APIVoid
LAST UPDATED: SEPTEMBER 18, 2025
Overview
APIVoid provides JSON APIs useful for cyber threat analysis, threat detection and threat prevention, reducing and automating the manual work of security analysts.
D3 SOAR is providing REST operations to function with APIVoid.
APIVoid is available for use in:
Known Limitations
Command | Limits |
Check IP Reputation | Limit requests to a maximum of 2-3 requests per second. Wait for previous requests to complete before starting new ones to maintain smooth API performance. Occasional minor peaks are acceptable, but limiting requests is recommended. Future requests-per-second limits for APIVoid may be implemented. Continuous excessive requests may result in API usage restrictions, and high server load may return a 502 HTTP status code. |
Check URL Reputation | Limit requests per second to a maximum of 2-3 requests. Wait for previous requests to complete before starting new ones to maintain smooth API performance. Occasional minor peaks are acceptable, but limiting requests is recommended. Future requests-per-second limits for APIVoid may be implemented. Continuous excessive requests may result in API usage restrictions, and high server load may return a 502 HTTP status code. |
Check Domain Reputation | Limit requests per second to a maximum of 3-5 requests. Wait for previous requests to complete before starting new ones to maintain smooth API performance. Occasional minor peaks are acceptable, but limiting requests is recommended. Future requests-per-second limits for APIVoid may be implemented. Continuous excessive requests may result in API usage restrictions, and high server load may return a 502 HTTP status code. |
Check Email Reputation | Limit requests per second to a maximum of 3-5 requests. Wait for previous requests to complete before starting new ones to maintain smooth API performance. Occasional minor peaks are acceptable, but limiting requests is recommended. Future requests-per-second limits for APIVoid may be implemented. Continuous excessive requests may result in API usage restrictions, and high server load may return a 502 HTTP status code. |
Get Screenshot | Limit requests per second to a maximum of 2-3 requests. Wait for previous requests to complete before starting new ones to maintain smooth API performance. Occasional minor peaks are acceptable, but limiting requests is recommended. Future requests-per-second limits for APIVoid may be implemented. Continuous excessive requests may result in API usage restrictions, and high server load may return a 502 HTTP status code. |
Check APIVoid uptime on the status page. For more information about rate limits, refer to APIVoid Documentation for detailed information.
Connection
To connect to APIVoid from D3 SOAR, please follow this part to collect the required information below:
Parameter | Description | Example |
Server URL | The URL of the APIVoid server. | https://endpoint.apivoid.com |
API Key | The API key used to authenticate the API connection. | ***** |
API Version | The version of the API to use for the connection. | v1 |
Configuring APIVoid to Work with D3 SOAR
Log into the APIVoid web interface.
Visit the Dashboard to check the remaining credits.
Having zero credit will result in the failure of all commands, including the Test Connection command.
The Test Connection command and any unsuccessful API calls will not consume credits.
Click “Buy More Credits” if out of credits.
Click on My API Keys, and select Add API Key.
Save the API Key.
READER NOTE
Credits are valid for one year only. More API keys can be added or modified. Ensure that the API keys in VSOC are current.
WARNING
Too many requests with an incorrect API key will trigger an ERROR, locking the IP address. Please reach out to customer support or wait approximately one hour for the lock to be lifted.
Configuring D3 SOAR to Work with APIVoid
Log in to D3 SOAR.
Find the APIVoid integration.
Navigate to Configuration on the top header menu.
Click on the Integration icon on the left sidebar.
Type APIVoid in the search box to find the integration, then click it to select it.
Click + Connection, on the right side of the Connections section. A new connection window will appear.
Configure the following fields to create a connection to APIVoid.
.png?inst-v=9d16beaf-952a-4ae4-8fe8-e35f7a3745da)
Connection Name: The desired name for the connection.
Site: The site on which to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.
Recipient site for events from connections Shared to Internal Sites: This field is displayed when Share to Internal Sites is selected for the Site field, allowing selection of the internal site for deploying the integration connection.
Agent Name (Optional): The proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.
Description (Optional): The description for the connection.
Tenant (Optional): When configuring the connection from a master tenant site, users can choose the specific tenant sites with which to share the connection. Once this setting is enabled, users can filter and select the desired tenant sites from the dropdowns to share the connection.
Configure User Permissions: Defines which users have access to the connection.
Active: The checkbox that enables the connection to be used when selected.
System Reputation Check: Selecting one or more reputation checkboxes will run the corresponding check reputation commands under this integration connection to enrich the corresponding artifacts with reputation details.
For example, an integration connection named "ConnectionA" is configured with the "Sandbox" site. All URL artifacts from the "Sandbox" site will undergo a reputation check using the Check URL Reputation command from that integration. The return data output from this command will then be used to update the risk level of artifacts, which may affect the risk level of incoming events.
System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.
.png?inst-v=9d16beaf-952a-4ae4-8fe8-e35f7a3745da)
1. Input the Server URL. The default value is https://endpoint.apivoid.com.
2. Copy the API Key from the APIVoid platform.
3. Input the API Version. The default value is v1.
Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Refer to the password vault connection guide if needed.
