sikkerapi.com
  • Home
  • Single ReportBulk Report
  • Pricing
  • Blog
  • API OverviewIP CheckBlacklistReportBulk ReportTAXII FeedConfidence LevelData RetentionCLI ToolSikkerGuard
    IntegrationsFail2BanCSF FirewallNginxiptables / ipset
  • Email LookupUsername LookupDetection Catalog
  • Top CountriesTop ASNsTop ProtocolsTop IPs
    SMTP Wall of FameBehind The ScenesRange Alerts Guide
Log inSign up
Loading
© 2026 SikkerAPI
ProductPricingDocsReportThreat MapStatus
ResourcesBlogFAQAboutContactComparisons
LegalTermsPrivacyRemove Me

Report IP

POST /v1/key/report · Back to Overview

01

Endpoint

POST/v1/key/report

Submit a report for a suspicious IP address. Reports contribute to the community threat intelligence database and are factored into confidence level calculations.

Each report is associated with your API key. There is no deduplication - multiple reports for the same IP increase its report count, which is a signal in the risk scoring algorithm.

Request
curl -X POST "https://api.sikkerapi.com/v1/key/report" \
  -H "Authorization: Bearer sk_free_..." \
  -H "Content-Type: application/json" \
  -d '{
    "ip": "203.0.113.42",
    "category": "brute_force",
    "protocol": "ssh",
    "comment": "Multiple failed login attempts"
  }'
import requests

response = requests.post(
    "https://api.sikkerapi.com/v1/key/report",
    headers={
        "Authorization": "Bearer sk_free_...",
        "Content-Type": "application/json"
    },
    json={
        "ip": "203.0.113.42",
        "category": "brute_force",
        "protocol": "ssh",
        "comment": "Multiple failed login attempts"
    }
)

if response.json().get("success"):
    print("Report submitted successfully")
const response = await fetch("https://api.sikkerapi.com/v1/key/report", {
  method: "POST",
  headers: {
    "Authorization": "Bearer sk_free_...",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    ip: "203.0.113.42",
    category: "brute_force",
    protocol: "ssh",
    comment: "Multiple failed login attempts"
  })
});

const result = await response.json();
if (result.success) {
  console.log("Report submitted successfully");
}
<?php
$data = [
    'ip' => '203.0.113.42',
    'category' => 'brute_force',
    'protocol' => 'ssh',
    'comment' => 'Multiple failed login attempts'
];

$ch = curl_init("https://api.sikkerapi.com/v1/key/report");
curl_setopt_array($ch, [
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => json_encode($data),
    CURLOPT_HTTPHEADER => [
        "Authorization: Bearer sk_free_...",
        "Content-Type: application/json"
    ]
]);

$response = curl_exec($ch);
$result = json_decode($response, true);

if ($result['success']) {
    echo "Report submitted successfully\n";
}
package main

import (
    "bytes"
    "encoding/json"
    "fmt"
    "net/http"
)

func main() {
    report := map[string]string{
        "ip":       "203.0.113.42",
        "category": "brute_force",
        "protocol": "ssh",
        "comment":  "Multiple failed login attempts",
    }

    body, _ := json.Marshal(report)
    req, _ := http.NewRequest("POST",
        "https://api.sikkerapi.com/v1/key/report",
        bytes.NewBuffer(body))

    req.Header.Set("Authorization", "Bearer sk_free_...")
    req.Header.Set("Content-Type", "application/json")

    client := &http.Client{}
    resp, _ := client.Do(req)
    defer resp.Body.Close()

    var result map[string]interface{}
    json.NewDecoder(resp.Body).Decode(&result)

    if result["success"] == true {
        fmt.Println("Report submitted successfully")
    }
}
import java.net.http.*;
import java.net.URI;

String json = """
    {
        "ip": "203.0.113.42",
        "category": "brute_force",
        "protocol": "ssh",
        "comment": "Multiple failed login attempts"
    }
    """;

HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
    .uri(URI.create("https://api.sikkerapi.com/v1/key/report"))
    .header("Authorization", "Bearer sk_free_...")
    .header("Content-Type", "application/json")
    .POST(HttpRequest.BodyPublishers.ofString(json))
    .build();

HttpResponse<String> response = client.send(request,
    HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
using System.Net.Http;
using System.Net.Http.Headers;
using System.Text;
using System.Text.Json;

var client = new HttpClient();
client.DefaultRequestHeaders.Authorization =
    new AuthenticationHeaderValue("Bearer", "sk_free_...");

var report = new {
    ip = "203.0.113.42",
    category = "brute_force",
    protocol = "ssh",
    comment = "Multiple failed login attempts"
};

var content = new StringContent(
    JsonSerializer.Serialize(report),
    Encoding.UTF8,
    "application/json"
);

var response = await client.PostAsync(
    "https://api.sikkerapi.com/v1/key/report",
    content
);

var result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
import java.net.http.*
import java.net.URI

val json = """
    {
        "ip": "203.0.113.42",
        "category": "brute_force",
        "protocol": "ssh",
        "comment": "Multiple failed login attempts"
    }
""".trimIndent()

val client = HttpClient.newHttpClient()
val request = HttpRequest.newBuilder()
    .uri(URI.create("https://api.sikkerapi.com/v1/key/report"))
    .header("Authorization", "Bearer sk_free_...")
    .header("Content-Type", "application/json")
    .POST(HttpRequest.BodyPublishers.ofString(json))
    .build()

val response = client.send(request, HttpResponse.BodyHandlers.ofString())
println(response.body())
require 'net/http'
require 'json'

uri = URI("https://api.sikkerapi.com/v1/key/report")
request = Net::HTTP::Post.new(uri)
request["Authorization"] = "Bearer sk_free_..."
request["Content-Type"] = "application/json"
request.body = {
  ip: "203.0.113.42",
  category: "brute_force",
  protocol: "ssh",
  comment: "Multiple failed login attempts"
}.to_json

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) do |http|
  http.request(request)
end

result = JSON.parse(response.body)
puts "Report submitted successfully" if result["success"]
use reqwest::header::{AUTHORIZATION, CONTENT_TYPE, HeaderMap};
use serde::{Deserialize, Serialize};

#[derive(Serialize)]
struct Report {
    ip: String,
    category: String,
    protocol: String,
    comment: String,
}

#[derive(Deserialize)]
struct Response {
    success: bool,
}

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let mut headers = HeaderMap::new();
    headers.insert(AUTHORIZATION, "Bearer sk_free_...".parse()?);
    headers.insert(CONTENT_TYPE, "application/json".parse()?);

    let report = Report {
        ip: "203.0.113.42".to_string(),
        category: "brute_force".to_string(),
        protocol: "ssh".to_string(),
        comment: "Multiple failed login attempts".to_string(),
    };

    let client = reqwest::Client::new();
    let resp: Response = client
        .post("https://api.sikkerapi.com/v1/key/report")
        .headers(headers)
        .json(&report)
        .send()
        .await?
        .json()
        .await?;

    if resp.success {
        println!("Report submitted successfully");
    }
    Ok(())
}
02

Request Body

The request body must be JSON with the following fields:

FieldTypeRequiredDescription
ipstringYesIPv4 or IPv6 address to report.
categorystring | intYesAttack category. Can be a name (e.g. brute_force) or numeric ID (1-16).
protocolstringNoProtocol involved (e.g. ssh, http). Max 32 characters.
commentstringNoAdditional context about the suspicious activity. Max 1000 characters.
Minimal request
curl -X POST "https://api.sikkerapi.com/v1/key/report" \
  -H "Authorization: Bearer sk_free_..." \
  -H "Content-Type: application/json" \
  -d '{"ip": "203.0.113.42", "category": "brute_force"}'
import requests

