Skip to main content

Modules & Endpoints

All examples assume the base URL https://shield.orbis.roundbox.dev/api/v1 and the two auth headers from Authentication.

Threat-intelligence lookups

These return a fused verdict across ROUNDBOX threat-intelligence sources:

{
"type": "domain",
"value": "example.com",
"disposition": "malicious", // malicious | suspicious | clean | unknown
"threatLevel": 82, // 0–100
"confidence": 90, // 0–100
"categories": ["phishing"],
"malwareFamily": "...", // when known
"sources": ["abusech-urlhaus"],
"firstSeen": "2026-06-01T00:00:00.000Z",
"lastSeen": "2026-07-02T00:00:00.000Z",
"found": true
}

URL Filter — GET /urlsearch · scope urlsearch

QueryNotes
valueThe URL or domain (required)
typeurl (default) or domain
curl "https://shield.orbis.roundbox.dev/api/v1/urlsearch?value=http://bad.example/login" \
-H "X-Tenant-ID: $TENANT" -H "X-API-Key: $KEY"

IP Reputation — GET /ipsearch · scope ipsearch

QueryNotes
valueIP address or ASN (required)
typeip (default) or asn

DNS Reputation — GET /dnssearch · scope dnssearch

QueryNotes
valueDomain (required)

Darkweb Lookup — GET /darkweb · scope darkweb

QueryNotes
valueThe indicator (required)
typedomain (default), ip, or email
curl "https://shield.orbis.roundbox.dev/api/v1/darkweb?type=email&value=user@example.com" \
-H "X-Tenant-ID: $TENANT" -H "X-API-Key: $KEY"

Antispam / Antiphishing — POST /antispam · scope antispam

Runs the full L1–L4 inspection pipeline on a message and returns a verdict.

Request body:

{
"channel": "sms", // email | sms | whatsapp
"sender": "+15550100",
"subject": "Optional subject",
"body": "Your account is locked, verify at http://bad.example/login"
}
curl -X POST "https://shield.orbis.roundbox.dev/api/v1/antispam" \
-H "X-Tenant-ID: $TENANT" -H "X-API-Key: $KEY" \
-H "Content-Type: application/json" \
-d '{"channel":"sms","sender":"+15550100","body":"verify at http://bad.example/login"}'

Response:

{
"inspectionId": "…",
"verdict": "phishing", // clean | spam | phishing
"score": 88, // 0–100 risk score
"lang": "en",
"urls": ["http://bad.example/login"],
"layers": [ { "layer": "L1", "score": 10, "signals": ["…"] }, "…" ],
"rationale": "Plain-language explanation (when the AI layer is available)"
}

Each POST /antispam counts as one inspection against your monthly quota and can trigger your webhooks.

Example: SMS gateway integration

Incoming SMS ─▶ your gateway ─▶ POST /api/v1/antispam ─▶ verdict
└─ if verdict = phishing/spam: block or quarantine, and/or receive a webhook.