Blacklist

Endpoint

GET/v1/key/blacklist

Authentication

Authorization: Bearer sk_...

Daily Quota

Tier-based (per IP returned)

Response

application/json | text/plain

← Back to Overview

Request

Generate a blocklist of observed IP addresses ordered by confidence level (highest first). Filter by country, ASN, protocol, and behavior severity. Use plaintext=true for a newline-separated list suitable for direct import into firewalls like iptables, CSF, or Fail2Ban. Don't need programmatic access? Use the Blacklist Export dashboard to filter and download directly from your browser.

curl "https://api.sikkerapi.com/v1/key/blacklist?scoreMinimum=70" \
  -H "Authorization: Bearer sk_free_..."

import requests

response = requests.get(
    "https://api.sikkerapi.com/v1/key/blacklist",
    headers={"Authorization": "Bearer sk_free_..."},
    params={"scoreMinimum": 70}
)

data = response.json()
for ip_entry in data['data']:
    print(f"{ip_entry['ip']} - Confidence: {ip_entry['confidenceLevel']}")

const response = await fetch(
  "https://api.sikkerapi.com/v1/key/blacklist?scoreMinimum=70",
  {
    headers: {
      "Authorization": "Bearer sk_free_..."
    }
  }
);

const data = await response.json();
data.data.forEach(entry => {
  console.log(`${entry.ip} - Confidence: ${entry.confidenceLevel}`);
});

<?php
$ch = curl_init("https://api.sikkerapi.com/v1/key/blacklist?scoreMinimum=70");
curl_setopt_array($ch, [
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HTTPHEADER => [
        "Authorization: Bearer sk_free_..."
    ]
]);

$response = curl_exec($ch);
$data = json_decode($response, true);

foreach ($data['data'] as $entry) {
    echo $entry['ip'] . " - Confidence: " . $entry['confidenceLevel'] . "\n";
}

package main

import (
    "encoding/json"
    "fmt"
    "net/http"
)

type BlacklistResponse struct {
    Data []struct {
        IP        string `json:"ip"`
        ConfidenceLevel int    `json:"confidenceLevel"`
    } `json:"data"`
}

func main() {
    req, _ := http.NewRequest("GET",
        "https://api.sikkerapi.com/v1/key/blacklist?scoreMinimum=70", nil)
    req.Header.Set("Authorization", "Bearer sk_free_...")

    client := &http.Client{}
    resp, _ := client.Do(req)
    defer resp.Body.Close()

    var data BlacklistResponse
    json.NewDecoder(resp.Body).Decode(&data)

    for _, entry := range data.Data {
        fmt.Printf("%s - Confidence: %d\n", entry.IP, entry.ConfidenceLevel)
    }
}

import java.net.http.*;
import java.net.URI;

HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
    .uri(URI.create("https://api.sikkerapi.com/v1/key/blacklist?scoreMinimum=70"))
    .header("Authorization", "Bearer sk_free_...")
    .build();

HttpResponse<String> response = client.send(request,
    HttpResponse.BodyHandlers.ofString());

// Parse JSON response with your preferred library
System.out.println(response.body());

using System.Net.Http;
using System.Net.Http.Headers;
using System.Text.Json;

var client = new HttpClient();
client.DefaultRequestHeaders.Authorization =
    new AuthenticationHeaderValue("Bearer", "sk_free_...");

var response = await client.GetAsync(
    "https://api.sikkerapi.com/v1/key/blacklist?scoreMinimum=70");
var content = await response.Content.ReadAsStringAsync();
var data = JsonDocument.Parse(content);

foreach (var entry in data.RootElement.GetProperty("data").EnumerateArray())
{
    var ip = entry.GetProperty("ip").GetString();
    var score = entry.GetProperty("confidenceLevel").GetInt32();
    Console.WriteLine($"{ip} - Confidence: {score}");
}

import java.net.http.*
import java.net.URI
import kotlinx.serialization.json.*

val client = HttpClient.newHttpClient()
val request = HttpRequest.newBuilder()
    .uri(URI.create("https://api.sikkerapi.com/v1/key/blacklist?scoreMinimum=70"))
    .header("Authorization", "Bearer sk_free_...")
    .build()

val response = client.send(request, HttpResponse.BodyHandlers.ofString())
val json = Json.parseToJsonElement(response.body())

json.jsonObject["data"]?.jsonArray?.forEach { entry ->
    val ip = entry.jsonObject["ip"]?.jsonPrimitive?.content
    val score = entry.jsonObject["confidenceLevel"]?.jsonPrimitive?.int
    println("$ip - Confidence: $score")
}

require 'net/http'
require 'json'

uri = URI("https://api.sikkerapi.com/v1/key/blacklist?scoreMinimum=70")
request = Net::HTTP::Get.new(uri)
request["Authorization"] = "Bearer sk_free_..."

