sikkerapi.com
  • Home
  • Single ReportBulk Report
  • Pricing
  • Blog
  • API OverviewIP CheckBlacklistReportBulk ReportTAXII FeedConfidence LevelData RetentionCLI ToolSikkerGuard
    IntegrationsFail2BanCSF FirewallNginxiptables / ipset
  • Email LookupUsername LookupDetection Catalog
  • Top CountriesTop ASNsTop ProtocolsTop IPs
    SMTP Wall of FameBehind The ScenesRange Alerts Guide
Log inSign up
Loading
© 2026 SikkerAPI
ProductPricingDocsReportThreat MapStatus
ResourcesBlogFAQAboutContactComparisons
LegalTermsPrivacyRemove Me

Bulk Report

POST /v1/key/bulk-report · Back to Overview

01

Endpoint

POST/v1/key/bulk-report

Submit multiple reports for suspicious IP addresses in a single request. Supports up to 10,000 reports per request. Each report contributes to the community threat intelligence database and updates confidence levels.

Accepts two content types: application/json with a JSON array of reports, or multipart/form-data with a CSV file upload.

JSON request
curl -X POST "https://api.sikkerapi.com/v1/key/bulk-report" \
  -H "Authorization: Bearer sk_free_..." \
  -H "Content-Type: application/json" \
  -d '{
    "reports": [
      {"ip": "203.0.113.42", "category": "brute_force", "protocol": "ssh", "comment": "Multiple failed logins"},
      {"ip": "198.51.100.7", "category": "port_scan"},
      {"ip": "192.0.2.15", "category": 3, "protocol": "http"}
    ]
  }'
import requests

response = requests.post(
    "https://api.sikkerapi.com/v1/key/bulk-report",
    headers={
        "Authorization": "Bearer sk_free_...",
        "Content-Type": "application/json"
    },
    json={
        "reports": [
            {"ip": "203.0.113.42", "category": "brute_force", "protocol": "ssh", "comment": "Multiple failed logins"},
            {"ip": "198.51.100.7", "category": "port_scan"},
            {"ip": "192.0.2.15", "category": 3, "protocol": "http"}
        ]
    }
)

result = response.json()
print(f"Accepted: {result['accepted']}/{result['total']}")
const response = await fetch("https://api.sikkerapi.com/v1/key/bulk-report", {
  method: "POST",
  headers: {
    "Authorization": "Bearer sk_free_...",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    reports: [
      { ip: "203.0.113.42", category: "brute_force", protocol: "ssh", comment: "Multiple failed logins" },
      { ip: "198.51.100.7", category: "port_scan" },
      { ip: "192.0.2.15", category: 3, protocol: "http" }
    ]
  })
});

const result = await response.json();
console.log(`Accepted: ${result.accepted}/${result.total}`);
<?php
$data = [
    'reports' => [
        ['ip' => '203.0.113.42', 'category' => 'brute_force', 'protocol' => 'ssh', 'comment' => 'Multiple failed logins'],
        ['ip' => '198.51.100.7', 'category' => 'port_scan'],
        ['ip' => '192.0.2.15', 'category' => 3, 'protocol' => 'http']
    ]
];

$ch = curl_init("https://api.sikkerapi.com/v1/key/bulk-report");
curl_setopt_array($ch, [
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => json_encode($data),
    CURLOPT_HTTPHEADER => [
        "Authorization: Bearer sk_free_...",
        "Content-Type: application/json"
    ]
]);

$response = curl_exec($ch);
$result = json_decode($response, true);
echo "Accepted: {$result['accepted']}/{$result['total']}\n";
package main

import (
    "bytes"
    "encoding/json"
    "fmt"
    "net/http"
)

func main() {
    body := map[string]interface{}{
        "reports": []map[string]interface{}{
            {"ip": "203.0.113.42", "category": "brute_force", "protocol": "ssh", "comment": "Multiple failed logins"},
            {"ip": "198.51.100.7", "category": "port_scan"},
            {"ip": "192.0.2.15", "category": 3, "protocol": "http"},
        },
    }

    jsonBody, _ := json.Marshal(body)
    req, _ := http.NewRequest("POST",
        "https://api.sikkerapi.com/v1/key/bulk-report",
        bytes.NewBuffer(jsonBody))

    req.Header.Set("Authorization", "Bearer sk_free_...")
    req.Header.Set("Content-Type", "application/json")

    client := &http.Client{}
    resp, _ := client.Do(req)
    defer resp.Body.Close()

    var result map[string]interface{}
    json.NewDecoder(resp.Body).Decode(&result)
    fmt.Printf("Accepted: %.0f/%.0f\n", result["accepted"], result["total"])
}
02

JSON Format

Send a JSON object with a reports array. Each element has the following fields:

FieldTypeRequiredDescription
ipstringYesIPv4 or IPv6 address to report.
categorystring | intYesAttack category. Can be a name (e.g. brute_force) or numeric ID (1-16). See the single report docs for the full category list.
protocolstringNoProtocol involved (e.g. ssh, http). Max 32 characters.
commentstringNoAdditional context about the suspicious activity. Max 1000 characters.
JSON body
{
  "reports": [
    {
      "ip": "203.0.113.42",
      "category": "brute_force",
      "protocol": "ssh",
      "comment": "Multiple failed logins"
    },
    {
      "ip": "198.51.100.7",
      "category": "port_scan"
    }
  ]
}
03

CSV Upload

Upload a CSV file using multipart/form-data with the field name file. Maximum file size is 2 MB.

