DNSFilter
**Note:** If you are a distributor integrating with DNSFilter, please check out our [Distributors Development Guide](/docs/distributors).### Authentication- Authentication is required for most, but not all, endpoints.- Authentication is done by setting the `Authorization` request header. The header value is the API key itself. For example: `Authorization: eyJ...`- An API key can be obtained through the DNSFilter dashboard under Account Settings. For additional information see [this KB article](https://help.dnsfilter.com/hc/en-us/articles/21169189058323-API-Tokens).### Rate Limiting- All endpoints are rate limited.- The limits may vary by endpoint, but are generally consistent.- When the rate limit is exceeded the API will return the standard `429` HTTP status.- The following headers will also be provided in the response: `Retry-After`, `RateLimit-Policy`, `RateLimit`, `RateLimit-Limit`, `RateLimit-Remaining`, `RateLimit-Reset`. For details on the values of these headers, see the following articles [here](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Retry-After), [here](https://www.ietf.org/archive/id/draft-ietf-httpapi-ratelimit-headers-08.html), and [here](https://www.ietf.org/archive/id/draft-polli-ratelimit-headers-05.html).- For additional information see [this KB article](https://help.dnsfilter.com/hc/en-us/articles/38202811088403-API-Rate-Limits).### Error Handling- The API uses standard HTTP status codes to indicate success or failure.- For _V1_ endpoints the response format is: ```json { "error": "string", "type": "string(optional)" } ```- For _V2_ endpoints the response format is: ```json { "error": { "message": "string", "type": "string(optional)" } } ```### PaginationFor the _V1_ endpoints, the pagination parameters are nested. That is to say,if passed as JSON they look like this: `{"page[number]": 1, "page[size]": 10}`.To pass this information in the URL query string, it would be formatted likethis: `...?page%5Bnumber%5D=1&page%5Bsize%5D=10`.In this guide, the UI will indicate that `page` is an `object` and if youwant to set values when trying the request, you must enter it as if it wasthe JSON above.### A Quick ExampleThe following will return information about the currentlyauthenticated user.```bash% curl -H 'Authorization: ***' https://api.dnsfilter.com/v1/users/self{ "data": { "id": "12345", "type": "users", "attributes": { "name": "John Doe", "email": "john@example.com", ...additional fields...}}}```
Actions328
- AgentLocalUsers Actions
- ApiKeys Actions
- ApplicationCategories Actions
- Applications Actions
- Billings Actions
- BlockPages Actions
- Categories Actions
- CollectionUsers Actions
- User(Current) Actions
- Distributors Actions
- Health Check
- Update
- Show MSP
- Show Organization
- Reactivate suborg
- Users Search
- Show User
- Remove membership
- Get usage info
- Get user info by date
- Health Check
- MSP Search
- Show MSP
- Reactivate
- Show Organization
- Cancel suborganization
- Remove Sku
- Create user
- Reset password
- Get usage info by SKU
- Get
- Cancel suborganization
- Add Sku
- Add membership
- Create
- Update
- Reactivate
- Organizations Search
- Create suborganization
- Remove Sku
- Create user
- Update membership
- Reset password
- Reset password URL
- Get usage info by SKU
- Get
- Update
- Create
- Update
- Cancel
- Organizations Search
- Create suborganization
- Update suborganization
- Reactivate suborg
- Add Sku
- Show User
- Users Search
- Add membership
- Update membership
- Remove membership
- Reset password URL
- Get usage info
- Get user info by date
- DomainNotes Actions
- Domains Actions
- EnterpriseConnections Actions
- Invoices Actions
- IPAddresses Actions
- MACAddresses Actions
- Metrics Actions
- NetworkLANIPs Actions
- NetworkSubnets Actions
- Networks Actions
- OrganizationUsers Actions
- Organizations Actions
- PoliciesBulkActions Actions
- Policies Actions
- Get extant
- Get all
- Delete
- Get application
- Remove allow domain
- Add allow category
- Add block application
- Update permissive mode
- Create
- Show policy
- Update
- Update application
- Add block domain
- Remove block domain
- Add allow domain