requests.post(
    "https://api.sikkerapi.com/v1/key/report",
    headers={"Authorization": "Bearer sk_free_..."},
    json={"ip": "203.0.113.42", "category": "brute_force"}
)
await fetch("https://api.sikkerapi.com/v1/key/report", {
  method: "POST",
  headers: {
    "Authorization": "Bearer sk_free_...",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    ip: "203.0.113.42",
    category: "brute_force"
  })
});
<?php
$ch = curl_init("https://api.sikkerapi.com/v1/key/report");
curl_setopt_array($ch, [
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => json_encode([
        'ip' => '203.0.113.42',
        'category' => 'brute_force'
    ]),
    CURLOPT_HTTPHEADER => [
        "Authorization: Bearer sk_free_...",
        "Content-Type: application/json"
    ]
]);
curl_exec($ch);
Using numeric category
curl -X POST "https://api.sikkerapi.com/v1/key/report" \
  -H "Authorization: Bearer sk_free_..." \
  -H "Content-Type: application/json" \
  -d '{"ip": "2001:db8::1", "category": 1}'
import requests

# Using numeric category ID (1 = brute_force)
requests.post(
    "https://api.sikkerapi.com/v1/key/report",
    headers={"Authorization": "Bearer sk_free_..."},
    json={"ip": "2001:db8::1", "category": 1}
)
// Using numeric category ID (1 = brute_force)
await fetch("https://api.sikkerapi.com/v1/key/report", {
  method: "POST",
  headers: {
    "Authorization": "Bearer sk_free_...",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    ip: "2001:db8::1",
    category: 1
  })
});
<?php
// Using numeric category ID (1 = brute_force)
$ch = curl_init("https://api.sikkerapi.com/v1/key/report");
curl_setopt_array($ch, [
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => json_encode([
        'ip' => '2001:db8::1',
        'category' => 1
    ]),
    CURLOPT_HTTPHEADER => [
        "Authorization: Bearer sk_free_...",
        "Content-Type: application/json"
    ]
]);
curl_exec($ch);
03

Categories

Reports must specify a category describing the type of suspicious activity observed. You can use either the string name or numeric ID.

IDNameDescription
1brute_forceBrute force / credential stuffing attacks
2port_scanPort scanning / reconnaissance
3ddosDDoS / botnet activity
4web_exploitWeb application exploitation
5sql_injectionSQL injection attempts
6phishingPhishing / social engineering
7spamSpam / email abuse
8bad_botBad bots / scrapers
9exploited_hostCompromised / exploited host
10malwareMalware distribution
11dns_abuseDNS abuse / tunneling
12open_proxyOpen proxy / relay
13iot_targetedIoT device targeting
14spoofingIP / identity spoofing
15fraudFraud / financial abuse
16otherOther suspicious activity

Both formats are equivalent:

String category
{
  "ip": "203.0.113.42",
  "category": "brute_force"
}
Numeric category
{
  "ip": "203.0.113.42",
  "category": 1
}
04

Response

A successful report returns a simple confirmation. Errors return a JSON object with an error field.

StatusMeaning
200Report submitted successfully.
400Invalid request (bad IP, missing category, etc.).
401Missing or invalid API key.
403API key is disabled or expired.
429Rate limit exceeded. Check Retry-After header.
200 - Success
{
  "success": true
}
400 - Invalid IP
{
  "error": "Invalid IP address"
}
400 - Invalid Category
{
  "error": "Invalid category (use 1-16 or name like 'brute_force')"
}
429 - Rate Limited
{
  "error": "Rate limit exceeded"
}
05

Rate Limits

Report submissions are rate-limited per API key. Limits vary by tier:

TierReports/Day
Free1,000
Basic7,000
Small Business14,000
Medium Business30,000
Large Business100,000

When rate limited, the response includes a Retry-After header indicating how many seconds to wait before retrying.

Rate limit headers on 429 responses:

Headers
HTTP/1.1 429 Too Many Requests
Retry-After: 5
Content-Type: application/json

Get started — Start reporting suspicious IPs to the community threat database. Free tier includes 1,000 reports per day. Create free API key →