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) do |http|
  http.request(request)
end

data = JSON.parse(response.body)
data['data'].each do |entry|
  puts "#{entry['ip']} - Confidence: #{entry['confidenceLevel']}"
end

use reqwest::header::{AUTHORIZATION, HeaderMap};
use serde::Deserialize;

#[derive(Deserialize)]
struct BlacklistEntry {
    ip: String,
    #[serde(rename = "confidenceLevel")]
    confidence_level: i32,
}

#[derive(Deserialize)]
struct BlacklistResponse {
    data: Vec<BlacklistEntry>,
}

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let mut headers = HeaderMap::new();
    headers.insert(AUTHORIZATION, "Bearer sk_free_...".parse()?);

    let client = reqwest::Client::new();
    let resp: BlacklistResponse = client
        .get("https://api.sikkerapi.com/v1/key/blacklist?scoreMinimum=70")
        .headers(headers)
        .send()
        .await?
        .json()
        .await?;

    for entry in resp.data {
        println!("{} - Confidence: {}", entry.ip, entry.confidence_level);
    }
    Ok(())
}

curl "https://api.sikkerapi.com/v1/key/blacklist?plaintext=true&scoreMinimum=70" \
  -H "Authorization: Bearer sk_free_..." \
  > blocklist.txt

import requests

response = requests.get(
    "https://api.sikkerapi.com/v1/key/blacklist",
    headers={"Authorization": "Bearer sk_free_..."},
    params={"plaintext": "true", "scoreMinimum": 70}
)

# Save to file
with open("blocklist.txt", "w") as f:
    f.write(response.text)

# Or iterate over IPs
for ip in response.text.strip().split("\n"):
    print(ip)

const response = await fetch(
  "https://api.sikkerapi.com/v1/key/blacklist?plaintext=true&scoreMinimum=70",
  {
    headers: {
      "Authorization": "Bearer sk_free_..."
    }
  }
);

const text = await response.text();
const ips = text.trim().split("\n");
console.log(`Loaded ${ips.length} IPs`);

<?php
$ch = curl_init("https://api.sikkerapi.com/v1/key/blacklist?plaintext=true&scoreMinimum=70");
curl_setopt_array($ch, [
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HTTPHEADER => [
        "Authorization: Bearer sk_free_..."
    ]
]);

$response = curl_exec($ch);
file_put_contents("blocklist.txt", $response);

// Or as array
$ips = explode("\n", trim($response));
echo "Loaded " . count($ips) . " IPs\n";

package main

import (
    "bufio"
    "fmt"
    "net/http"
    "os"
)

func main() {
    req, _ := http.NewRequest("GET",
        "https://api.sikkerapi.com/v1/key/blacklist?plaintext=true&scoreMinimum=70", nil)
    req.Header.Set("Authorization", "Bearer sk_free_...")

    client := &http.Client{}
    resp, _ := client.Do(req)
    defer resp.Body.Close()

    file, _ := os.Create("blocklist.txt")
    defer file.Close()

    scanner := bufio.NewScanner(resp.Body)
    count := 0
    for scanner.Scan() {
        file.WriteString(scanner.Text() + "\n")
        count++
    }
    fmt.Printf("Loaded %d IPs\n", count)
}

# High-confidence SSH IPs only
curl "https://api.sikkerapi.com/v1/key/blacklist?scoreMinimum=80&protocols=ssh&minSeverity=high" \
  -H "Authorization: Bearer sk_..."

# Exclude US IPs
curl "https://api.sikkerapi.com/v1/key/blacklist?exceptCountries=US,CA" \
  -H "Authorization: Bearer sk_..."

# IPv4 only, very high severity
curl "https://api.sikkerapi.com/v1/key/blacklist?ipVersion=4&minSeverity=very_high" \
  -H "Authorization: Bearer sk_..."

import requests

# High-confidence SSH IPs
response = requests.get(
    "https://api.sikkerapi.com/v1/key/blacklist",
    headers={"Authorization": "Bearer sk_..."},
    params={
        "scoreMinimum": 80,
        "protocols": "ssh",
        "minSeverity": "high"
    }
)

# Exclude specific countries
response = requests.get(
    "https://api.sikkerapi.com/v1/key/blacklist",
    headers={"Authorization": "Bearer sk_..."},
    params={"exceptCountries": "US,CA"}
)

# Filter by ASN
response = requests.get(
    "https://api.sikkerapi.com/v1/key/blacklist",
    headers={"Authorization": "Bearer sk_..."},
    params={"onlyAsn": "AS12345,AS67890"}
)

// High-confidence SSH IPs
const sshIps = await fetch(
  "https://api.sikkerapi.com/v1/key/blacklist?" + new URLSearchParams({
    scoreMinimum: "80",
    protocols: "ssh",
    minSeverity: "high"
  }),
  { headers: { "Authorization": "Bearer sk_..." } }
);

