Signal API
The Signal API allows you to submit security events and signals for threat detection and analysis.
Base URL
https://api.gen0sec.com
Authentication
All API requests require authentication using a Bearer token in the Authorization header:
Authorization: Bearer <your-api-key>
Endpoints
Submit Signal Event
Submit a security signal event for processing.
Endpoint: POST /v1/signal
Request Body:
The endpoint accepts a batch of signal events as an array. You can send one or multiple events in a single request (up to 1000 events per batch).
Single Event Examples:
Block by IP address:
[
{
"type": "access_rules",
"action": "block",
"ip": "192.168.1.100",
"expiration": 3600,
"description": "Blocked due to suspicious activity",
"name": "suspicious-ip-block"
}
]
Block by ASN:
[
{
"type": "access_rules",
"action": "block",
"asn": "AS12345",
"expiration": 3600,
"description": "Blocked ASN due to malicious activity",
"name": "suspicious-asn-block"
}
]
Block by Country:
[
{
"type": "access_rules",
"action": "block",
"country": "US",
"expiration": 3600,
"description": "Blocked country due to threat intelligence",
"name": "suspicious-country-block"
}
]
Batch Example (Multiple Events):
[
{
"type": "access_rules",
"action": "block",
"ip": "192.168.1.100",
"description": "Blocked IP"
},
{
"type": "access_rules",
"action": "block",
"asn": "AS12345",
"description": "Blocked ASN"
},
{
"type": "access_rules",
"action": "block",
"country": "US",
"description": "Blocked country"
}
]
Parameters:
type(string, required): Event type. Currently supports:"access_rules"action(string, required): Action to take. Valid values:"block"or"unblock"ip(string, optional): IP address to block/unblock (IPv4 or IPv6, CIDR notation supported)asn(string, optional): ASN to block/unblock (format:AS12345, must exist in database)country(string, optional): Country code to block/unblock (ISO-3166 Alpha-2 format, e.g.,US,GB,JP)expiration(integer, optional): Expiration time in secondsdescription(string, optional): Description of the signal eventname(string, optional): Name identifier for the signal
Note:
- Exactly one of
ip,asn, orcountrymust be provided and non-empty per event. You cannot provide multiple fields simultaneously in a single event. - The endpoint accepts a batch of events (array format). Maximum batch size is 1000 events per request.
Response:
The endpoint processes events in batch and returns a summary of the processing results.
Success (200) - All events processed successfully:
{
"success": true,
"message": "Processed 3 entries, 0 failed"
}
Partial Success (206) - Some events failed:
{
"success": false,
"message": "Processed 2 entries, 1 failed",
"errors": [
"Entry 1: Schema validation failed: country: Country must be a valid ISO-3166 Alpha-2 code (e.g., US, GB, JP)"
]
}
Error (400):
{
"error": "ValidationError",
"message": "Validation failed",
"details": [
{
"field": "action",
"message": "must be one of: block, unblock",
"value": "invalid"
}
],
"code": 400
}
Error (401):
{
"error": "Unauthorized",
"message": "Invalid or missing API key",
"code": 401
}
Interactive Documentation
Interactive API documentation is available at:
https://api.gen0sec.com/docs/signal/swagger/
Example Usage
Block by IP Address
curl -X POST https://api.gen0sec.com/v1/signal \
-H "Authorization: Bearer your-api-key" \
-H "Content-Type: application/json" \
-d '[
{
"type": "access_rules",
"action": "block",
"ip": "192.168.1.100",
"description": "Blocked due to suspicious activity"
}
]'
Block by ASN
curl -X POST https://api.gen0sec.com/v1/signal \
-H "Authorization: Bearer your-api-key" \
-H "Content-Type: application/json" \
-d '[
{
"type": "access_rules",
"action": "block",
"asn": "AS12345",
"description": "Blocked ASN due to malicious activity"
}
]'
Block by Country
curl -X POST https://api.gen0sec.com/v1/signal \
-H "Authorization: Bearer your-api-key" \
-H "Content-Type: application/json" \
-d '[
{
"type": "access_rules",
"action": "block",
"country": "US",
"description": "Blocked country due to threat intelligence"
}
]'
Batch Request (Multiple Events)
curl -X POST https://api.gen0sec.com/v1/signal \
-H "Authorization: Bearer your-api-key" \
-H "Content-Type: application/json" \
-d '[
{
"type": "access_rules",
"action": "block",
"ip": "192.168.1.100",
"description": "Blocked IP"
},
{
"type": "access_rules",
"action": "block",
"asn": "AS12345",
"description": "Blocked ASN"
},
{
"type": "access_rules",
"action": "block",
"country": "US",
"description": "Blocked country"
}
]'
Python
import requests
url = "https://api.gen0sec.com/v1/signal"
headers = {
"Authorization": "Bearer your-api-key",
"Content-Type": "application/json"
}
# Block by IP (single event in batch)
data = [
{
"type": "access_rules",
"action": "block",
"ip": "192.168.1.100",
"description": "Blocked due to suspicious activity"
}
]
# Block by ASN (single event in batch)
data = [
{
"type": "access_rules",
"action": "block",
"asn": "AS12345",
"description": "Blocked ASN due to malicious activity"
}
]
# Block by Country (single event in batch)
data = [
{
"type": "access_rules",
"action": "block",
"country": "US",
"description": "Blocked country due to threat intelligence"
}
]
# Batch request (multiple events)
data = [
{
"type": "access_rules",
"action": "block",
"ip": "192.168.1.100",
"description": "Blocked IP"
},
{
"type": "access_rules",
"action": "block",
"asn": "AS12345",
"description": "Blocked ASN"
},
{
"type": "access_rules",
"action": "block",
"country": "US",
"description": "Blocked country"
}
]
response = requests.post(url, json=data, headers=headers)
print(response.json())
Go
package main
import (
"bytes"
"encoding/json"
"net/http"
)
func main() {
url := "https://api.gen0sec.com/v1/signal"
// Block by IP (single event in batch)
data := []map[string]interface{}{
{
"type": "access_rules",
"action": "block",
"ip": "192.168.1.100",
"description": "Blocked due to suspicious activity",
},
}
// Block by ASN (single event in batch)
data = []map[string]interface{}{
{
"type": "access_rules",
"action": "block",
"asn": "AS12345",
"description": "Blocked ASN due to malicious activity",
},
}
// Block by Country (single event in batch)
data = []map[string]interface{}{
{
"type": "access_rules",
"action": "block",
"country": "US",
"description": "Blocked country due to threat intelligence",
},
}
// Batch request (multiple events)
data = []map[string]interface{}{
{
"type": "access_rules",
"action": "block",
"ip": "192.168.1.100",
"description": "Blocked IP",
},
{
"type": "access_rules",
"action": "block",
"asn": "AS12345",
"description": "Blocked ASN",
},
{
"type": "access_rules",
"action": "block",
"country": "US",
"description": "Blocked country",
},
}
jsonData, _ := json.Marshal(data)
req, _ := http.NewRequest("POST", url, bytes.NewBuffer(jsonData))
req.Header.Set("Authorization", "Bearer your-api-key")
req.Header.Set("Content-Type", "application/json")
client := &http.Client{}
resp, _ := client.Do(req)
defer resp.Body.Close()
}
Rate Limits
API rate limits apply to prevent abuse. Contact support if you need higher limits.
Support
For API support, visit:
- Discord: https://discord.com/invite/jzsW5Q6s9q
- Email: [email protected]