log upload or log retrieval services.