- Add block category
- Remove block category
- Remove allow category
- Remove block application
- Get permissive mode
- PolicyIPs Actions
- ScheduledPolicies Actions
- ScheduledReportPreviews Actions
- ScheduledReports Actions
- TrafficReports Actions
- Total threats users
- Category reqs organizations
- Category reqs users
- Domain reqs organizations
- Domain reqs collections
- Collection reqs orgs
- Queries per second
- QPS users
- Top domains
- Top organizations
- Top users
- Organization stats
- Top Organizations Requests
- Deployments
- Application reqs org
- Total requests/time
- Total requests/organizations
- Total threats/time
- Total threats organizations
- Total threats clients
- Total threats collections
- Total category requests
- Category reqs clients
- Category reqs collections
- Total domain reqs
- Domain reqs users
- Total collection reqs
- Collection reqs clients
- Collection reqs users
- QPS organizations
- QPS clients
- QPS collections
- Top categories
- Top application categories
- Top networks
- Top collections
- Query Logs
- Domain stats
- Category stats
- Total Org Requests
- Total Domain Requests
- Total client stats
- Roaming clients
- Application requests
- Application reqs users
- Application reqs collections
- Application reqs clients
- Trials Actions
- UserAgentBulkDeletes Actions
- UserAgentBulkUpdates Actions
- UserAgentCleanups Actions
- UserAgentReleases Actions
- UserAgents Actions
- Users Actions
- UserUISettingsV2 Actions
- NetworksCSVExports Actions
- AgentLocalUserBulkDeletes Actions
- DictionaryLookups Actions
- PSAIntegrations Actions
- UserAgentCSVExports Actions
- CybersightCSVExports Actions
Overview
This node interacts with the DNSFilter API to suggest a threat for a given Fully Qualified Domain Name (FQDN). It allows users to mark a domain to verify its threat categorization by sending the FQDN, user notes, and optional security categories to the API. This is useful for security analysts or network administrators who want to report or verify potential threats associated with specific domains.
Use Case Examples
- A security analyst uses this node to submit a suspicious domain along with notes and suggested threat categories to DNSFilter for verification.
- A network administrator automates the process of reporting newly discovered malicious domains by providing the FQDN and relevant notes through this node.
Properties
| Name | Meaning |
|---|---|
| Fqdn | The Fully Qualified Domain Name (FQDN) to verify as a potential threat. |
| Notes | User notes about the threat suggestion or verification, providing context or additional information. |
| Categories | Optional suggested security categories as comma separated IDs to classify the threat. |
| Custom Body | Optional JSON to send arbitrary data in the request body, which overrides other fields if provided. |
| Custom Headers | Custom HTTP headers to include in the API request. |
| Query Filters | Query-string filters to add to the API request URL. |
| Batching | Settings to group input items into batches and pause between batches to avoid rate limiting. |
| Debug | When enabled, includes detailed debug information about the API request in the output. |
| Pagination | Settings to configure how pagination is handled for list operations. |
| Timeout | Time in milliseconds to wait for the server response before aborting the request. |
Output
JSON
jsondebug- Optional debug information including the actual URL, query parameters, headers, and body sent for the API request.
Dependencies
- DNSFilter API key credential
Troubleshooting
- Ensure the DNSFilter API key credential is correctly configured and has the necessary permissions.
- Check that the FQDN and notes fields are provided as they are required for the suggest threat operation.
- If rate limiting errors occur (HTTP 429), adjust batching settings to reduce request frequency.
- Enable debug option to get detailed request information for troubleshooting API call issues.
Links
- DNSFilter API Tokens - Information on obtaining and using API tokens for authentication.
- DNSFilter API Rate Limits - Details about rate limiting and how to handle it.