Special privileges required
File feeds endpoints are only available to users with a File feeds license. Contact us for more information.
With this endpoint you can download an individual one-minute batch by providing a time
consisting of a string with format YYYYMMDDhhmm
. Time 201912010802
will return the batch corresponding to December 1st, 2019 08:02 UTC. You can download batches up to 7 days old, and the most recent batch has always a 60 minutes lag respecting to the current time. This means that if the current time in UTC is T
you can download batch T-60m
but not T-59m
or any more recent.
Successful calls to this endpoint will return a 302
redirect response to a URL from which the final batch file will be downloaded.
Missing batches
Missing batches are rare, but still can happen occasionally. This doesn't mean that you are losing any files in the feed, it just means that no batches were generated on a specific minute. The client code should be ready to accept a
404
error while retrieving a batch and proceed with the following one. However, receiving multiple404
errors in a row for consecutive batches shouldn't happen and should be treated as an error condition.
The downloaded file is a bzip2 compressed UTF-8 text file contains one JSON structure per line, where the structure represents a file object as returned by the GET /files/{id} endpoint. Besides the standard attributes usually found in all file objects, two additional context attributes are also included: download_url
and submitter
. The download_url
attribute is a link that can be used to download the file itself, while submitter
is a dictionary with lossy-ciphered non-identifiable information about who submitted the file to Google Threat Intelligence. Notice however that submitter
is not present in all files as some files are re-analyzed by Google TI without being submitted by some external user.