// Exclude specific countries
const noUS = await fetch(
  "https://api.sikkerapi.com/v1/key/blacklist?exceptCountries=US,CA",
  { headers: { "Authorization": "Bearer sk_..." } }
);

// Filter by ASN
const byAsn = await fetch(
  "https://api.sikkerapi.com/v1/key/blacklist?onlyAsn=AS12345,AS67890",
  { headers: { "Authorization": "Bearer sk_..." } }
);

<?php
// High-confidence SSH IPs
$params = http_build_query([
    'scoreMinimum' => 80,
    'protocols' => 'ssh',
    'minSeverity' => 'high'
]);

$ch = curl_init("https://api.sikkerapi.com/v1/key/blacklist?" . $params);
curl_setopt_array($ch, [
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HTTPHEADER => ["Authorization: Bearer sk_..."]
]);

$response = curl_exec($ch);

// Exclude specific countries
$ch = curl_init("https://api.sikkerapi.com/v1/key/blacklist?exceptCountries=US,CA");
// ...

// Filter by ASN
$ch = curl_init("https://api.sikkerapi.com/v1/key/blacklist?onlyAsn=AS12345,AS67890");
// ...

Query Parameters

All optional. Defaults return up to your tier's limit of IPs with score ≥ 50.

Core parameters

scoreMinimumintegerMinimum confidence level (1–100). Default: 50.

limitintegerMax IPs to return. Capped by your tier's blacklist limit.

plaintextbooleanIf true, returns newline-separated IPs only (no JSON).

ignoreWhitelistbooleanRaw scores without whitelist discounting. Default: false.

Geographic filters

onlyCountriesstringISO country codes to include (e.g. CN,RU,IR).

exceptCountriesstringISO country codes to exclude (e.g. US,GB,DE).

onlyAsnstringASNs to include (e.g. AS12345,AS67890).

exceptAsnstringASNs to exclude.

Activity filters

ipVersionstring4, 6, or mixed (default).

protocolsstringComma-separated protocols (e.g. ssh,http,ftp). Only IPs with matching activity.

minSeveritystringMinimum behavior severity: very_high, high, medium, or low.

Response Map

JSON response contains a meta object with request metadata and a data array of blacklisted IPs, sorted by confidence level descending.

metaobject

generatedAtlongTimestamp when list was generated (epoch ms)

scoreMinimumintegerMinimum score filter applied

limitintegerEffective limit used

countintegerNumber of IPs returned

"generatedAt": 1706108532000, "scoreMinimum": 70, "limit": 10000, "count": 3

data[]array

ipstringIP address

confidenceLevelinteger0–100, whitelist-discounted by default

lastSeenlong?Most recent activity (epoch ms)

sessionsintegerTotal honeypot sessions

protocolsarrayProtocols with activity

countryCodestring?ISO 3166-1 alpha-2

asnstring?Autonomous System Number

asnOrgstring?ASN organization name

{ "ip": "203.0.113.42", "confidenceLevel": 95, "lastSeen": 1706108532000, "sessions": 128, "protocols": ["ssh", "http"], "countryCode": "CN", "asn": "AS12345", "asnOrg": "Example Network" }

Plaintext Response

When plaintext=true, returns newline-separated IP addresses with Content-Type: text/plain. Ideal for direct import into iptables / ipset, Nginx, CSF, or Fail2Ban.

200 OK — text/plain

203.0.113.42 198.51.100.17 192.0.2.99 ...

Response Headers

Every response includes quota tracking headers. Each IP returned counts as one unit against your daily blacklist quota (separate from your lookup quota).

Quota headers

X-Blacklist-LimitintegerYour daily blacklist quota limit (tier-based).

X-Blacklist-UsedintegerIPs consumed today.

X-Blacklist-RemainingintegerIPs remaining in today's quota.

Retry-AfterintegerSeconds until quota resets (429 only). Resets at midnight UTC.

Score Guide

Higher scoreMinimum values reduce false positives but return fewer IPs. Choose based on your blocking strategy.

Recommended thresholds

90+blockVery high confidence. Suitable for hard-blocking in most environments.

70–89blockHigh confidence. Good default for most setups.

50–69challengeModerate confidence. Consider rate limiting or CAPTCHA instead of hard-blocking.

Errors

All errors return JSON with an "error" field

400Invalid query parameter.check filters

401Missing or invalid API key.check header

403API key disabled or expired.regenerate

429Daily blacklist quota exhausted.upgrade or resets at midnight UTC

Get started — Generate blocklists for your firewall with a free API key. Don't need programmatic access? Use the Blacklist Export dashboard to filter and download directly from your browser. Create free API key →