🚧
Special privileges required
File feeds endpoints are only available to users with a File feeds license. Contact us for more information.

With this endpoint you can download an individual one-minute batch by providing a time consisting of a string with format YYYYMMDDhhmm. Time 201912010802 will return the batch corresponding to December 1st, 2019 08:02 UTC. You can download batches up to 7 days old, and the most recent batch has always a 60 minutes lag respecting to the current time. This means that if the current time in UTC is T you can download batch T-60m but not T-59m or any more recent.

Successful calls to this endpoint will return a 302 redirect response to a URL from which the final batch file will be downloaded.

🚧
Missing batches
Missing batches are rare, but still can happen occasionally. This doesn't mean that you are losing any files in the feed, it just means that no batches were generated on a specific minute. The client code should be ready to accept a 404 error while retrieving a batch and proceed with the following one. However, receiving multiple 404 errors in a row for consecutive batches shouldn't happen and should be treated as an error condition.

The downloaded file is a bzip2 compressed UTF-8 text file contains one JSON structure per line, where the structure represents a file object as returned by the GET /files/{id} endpoint. Besides the standard attributes usually found in all file objects, two additional context attributes are also included: download_url and submitter. The download_url attribute is a link that can be used to download the file itself, while submitter is a dictionary with lossy-ciphered non-identifiable information about who submitted the file to Google Threat Intelligence. Notice however that submitter is not present in all files, it will be absent when files are submitted via the web interface without triggering a new analysis due to recent submissions, or when files are re-analyzed by Google TI without being submitted by some external user.