Loading...

Tag API

Overview

Tagging is used to score specific emails, emaildomains, domains, names, IPs, TLDs, CIDRs, and device fingerprints as good, bad, or to skip scoring. Items tagged as Bad will add negative scoring to the risk area, Good tags add positive scoring, and Do Not Score will set the item score to zero. Good and Bad scoring is incremental to standard area scoring and the amount can be set in your scoring profile. Tags can be managed in the Customer Portal or by using the Tag API.

To illustrate how tagging works, if you send IP = 10.1.1.1, the vet will hit "Private or no geo IP" risk and score -10 (default scoring) for IP area. Adding tags of:

Bad will add -130 to the IP score area, and the IP will now score -140
Good will add +130 to the IP scoring area, and the IP will now score +120
Do Not Score will set the IP scoring to 0
Always Score Good will add 5,000 points and the total score will always be 100 or greater
Always Score Bad will subtract 5,000 points and the total score will always be -100 or less

Endpoint (6.4)

https://feed-api.ehawk.net/tag/

The API accepts both HTTPS POST and HTTPS GET.

For GET use the format:

https://feed-api.ehawk.net/tag/function/?keyword=value

When using POST, make sure to have Content-Type: application/x-www-form-urlencoded

CURL POST API call example:

curl -X POST -H Content-Type:application/x-www-form-urlencoded -d 'apikey=your_apikey' https://feed-api.ehawk.net/tag/function/

Functions

Select a function:

set
Add, update, or delete tags

list
Returns reports on existing tags

As an example, using GET to add an IP as Bad:

https://feed-api.ehawk.net/tag/set?apikey=your_apikey&ip=127.0.0.2&reason=bad

Keywords

Use function set with keywords and value pair(s) with a single required reason to add tag items.

Keyword Value and Format
apikey Your E-HAWK Vetting API KEY (required)
ip IP address. IPv4 or IPv6.
email * email address (name@example.com)
emaildomain * email domain (example.com) Does not support subdomains
domain * a domain (example.com) or subdomain (abc.example.com)
phone * US and Canada: 10 digit format XXXXXXXXXX
International: "+" AND country code AND number, ex: +33143542331 (France phone)
name * Full name
fingerprint The Talon device fingerprint returned in the JSON from the Vetting API call. 'always good' or 'always bad' tag not supported
tld Top Level Domain. TLD tags will test against both emaildomain and domain. If you add 'xxx' as a TLD, both 'test@example.xxx' and 'www.example.xxx' will be tagged.
cidr CIDR supports /24 to /31 only. Example: x.x.x.0/24
countrycode Two letter lowercase country code (example us=United States)
aba Bank routing number. In US this is the ABA
reason bad  good  do not score  always good  always bad  delete  (one required)

For example, to tag IP 127.0.0.2 as bad using CURL:

curl -X POST -H Content-Type:application/x-www-form-urlencoded -d 'apikey=your_apikey&ip=127.0.0.2&reason=bad' https://feed-api.ehawk.net/tag/set/

The API also supports sending multiple items and types in a single call. For example, to add good tags for two IPs and a domain, you just make the items an array using brackets [] after the type name:

curl -X POST -H Content-Type:application/x-www-form-urlencoded -d 'apikey=your_apikey&ip[]=1.1.1.1&ip[]=1.1.1.2&domain=ehawk.net&reason=good' https://feed-api.ehawk.net/tag/set/

Or using GET

https://feed-api.ehawk.net/tag/set?apikey=your_apikey&ip[]=1.1.1.1&ip[]=1.1.1.2&domain=ehawk.net&reason=good

Each call can have only one reason, but you can send up to 50 keyword/values per call. If sending large data amounts to the API, we recommend using POST as GET truncates at 2,048 characters.

Reports and Paging

Use function list followed by a required keyword and optional reason

For example, a GET to return a list of all IPs that are tagged Bad:

https://feed-api.ehawk.net/tag/list/?apikey=your_apikey&type=ip&reason=bad

And a CURL call for the same report:

curl -X POST -H Content-Type:application/x-www-form-urlencoded -d 'apikey=your_apikey&type=ip&reason=bad' https://feed-api.ehawk.net/tag/list/

The reporting API supports a username filter, so to limit the call above to only return tags added by the portal user of name@example.com:

curl -X POST -H Content-Type:application/x-www-form-urlencoded -d 'apikey=your_apikey&type=ip&reason=bad&user=name@example.com' https://feed-api.ehawk.net/tag/list/

The report is returned in JSON format with a maximum of 500 items.

{
  "response": {
    "items": {
      "ip": {
        "10.0.1.2": "bad",
        "127.0.0.1": "bad"
      }
    }
  },
  "status": 200
}

Report Tag API calls are limited to 2,000 rows, 500 by default. Use optional paging commands to page through large data sets.

page Default page starts at 1. Increase for each additional block of records. For example, for page 10

https://feed-api.ehawk.net/report/tag/list/?apikey=your_apikey&type=ip&reason=bad&page=10

num number of records returned. Default is 500 and max is 2,000.

https://feed-api.ehawk.net/report/tag/list/?apikey=your_apikey&type=ip&reason=bad&num=2000

JSON Response

The returned JSON when adding item(s) with a count of items actually added in response :

{
    "response":"Ok - added 3",
    "status":200
}

Status Codes

Status Response
200 OK (no errors)
-6 IP not in ACL
404 A valid type is required
502 Errors with data. Invalid, no valid values provided
Top