Although the default Google Threat Intelligence API authorization method is via API keys, Threat Lists endpoints allow authorization tokens via query parameters for users whose integrations do not allow the X-Apikey custom header implemented for all endpoints.

Examples

Generate a new authorization token.

import requests

url = "https://www.virustotal.com/api/v3/auth/auth_token"
headers = {"accept": "application/json","x-apikey": <api-key>}
response = requests.post(url, headers=headers)
print(response.text)

curl -X POST https://www.virustotal.com/api/v3/auth/auth_token -H "X-Apikey: <api-key>"

Retrieve the latest Ransomware threat list via authorization token

import requests

auth_token = "<newly generated token>"
url = f"https://www.virustotal.com/api/v3/threat_lists/ransomware/latest?auth_token={auth_token}"
headers = {"accept": "application/json"}
response = requests.get(url, headers=headers)
print(response.text)

200200

400400