> ## Documentation Index
> Fetch the complete documentation index at: https://docs.socdefenders.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# GET /api/v1/articles/{id} — single article with expansions

> Retrieve a single article by ID with all enrichment expansions: extracted IOCs, CVEs, threat actors, MITRE ATT&CK techniques, and an AI summary. Free tier.

Fetching an article by its ID returns the full record including all enrichment expansions computed by the SOC Defenders platform: extracted indicators of compromise, referenced CVEs, attributed threat actors, and mapped MITRE ATT\&CK techniques. An AI-generated summary is also included. This endpoint is available on the Free tier.

## Endpoint

**Method:** `GET https://socdefenders.ai/api/v1/articles/{id}`

**Authentication:** Required — pass your API key in the `Authorization` header as a Bearer token.

**Tier:** Free.

## Path parameters

<ParamField path="id" type="string" required>
  The UUID of the article. You can obtain article IDs from the list endpoint at `GET /api/v1/articles`.
</ParamField>

## Example request

```bash theme={null}
curl -H "Authorization: Bearer sk_live_YOUR_KEY" \
  "https://socdefenders.ai/api/v1/articles/d0d2789a-cf57-4bfc-aaa5-cf9111a08f1c"
```

## Example response

```json theme={null}
{
  "id": "d0d2789a-cf57-4bfc-aaa5-cf9111a08f1c",
  "title": "Example Security Article",
  "url": "https://example.com/article",
  "source": "bleepingcomputer.com",
  "published_at": "2024-01-15T10:00:00Z",
  "summary": "AI-generated summary of the article content.",
  "categories": ["vulnerabilities"],
  "severity": "high",
  "tags": ["#vulnerability", "#exploit"],
  "iocs": [
    { "type": "ipv4", "value": "192.0.2.1" },
    { "type": "domain", "value": "evil.example.com" }
  ],
  "cves": ["CVE-2024-1234"],
  "threat_actors": ["APT28"],
  "mitre_techniques": [
    { "id": "T1566", "name": "Phishing" }
  ],
  "points": 3,
  "comment_count": 2
}
```

## Response fields

<ResponseField name="id" type="string">
  Unique article UUID.
</ResponseField>

<ResponseField name="title" type="string">
  Article title as published by the source.
</ResponseField>

<ResponseField name="url" type="string">
  Canonical URL of the original article.
</ResponseField>

<ResponseField name="source" type="string">
  Domain of the publishing source, for example `bleepingcomputer.com` or `cisa.gov`.
</ResponseField>

<ResponseField name="published_at" type="string">
  ISO 8601 timestamp of when the article was published by the source.
</ResponseField>

<ResponseField name="summary" type="string">
  AI-generated plain-text summary of the article content. Useful for triage without reading the full source.
</ResponseField>

<ResponseField name="categories" type="string[]">
  Array of category labels, for example `["vulnerabilities", "ransomware"]`.
</ResponseField>

<ResponseField name="severity" type="string">
  Assessed severity level: `critical`, `high`, `medium`, or `low`.
</ResponseField>

<ResponseField name="tags" type="string[]">
  Array of extracted hashtag-style tags.
</ResponseField>

<ResponseField name="iocs" type="object[]">
  Array of indicators of compromise extracted from the article. Each object contains a `type` (e.g. `ipv4`, `domain`, `md5`, `sha256`, `url`) and a `value` string.

  <Expandable title="properties">
    <ResponseField name="iocs[].type" type="string">
      IOC type. Possible values: `ipv4`, `ipv6`, `domain`, `url`, `md5`, `sha1`, `sha256`, `email`, `cve`.
    </ResponseField>

    <ResponseField name="iocs[].value" type="string">
      The raw indicator value, for example an IP address string or domain name.
    </ResponseField>
  </Expandable>
</ResponseField>

<ResponseField name="cves" type="string[]">
  Array of CVE identifiers referenced in the article, for example `["CVE-2024-1234"]`.
</ResponseField>

<ResponseField name="threat_actors" type="string[]">
  Array of threat actor names attributed to or mentioned in the article, for example `["APT28", "Lazarus Group"]`.
</ResponseField>

<ResponseField name="mitre_techniques" type="object[]">
  Array of MITRE ATT\&CK techniques mapped to the article content.

  <Expandable title="properties">
    <ResponseField name="mitre_techniques[].id" type="string">
      MITRE ATT\&CK technique ID, for example `T1566`.
    </ResponseField>

    <ResponseField name="mitre_techniques[].name" type="string">
      Human-readable technique name, for example `Phishing`.
    </ResponseField>
  </Expandable>
</ResponseField>

<ResponseField name="points" type="integer">
  Relevance or engagement score assigned to the article by the platform.
</ResponseField>

<ResponseField name="comment_count" type="integer">
  Number of community comments on the article within the SOC Defenders platform.
</ResponseField>
