Articles in this section

API

Updated

Use the links below to jump to a section:

  1. Overview
  2. Configuring a Token
  3. API v1 vs. API v2
  4. Attaching the Header
  5. FAQs

Overview

To use the PhishingBox REST API, an active PhishingBox account is required. 

If you have an active account, follow the instructions below to get started using the PhishingBox REST API.

NOTE: Our API documentation can be found in the PhishingBox portal under Administration > API > Documentation

Configuring a Token

To set up an API access token, navigate to Administration > API > Token.

Administration > API > Token in dropdown

This will open the API Token page:

Administration > Token. API Token page

Click the "Generate" button to generate a new token. The token value and date generated will be displayed in the respective columns. It is possible to have multiple API tokens. 

Click the "Test Request" button to test your API token. In the Request Json field, replace yourTokenHere with your generated API token. If successful, you will receive "response_code":200.

 

API v1 vs. API v2

We now recommend using version 2 of the API (version 2 was released in April 2020). Version 2's documentation is more robust, and the endpoints are more encompassing. 

The documentation for v2 of the API can be found on Administration > API > Documentation.

 

Attaching the Header

All requests to the PhishingBox API will require the API token to be attached as a header named api-token with a value of your newly generated API token. 

This token will be used to authenticate requests and identify accounts.

cURL Example:

Below is an example of cURL being used to make an API request for the GET courses/all endpoint. 

curl --location --request GET 'https://portal.phishingbox.com/api/v1/Courses/all' \
--header 'api-token: 2c4763d7c10e1194c0070c7c17ab288823055edb'

Postman Example:

Below displays an API request for the GET test/actions endpoint in Postman.

Headers tab:

Postman Headers tab example

Body tab

Postman Body Tab example

NOTE: "id" must be set to the UUID of the test.

NOTE: All tokens used in this guide are not functional.

 

FAQs

1. As a Reseller, can I make API calls to my custom (white labeled) portal URL?

Yes, you can use your custom portal URL to make the API calls.

2. Does PhishingBox offer any SDKs for the portal REST API?

No. Currently, PhishingBox does not offer any SDKs. 

 

Back to top

 

Was this article helpful?
0 out of 0 found this helpful