Connection Health Check: Periodically checks the connection status by scheduling the Test Connection command at the specified interval (in minutes). Available only for active connections, this feature also allows configuring email notifications for failed attempts.
Test the connection.
.png?inst-v=9d16beaf-952a-4ae4-8fe8-e35f7a3745da)
Click on the Test Connection button to verify credentials and connectivity. A success alert displays Passed with a green checkmark. If the connection fails, review the parameters and retry.
Click OK to close the alert window.
Click + Add to create and add the configured connection.
Commands
APIVoid includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command, users can execute these commands independently for playbook troubleshooting.
Integration API Note
For more information about the APIVoid API, refer to the APIVoid API reference.
Check IP Reputation
Checks the risk level of Public IPv4 addresses.
Input
Input Parameter | Required/Optional | Description | Example |
IPs | Required | The public IPv4 address(es) used to check IP reputation. |
JSON
|
Output
To view the sample output data for all commands, refer to this article.
D3-defined Risk Scores and Risk Levels
The table below lists the possible output Risk Scores and their corresponding Risk Levels:
Risk Scores | Risk Levels |
1 | High |
2 | Medium |
3 | Low |
4 | Default |
5 | ZeroRisk |
Error Handling
An Error tab will appear in the Test Result window if the command fails to run.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Check IP Reputation failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. The API always returns a 200 HTTP status code. Refer to the APIVoid Status Code for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: API key is not valid. |
Error Sample Data Check IP Reputation failed. Status Code: 200. Message: API key is not valid. |
Check URL Reputation
Checks the risk level of URL(s).
Input
Input Parameter | Required/Optional | Description | Example |
URLs | Required | The URL(s) checked for their reputation. |
JSON
|
Output
To view the sample output data for all commands, refer to this article.
D3-defined Risk Scores and Risk Levels
The table below lists the possible output Risk Scores and their corresponding Risk Levels:
Risk Scores | Risk Levels |
1 | High |
2 | Medium |
3 | Low |
4 | Default |
5 | ZeroRisk |
Error Handling
An Error tab will appear in the Test Result window if the command fails to run.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Check URL Reputation failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. The API always returns a 200 HTTP status code. Refer to the APIVoid Status Code for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Url is not valid. |
Error Sample Data Check URL Reputation failed. Status Code: 200. Message: Url is not valid. |
Check Domain Reputation
Checks the risk level of the domain(s).
Input
Input Parameter | Required/Optional | Description | Example |
Host | Required | The host(s) to submit. |
JSON
|
Output
To view the sample output data for all commands, refer to this article.
D3-defined Risk Scores and Risk Levels
The table below lists the possible output Risk Scores and their corresponding Risk Levels:
Risk Scores | Risk Levels |
1 | High |
2 | Medium |
3 | Low |
4 | Default |
5 | ZeroRisk |
Error Handling
An Error tab will appear in the Test Result window if the command fails to run.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Check Domain Reputation failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. The API always returns a 200 HTTP status code. Refer to the APIVoid Status Code for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Host is not valid. |
Error Sample Data Check Domain Reputation failed. Status Code: 200. Message: Host is not valid. |
Check Email Reputation
Checks the risk level of email(s).
Input
Input Parameter | Required/Optional | Description | Example |
Emails | Required | The emails checked for their reputation. |
JSON
|
Output
To view the sample output data for all commands, refer to this article.
D3-defined Risk Scores and Risk Levels
The table below lists the possible output Risk Scores and their corresponding Risk Levels:
Risk Scores | Risk Levels |
1 | High |
2 | Medium |
3 | Low |
4 | Default |
5 | ZeroRisk |
Error Handling
An Error tab will appear in the Test Result window if the command fails to run.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Check Email Reputation failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. The API always returns a 200 HTTP status code. Refer to the APIVoid Status Code for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: API key is not valid |
Error Sample Data Check Email Reputation failed. Status Code: 200. Message: API key is not valid |
Get Screenshot
Retrieves the screenshot from a URL.
Input
Input Parameter | Required/Optional | Description | Example |
URL | Required | The URL used to retrieve the screenshot. | https://www.*****.*** |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Screenshot failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. The API always returns a 200 HTTP status code. Refer to the APIVoid Status Code for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Url is not valid. |
Error Sample Data Get Screenshot failed. Status Code: 200. Message: Url is not valid. |
Test Connection
Allows users to perform a health check on an integration connection. Users can schedule a periodic health check by selecting Connection Health Check when editing an integration connection.
Input
N/A
Output
Output Type | Description | Return Data Type |
Return Data | Indicates one of the possible command execution states: Successful or Failed. The Failed state can be triggered by any of the following errors:
More details about an error can be viewed in the Error tab. | String |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Test Connection failed. Failed to check the connector. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. The API always returns a 200 HTTP status code. Refer to the APIVoid Status Code for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: API key is not valid. |
Error Sample Data Test Connection failed. Failed to check the connector. Status Code: 200. Message: API key is not valid |