REST API Overview
The VT4AI REST API provides HTTP endpoints for integrating VirusTotal intelligence into web applications, microservices, and any system that can make HTTP requests.
Key Features
- 🌐 HTTP/JSON Interface: Standard REST API with OpenAPI documentation
- 🔄 Async Operations: High-performance async handling for concurrent requests
- 🎨 Multiple Formats: JSON, Markdown, XML, and raw output formats
- 📊 Built-in Templates: Pre-configured filtering for AI-optimized responses
- 🔒 API Key Authentication: Secure access control
- 📖 Auto-Generated Docs: Interactive Swagger/OpenAPI documentation
Quick Start
Install with API Dependencies
pip install "vt4ai[api]"
Start the Server
# Set your VirusTotal API key
export VT4AI_API_KEY="your_virustotal_api_key"
# Start the server
python -m vt4ai.api.server
# Or use uvicorn directly
uvicorn vt4ai.api.server:app --host 0.0.0.0 --port 8000
Access the API
- Base URL:
http://localhost:8000 - API Docs:
http://localhost:8000/docs - OpenAPI Spec:
http://localhost:8000/openapi.json
API Endpoints
File Analysis
Get File Report
GET /api/v1/files/{file_hash}
Parameters:
file_hash(path): MD5, SHA1, or SHA256 hashformat(query): Output format (json,markdown,xml,raw)
Example:
curl "http://localhost:8000/api/v1/files/275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f?format=json" \
-H "X-API-Key: your_virustotal_api_key"
Get File Relationships
GET /api/v1/files/{file_hash}/relationships/{relationship}
Parameters:
file_hash(path): File hashrelationship(path): Relationship typelimit(query): Number of results (1-100, default: 10)cursor(query): Pagination cursor
Example:
curl "http://localhost:8000/api/v1/files/abc123/relationships/contacted_domains?limit=20" \
-H "X-API-Key: your_virustotal_api_key"
URL Analysis
Get URL Report
GET /api/v1/urls/analyze
Parameters:
url(query): URL to analyzeformat(query): Output format
Example:
curl "http://localhost:8000/api/v1/urls/analyze?url=https://example.com&format=markdown" \
-H "X-API-Key: your_virustotal_api_key"
Domain Analysis
Get Domain Report
GET /api/v1/domains/{domain}
Parameters:
domain(path): Domain nameformat(query): Output format
Example:
curl "http://localhost:8000/api/v1/domains/example.com?format=json" \
-H "X-API-Key: your_virustotal_api_key"
IP Analysis
Get IP Report
GET /api/v1/ips/{ip_address}
Parameters:
ip_address(path): IPv4 or IPv6 addressformat(query): Output format
Example:
curl "http://localhost:8000/api/v1/ips/8.8.8.8?format=json" \
-H "X-API-Key: your_virustotal_api_key"
Metadata Endpoints
Get Available Templates
GET /templates
Returns a summary of all available templates organized by object type.
Get Relationship Types
GET /api/v1/files/relationships/types
Returns all available file relationship types with descriptions.
Authentication
The API uses API key authentication via the X-API-Key header:
X-API-Key: your_virustotal_api_key
Environment Variable
Set your API key as an environment variable:
export VT4AI_API_KEY="your_key_here"
Per-Request Authentication
Pass the key in each request header:
curl -H "X-API-Key: your_key" "http://localhost:8000/api/v1/files/abc123"
Response Formats
JSON Response (Default)
{
"data": {
"file_type": "executable",
"malicious_count": 45,
"reputation": "malicious"
},
"format": "json"
}
Markdown Response
{
"data": "# File Report: abc123\n\n## Analysis Results\n...",
"format": "markdown"
}
Error Response
{
"detail": "Error retrieving file report: Invalid hash format"
}
Status Codes
- 200: Success
- 400: Bad Request (invalid parameters)
- 401: Unauthorized (missing/invalid API key)
- 404: Not Found (resource not found in VirusTotal)
- 429: Rate Limit Exceeded
- 500: Internal Server Error
Rate Limiting
The API respects VirusTotal's rate limits:
- Public API: 4 requests/minute
- Premium API: Higher limits based on subscription
- Enterprise API: Highest limits
Rate limit headers are included in responses:
X-RateLimit-Limit: 4
X-RateLimit-Remaining: 3
X-RateLimit-Reset: 1640995200
Configuration
Server Configuration
# Custom host and port
uvicorn vt4ai.api.server:app --host 127.0.0.1 --port 3000
# Production deployment
uvicorn vt4ai.api.server:app --host 0.0.0.0 --port 8000 --workers 4
Environment Variables
# Required
VT4AI_API_KEY="your_virustotal_api_key"
# Optional
VT4AI_DEFAULT_FORMAT="json"
VT4AI_MAX_WORKERS=4
VT4AI_LOG_LEVEL="INFO"
Integration Examples
Python with requests
import requests
def analyze_file(file_hash, api_key):
url = f"http://localhost:8000/api/v1/files/{file_hash}"
headers = {"X-API-Key": api_key}
params = {"format": "json"}
response = requests.get(url, headers=headers, params=params)
return response.json()
JavaScript/Node.js
async function analyzeFile(fileHash, apiKey) {
const response = await fetch(
`http://localhost:8000/api/v1/files/${fileHash}?format=json`,
{
headers: {
'X-API-Key': apiKey
}
}
);
return await response.json();
}
cURL Scripts
#!/bin/bash
API_KEY="your_key_here"
BASE_URL="http://localhost:8000/api/v1"
# Analyze file
curl -H "X-API-Key: $API_KEY" \
"$BASE_URL/files/$1?format=markdown" \
| jq -r '.data'
Performance Tips
Concurrent Requests
The API handles concurrent requests efficiently:
import asyncio
import aiohttp
async def analyze_multiple_files(file_hashes, api_key):
async with aiohttp.ClientSession() as session:
tasks = []
for hash_value in file_hashes:
url = f"http://localhost:8000/api/v1/files/{hash_value}"
headers = {"X-API-Key": api_key}
tasks.append(session.get(url, headers=headers))
responses = await asyncio.gather(*tasks)
return [await r.json() for r in responses]
Template Usage
Use templates to optimize response size:
# Optimized: only essential data
curl "http://localhost:8000/api/v1/files/abc123"
# Full data: larger response
curl "http://localhost:8000/api/v1/files/abc123?format=raw"
Deployment
Docker Deployment
FROM python:3.11-slim
WORKDIR /app
COPY requirements.txt .
RUN pip install -r requirements.txt
COPY . .
EXPOSE 8000
CMD ["uvicorn", "vt4ai.api.server:app", "--host", "0.0.0.0", "--port", "8000"]
Production Considerations
- Reverse Proxy: Use nginx or similar for production
- SSL/TLS: Enable HTTPS for security
- Monitoring: Set up health checks and logging
- Scaling: Use multiple workers for high traffic