Use this endpoint to subscribe to a certain Vulnerability and receive IoC Stream (and email) notifications when new IoCs are added to it. This endpoint can be used to update the subscription preferences as well.

It requires a subscription descriptor as follows:

{
    "data":
    {
        "type": "subscription_preferences",
        "attributes":
        {
            "notification_emails": "<_list of strings_> list of email addresses where notifications are sent. An empty list means that email notifications are not enabled, and only IoC Stream notifications are generated",
            "daily_email": "<_boolean_> whether email notifications are sent by IoC or as a daily digest"
        }
    }
}

Examples

Subscribe to the Vulnerability with vulnerability--cve-2025-53164 identifier, to get only IoC Stream notifications.

import requests

object_id = "vulnerability--cve-2025-53164"
url = f"https://www.virustotal.com/api/v3/collections/{object_id}/subscription_preferences"
payload = {
    "data": {
        "attributes": {
            "notification_emails": [],
            "daily_email": False
        },
        "type": "subscription_preferences"
    }
}
headers = {
    "accept": "application/json","x-apikey": <api-key>, "content-type": "application/json"
}
response = requests.post(url, json=payload,headers=headers)

Update your subscription to the Vulnerability with vulnerability--cve-2025-53164 identifier to also receive daily digest email notifications (you and one of your colleagues).

import requests

object_id = "vulnerability--cve-2025-53164"
email_address_1 = "your_email_address"
email_address_2 = "your_colleague_email_address"
url = f"https://www.virustotal.com/api/v3/collections/{object_id}/subscription_preferences"
payload = {
    "data": {
        "attributes": {
            "notification_emails": [email_address_1, email_address_2],
            "daily_email": True
        },
        "type": "subscription_preferences"
    }
}
headers = {
    "accept": "application/json","x-apikey": <api-key>, "content-type": "application/json"
}
response = requests.post(url, json=payload,headers=headers)

Subscribe to the Vulnerability with vulnerability--cve-2025-53164 identifier, to get IoC Stream notifications and email notifications every time a new IoC is added to it.

import requests

object_id = "vulnerability--cve-2025-53164"
email_address = "your_email_address"
url = f"https://www.virustotal.com/api/v3/collections/{object_id}/subscription_preferences"
payload = {
    "data": {
        "attributes": {
            "notification_emails": [email_address],
            "daily_email": False
        },
        "type": "subscription_preferences"
    }
}
headers = {
    "accept": "application/json","x-apikey": <api-key>, "content-type": "application/json"
}
response = requests.post(url, json=payload,headers=headers)

200200

400400