ThreatQ provides a comprehensive REST API documentation and an extensive Swagger collection, making it easy to explore available endpoints and parameters. However, we’ve heard that developers and analysts could benefit from use-case–based documentation — examples that walk through common workflows and best practices for interacting with the API.
This type of documentation could help:
-
Understand best practices for using the API effectively
-
Avoid inefficient or unsupported methods for common operations
-
Get started faster with real-world, task-based examples
We’d like your input on what would be most helpful:
-
What API use cases do you find yourself repeating or struggling to document?
-
Would you prefer Python examples or other scripting languages?
-
How detailed should examples be (step-by-step, or just reference snippets)?
-
Which topics should be prioritized — e.g.:
-
Uploading attachments via the API and parsing content for IOCs
-
Bulk searching IOCs using Threat Library filters
-
Creating observation events with related indicators
-
Paginating through exports
-
Creating and using data collections
-
Bulk creating IOCs with relationships
-
Your feedback will help us understand what kinds of API examples and use cases would deliver the most value for your teams.
👉 If you have a specific idea — like a particular workflow, endpoint example, or preferred format — please create a new Idea describing the use cases or examples you’d like to see added to the ThreatQ API documentation.
