Your first lookup

Go from zero to a working API call in under two minutes.

This guide walks you through creating an account, getting an API key, and running your first IOC lookup.

1. Create an account

Sign up at reput.io/auth/signup. The Free plan gives you 500 queries/day with no credit card — enough to integrate and validate before committing to a paid tier.

2. Grab your API key

After signing in, go to the dashboard. A "Default" key is generated automatically on your first visit and shown once in full at the top of the page. Copy it now — the full value is not stored, only a hash + the rpt_abcd1234… prefix for display.

Treat your API key like a password

Keys never expire, so a leaked key is a liability until you revoke it. Don't commit it to source control, don't paste it into Slack, and rotate it the second you suspect exposure.

If you ever lose the value, just revoke the old key and generate a new one from the same dashboard.

3. Run your first lookup

curl

curl -X POST https://api.reput.io/lookup \
  -H "X-Api-Key: rpt_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"indicators": ["8.8.8.8", "cloudflare.com"]}'

Python

import requests

API_KEY = "rpt_your_api_key_here"

r = requests.post(
    "https://api.reput.io/lookup",
    headers={"X-Api-Key": API_KEY, "Content-Type": "application/json"},
    json={"indicators": ["8.8.8.8", "cloudflare.com"]},
    timeout=10,
)
r.raise_for_status()
for result in r.json()["results"]:
    print(result["indicator"], "→", result["status"], result["verdict"])

Node.js

const res = await fetch('https://api.reput.io/lookup', {
  method: 'POST',
  headers: {
    'X-Api-Key': process.env.REPUTIO_API_KEY,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ indicators: ['8.8.8.8', 'cloudflare.com'] }),
})
const { results } = await res.json()
console.log(results)

4. What you get back

A successful response looks like this (trimmed for readability):

{
  "results": [
    {
      "indicator": "8.8.8.8",
      "status": "whitelisted",
      "type": "ip",
      "verdict": "likely_benign",
      "confidence_level": "very_high",
      "confidence_score": 97,
      "risk_level": "info",
      "risk_context": "Critical Infrastructure",
      "recommendation": {
        "action": "allow",
        "false_positive_likelihood": "very_low"
      },
      "provider": { "name": "Public DNS Resolver", "type": "critical_infrastructure" }
    },
    {
      "indicator": "cloudflare.com",
      "status": "whitelisted",
      "type": "domain",
      "verdict": "likely_benign",
      "confidence_score": 100,
      "provider": { "name": "Cloudflare", "type": "cdn_security" }
    }
  ]
}

The fields returned depend on your plan — Free gets the essentials, Starter unlocks provider detection and scoring, Pro+ adds investigation hints and forensic context. See Plan-based features for the full field matrix.

Next steps

Authentication — API keys vs. JWTs, team keys, and rotation
Lookup endpoint — the complete field reference
Rate limits — daily / burst limits and team-pool sharing
Webhooks — get notified when high-risk IOCs appear (Pro+)

PreviousIntroduction Next Authentication