In order to use the PhishingBox REST API, an active account is required. If you have an active account, follow the instructions below to get started using the PhishingBox REST API.
Configuring a Token
To set up an API access token, navigate to Administration > API > Token.
This will open the API Token page.
Click the "Generate" button to generate a new token. The token value and date generated will be displayed in the respective columns.
Enter the public IP addresses of the servers or machines that will be making the API requests in the "Allowed IP Whitelist" text field, separated by commas.
API v1 vs. API v2
We now recommend using version 2 of the API (version 2 was released in April 2020). Version 2's documentation is more robust and the endpoints are more encompassing. The documentation for v2 of the API can be found on Administration > API > Documentation.
Attaching the Header
All requests to the PhishingBox API will require the API token to be attached as a header named 'api-token' with a value of your newly generated API token. This token will be used to authenticate requests and identify accounts.
curl --location --request GET 'https://portal.phishingbox.com/api/v1/Courses/all' \
--header 'api-token: 2c4763d7c10e1194c0070c7c17ab288823055edb'
Below show what an API request for the Get Test Actions endpoint looks like.
The header of the request looks something like this:
The body of this request looks like this, with the id being the uuid of the test:
- NOTE: All tokens used in this guide are not functional.
- NOTE: PhishingBox does not offer any SDKs for the Portal REST API at this time.
If you are a reseller with your own whitelabled URL, you can use that to make the API calls.