Skip to main content

Your First API Call

This guide walks you through making your first API call to CyberSecFeed and understanding the response.

Before You Begin

Make sure you have:

  • Your API key (see Authentication Guide)
  • A tool to make HTTP requests (curl, Postman, or any programming language)

Making Your First Request

Let's start with a simple CVE lookup. This example retrieves details for a specific CVE.

Using cURL

curl -H "X-API-Key: your-api-key-here" \
     https://api.cybersecfeed.com/api/v1/cve/CVE-2024-0001

Using Python

import requests

api_key = "your-api-key-here"
cve_id = "CVE-2024-0001"

response = requests.get(
    f"https://api.cybersecfeed.com/api/v1/cve/{cve_id}",
    headers={"X-API-Key": api_key}
)

print(response.json())

Using JavaScript

const apiKey = 'your-api-key-here';
const cveId = 'CVE-2024-0001';

fetch(`https://api.cybersecfeed.com/api/v1/cve/${cveId}`, {
	headers: {
		'X-API-Key': apiKey,
	},
})
	.then((response) => response.json())
	.then((data) => console.log(data));

Understanding the Response

A successful response will look like this:

{
	"data": {
		"cve": {
			"id": "CVE-2024-0001",
			"sourceIdentifier": "[email protected]",
			"published": "2024-01-15T10:00:00Z",
			"lastModified": "2024-01-16T14:30:00Z",
			"description": "A vulnerability in Example Software allows remote attackers...",
			"cvss": {
				"version": "3.1",
				"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
				"baseScore": 9.1,
				"baseSeverity": "CRITICAL"
			},
			"cpe": [
				{
					"criteria": "cpe:2.3:a:example:software:1.0:*:*:*:*:*:*:*",
					"vulnerable": true
				}
			],
			"references": [
				{
					"url": "https://example.com/security/advisory-001",
					"source": "[email protected]"
				}
			],
			"kev": {
				"dateAdded": "2024-01-20",
				"vendorProject": "Example Corp",
				"product": "Example Software",
				"vulnerabilityName": "Example Software Remote Code Execution",
				"requiredAction": "Apply patch version 1.1 immediately",
				"knownRansomware": false
			},
			"epss": {
				"score": 0.97234,
				"percentile": 0.99,
				"date": "2024-01-25"
			}
		}
	},
	"meta": {
		"timestamp": "2024-01-25T12:00:00Z",
		"version": "v1",
		"correlationId": "req-12345"
	}
}

Response Structure Explained

The data Object

Contains the actual CVE information:

  • id: The CVE identifier
  • published: When the CVE was first published
  • lastModified: Most recent update timestamp
  • description: Detailed vulnerability description
  • cvss: CVSS scoring information
    • baseScore: Numeric score (0.0-10.0)
    • baseSeverity: LOW, MEDIUM, HIGH, or CRITICAL
  • cpe: Affected products/versions
  • references: Links to advisories and patches
  • kev: Known Exploited Vulnerability data (if applicable)
  • epss: Exploit Prediction score (if available)

The meta Object

Contains request metadata:

  • timestamp: When the response was generated
  • version: API version
  • correlationId: Unique request ID for troubleshooting

Interpreting Enrichment Data

KEV (Known Exploited Vulnerabilities)

If the kev field is present, this CVE is actively being exploited in the wild. Pay special attention to:

  • dateAdded: When CISA confirmed exploitation
  • requiredAction: What you should do
  • knownRansomware: Associated with ransomware attacks

EPSS (Exploit Prediction Scoring System)

The epss field provides predictive intelligence:

  • score: Probability of exploitation (0.0-1.0)
  • percentile: How this CVE ranks against all others
  • A score of 0.97 means 97% chance of exploitation in the next 30 days

Common Response Scenarios

CVE Not Found

{
	"error": {
		"code": "CVE_NOT_FOUND",
		"message": "CVE not found",
		"details": {
			"cveId": "CVE-9999-99999"
		}
	},
	"meta": {
		"timestamp": "2024-01-25T12:00:00Z",
		"version": "v1",
		"correlationId": "req-12345"
	}
}

Invalid API Key

{
	"error": {
		"code": "UNAUTHORIZED",
		"message": "Invalid or missing API key"
	},
	"meta": {
		"timestamp": "2024-01-25T12:00:00Z",
		"version": "v1",
		"correlationId": "req-12345"
	}
}

Try These Examples

1. Check the API Health

curl -H "X-API-Key: your-api-key-here" \
     https://api.cybersecfeed.com/api/v1/ping

2. Search for Critical CVEs

curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?severity_min=9.0&limit=5"

3. Get Platform Statistics

curl -H "X-API-Key: your-api-key-here" \
     https://api.cybersecfeed.com/api/v1/stats

Next Steps

Now that you've made your first API call:

  1. Explore the API Reference for all available endpoints
  2. Learn about Advanced Features like batch operations
  3. Check out Integration Examples in your preferred language
  4. Read the Best Practices guide

Troubleshooting

If your API call isn't working:

  1. Verify your API key is correct and active
  2. Check the URL - ensure you're using https://api.cybersecfeed.com
  3. Confirm the CVE ID format (e.g., CVE-2024-0001)
  4. Review error messages in the response
  5. See our Troubleshooting Guide for more help