Modules & Endpoints
All examples assume the base URL https://shield.orbis.roundbox.dev/api/v1 and the two
auth headers from Authentication.
Threat-intelligence lookups
These return a fused verdict across ROUNDBOX threat-intelligence sources:
{
"type": "domain",
"value": "example.com",
"disposition": "malicious", // malicious | suspicious | clean | unknown
"threatLevel": 82, // 0–100
"confidence": 90, // 0–100
"categories": ["phishing"],
"malwareFamily": "...", // when known
"sources": ["abusech-urlhaus"],
"firstSeen": "2026-06-01T00:00:00.000Z",
"lastSeen": "2026-07-02T00:00:00.000Z",
"found": true
}
URL Filter — GET /urlsearch · scope urlsearch
| Query | Notes |
|---|---|
value | The URL or domain (required) |
type | url (default) or domain |
curl "https://shield.orbis.roundbox.dev/api/v1/urlsearch?value=http://bad.example/login" \
-H "X-Tenant-ID: $TENANT" -H "X-API-Key: $KEY"
IP Reputation — GET /ipsearch · scope ipsearch
| Query | Notes |
|---|---|
value | IP address or ASN (required) |
type | ip (default) or asn |
DNS Reputation — GET /dnssearch · scope dnssearch
| Query | Notes |
|---|---|
value | Domain (required) |
Darkweb Lookup — GET /darkweb · scope darkweb
| Query | Notes |
|---|---|
value | The indicator (required) |
type | domain (default), ip, or email |
curl "https://shield.orbis.roundbox.dev/api/v1/darkweb?type=email&value=user@example.com" \
-H "X-Tenant-ID: $TENANT" -H "X-API-Key: $KEY"
Antispam / Antiphishing — POST /antispam · scope antispam
Runs the full L1–L4 inspection pipeline on a message and returns a verdict.
Request body:
{
"channel": "sms", // email | sms | whatsapp
"sender": "+15550100",
"subject": "Optional subject",
"body": "Your account is locked, verify at http://bad.example/login"
}
curl -X POST "https://shield.orbis.roundbox.dev/api/v1/antispam" \
-H "X-Tenant-ID: $TENANT" -H "X-API-Key: $KEY" \
-H "Content-Type: application/json" \
-d '{"channel":"sms","sender":"+15550100","body":"verify at http://bad.example/login"}'
Response:
{
"inspectionId": "…",
"verdict": "phishing", // clean | spam | phishing
"score": 88, // 0–100 risk score
"lang": "en",
"urls": ["http://bad.example/login"],
"layers": [ { "layer": "L1", "score": 10, "signals": ["…"] }, "…" ],
"rationale": "Plain-language explanation (when the AI layer is available)"
}
Each POST /antispam counts as one inspection against your monthly quota and can trigger
your webhooks.
Example: SMS gateway integration
Incoming SMS ─▶ your gateway ─▶ POST /api/v1/antispam ─▶ verdict
└─ if verdict = phishing/spam: block or quarantine, and/or receive a webhook.