API Service
Threat Cloud API
Configurable port — IoC management, threat feeds, campaign tracking, MITRE heatmaps,
geographic queries, and audit logs.
Base URL
| Service | Default Base URL | TLS |
|---|---|---|
| Threat Cloud | https://tc.panguard.ai or http://localhost:PORT | Optional |
Authentication
Threat Cloud endpoints that require authentication use an API key in theAuthorization header.
Common Response Format
Every API endpoint returns a consistent JSON envelope:- Success
- Error
Rate Limiting
The API enforces rate limiting to protect against abuse.| Service | Default Limit | Scope |
|---|---|---|
| Threat Cloud | Varies by endpoint | Per API key |
429 status code with a Retry-After header indicating when to retry.
Error Codes
| Status Code | Meaning | Description |
|---|---|---|
200 | OK | Request succeeded |
201 | Created | Resource created successfully |
400 | Bad Request | Invalid request body or missing required fields |
401 | Unauthorized | Missing or invalid authentication token |
403 | Forbidden | Valid token but insufficient permissions |
404 | Not Found | Requested resource does not exist |
429 | Too Many Requests | Rate limit exceeded, check Retry-After header |
500 | Internal Server Error | Unexpected server error, retry with backoff |
Content Type
All request and response bodies useapplication/json unless otherwise noted. Feed endpoints may return text/plain for blocklist formats.
Pagination
Endpoints that return collections support pagination via query parameters:Page number (1-indexed).
Number of items per page. Maximum 200.
Next Steps
Threat Cloud API
Query and submit threat intelligence.
Configuration
Configure API ports, tokens, and settings.