ColumnRequiredDescription
1 — IPYesIPv4 or IPv6 address to report.
2 — CategoryYesCategory name or numeric ID (1-16).
3 — ProtocolNoProtocol (max 32 chars).
4 — CommentNoComment (max 1000 chars).

A header row is automatically detected and skipped if the first field does not look like an IP address. Both comma and semicolon delimiters are supported (auto-detected). Quoted fields are handled.

CSV file (reports.csv)
IP,Category,Protocol,Comment
203.0.113.42,brute_force,ssh,Multiple failed logins
198.51.100.7,port_scan,,
192.0.2.15,3,http,Exploit attempts
Upload CSV
curl -X POST "https://api.sikkerapi.com/v1/key/bulk-report" \
  -H "Authorization: Bearer sk_free_..." \
  -F "[email protected]"
import requests

with open("reports.csv", "rb") as f:
    response = requests.post(
        "https://api.sikkerapi.com/v1/key/bulk-report",
        headers={"Authorization": "Bearer sk_free_..."},
        files={"file": ("reports.csv", f, "text/csv")}
    )

result = response.json()
print(f"Accepted: {result['accepted']}/{result['total']}")
const formData = new FormData();
formData.append("file", csvFile); // File object from input or Blob

const response = await fetch("https://api.sikkerapi.com/v1/key/bulk-report", {
  method: "POST",
  headers: {
    "Authorization": "Bearer sk_free_..."
  },
  body: formData
});

const result = await response.json();
console.log(`Accepted: ${result.accepted}/${result.total}`);
<?php
$ch = curl_init("https://api.sikkerapi.com/v1/key/bulk-report");
curl_setopt_array($ch, [
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => [
        'file' => new CURLFile('reports.csv', 'text/csv')
    ],
    CURLOPT_HTTPHEADER => [
        "Authorization: Bearer sk_free_..."
    ]
]);

$response = curl_exec($ch);
$result = json_decode($response, true);
echo "Accepted: {$result['accepted']}/{$result['total']}\n";
04

Response

The response includes a summary of accepted and rejected reports. Invalid rows are listed individually in the errors array with row number, IP, and error message.

FieldTypeDescription
totalintTotal number of rows in the request.
acceptedintNumber of reports successfully submitted.
rejectedintNumber of reports that failed validation.
errorsarrayPer-row errors. Each entry has row, ip, and error.
200 - All accepted
{
  "total": 3,
  "accepted": 3,
  "rejected": 0,
  "errors": []
}
200 - Partial success
{
  "total": 3,
  "accepted": 2,
  "rejected": 1,
  "errors": [
    {
      "row": 2,
      "ip": "bad-ip",
      "error": "Invalid IP address"
    }
  ]
}
05

Error Codes

Top-level errors return a JSON object with an error field. Per-row validation errors are returned inside the errors array of a 200 response.

StatusMeaning
200Batch processed. Check accepted and errors for per-row results.
400Invalid request (empty body, exceeds 10,000 rows, bad JSON, empty CSV, etc.).
401Missing or invalid API key.
403API key is disabled or expired.
415Unsupported content type. Use application/json or multipart/form-data.
429Rate limit exceeded. Check Retry-After header.
503Upstream service unavailable.
400 - Too many rows
{
  "error": "Maximum 10,000 reports per request"
}
415 - Wrong content type
{
  "error": "Unsupported content type. Use application/json or multipart/form-data"
}
429 - Rate limited
{
  "error": "Rate limit exceeded"
}
06

Limits

LimitValue
Max reports per request10,000
Max CSV file size2 MB
Max request body size12 MB
Max protocol length32 characters
Max comment length1,000 characters
Duplicate IPs in batchRejected (first occurrence wins)

Report submissions share the daily report quota with the single /v1/key/report endpoint. Each accepted row in a bulk request counts as one report against your quota.

TierReports/Day
Free1,000
Basic7,000
Small Business14,000
Medium Business30,000
Large Business100,000

Rate limit headers on 429 responses:

Headers
HTTP/1.1 429 Too Many Requests
Retry-After: 5
Content-Type: application/json

Get started — Submit up to 10,000 reports per request with a free API key. Free tier includes 1,000 reports per day. Create free API key →