> ## Documentation Index
> Fetch the complete documentation index at: https://docs.socdefenders.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# SOC Defenders REST API overview

> The SOC Defenders API provides programmatic access to IOC feeds, article aggregation, CVE data, and TAXII threat intelligence. Base URL and available endpoints.

The SOC Defenders REST API gives you programmatic access to aggregated threat intelligence from 30+ cybersecurity sources. You can retrieve IOCs, query enriched articles, export data in industry-standard formats (STIX 2.1, MISP, CEF, OpenIOC, Sigma), and poll a TAXII 2.1 server — all over HTTPS using JSON responses.

## Base URL

All API requests go to:

```
https://socdefenders.ai
```

Version 1 endpoints are available under the `/api/v1/` path prefix. For example:

```
https://socdefenders.ai/api/v1/iocs
```

## Response format

All endpoints return JSON by default. Some endpoints support alternative output formats (such as STIX 2.1 bundles, MISP events, or Sigma YAML) — these are noted in the individual endpoint references.

## Authentication

Every request requires an API key. Pass it as a Bearer token in the `Authorization` header or in the `X-API-Key` header. See [Authentication](/api-reference/authentication) for details.

## Available endpoints

| Endpoint                    | Tier | Description                                                                      |
| --------------------------- | ---- | -------------------------------------------------------------------------------- |
| `GET /api/v1/iocs`          | Free | List IOCs with filtering by type, category, confidence, date range, and industry |
| `GET /api/v1/iocs/search`   | Free | Find a specific IOC value across the feed                                        |
| `GET /api/v1/lookup`        | Free | Single-IOC enrichment with AI risk score, MITRE techniques, and hunting queries  |
| `GET /api/v1/articles`      | Free | Aggregated news articles with full-text search, filters, and delta polling       |
| `GET /api/v1/articles/{id}` | Free | Single article with IOC, CVE, threat actor, and MITRE technique expansions       |
| `GET /api/v1/iocs/stats`    | Pro  | IOC totals broken down by type, category, and source                             |
| `GET /api/v1/iocs/stix`     | Pro  | STIX 2.1 bundle containing indicators and identity objects                       |
| `GET /api/v1/iocs/misp`     | Pro  | MISP JSON event                                                                  |
| `GET /api/v1/iocs/cef`      | Pro  | CEF/Syslog stream for SIEM ingestion                                             |
| `GET /api/v1/iocs/openioc`  | Pro  | OpenIOC XML document                                                             |
| `GET /api/v1/iocs/sigma`    | Pro  | Multi-document Sigma YAML detection rules per IOC                                |
| `GET /api/taxii2/`          | Pro  | TAXII 2.1 discovery — API roots and server metadata                              |

For limits on results per request, lookback periods, and request quotas by tier, see [Rate limits](/api-reference/rate-limits).

## OpenAPI specification

The machine-readable OpenAPI spec is available at:

```
https://socdefenders.ai/api/openapi.json
```

You can import it into Postman, Insomnia, or any OpenAPI-compatible tooling to explore and test the API interactively.
