SecureNow API Documentation

The SecureNow API provides AI-powered threat intelligence, IP reputation scoring, and security automation for your applications. Public endpoints require no authentication.

🔓

Free Public API

No API key needed. Query IP intelligence instantly.

🤖

AI-Powered

Threat verdicts, bot detection, and attack classification.

⚡

Real-Time

Sub-second responses with 24h intelligent caching.

Authentication

Public API — No Auth Required

All endpoints under /api/public/* are free and require no authentication. Just send a request and get results.

Authenticated API — Bearer Token

Platform endpoints require a Bearer token. Obtain one by signing into the SecureNow dashboard or by using the CLI.

bash

# CLI login (generates a session token)
npx securenow login

# Use the token in requests
curl -H "Authorization: Bearer YOUR_TOKEN" \
  https://api.securenow.ai/api/applications

Runtime SDK - API Key

The SDK uses a per-app snk_live_... runtime API key to authenticate telemetry ingestion and firewall sync. npx securenow app connect writes it to.securenow/runtime.json; admin login is separate.

javascript

import { SecureNow } from "securenow";

const securenow = new SecureNow({
  apiKey: "snk_live_replace_me",
});

Base URLs

Environment	URL	Use
Production API	`https://api.securenow.ai`	All API requests
Dashboard	`https://app.securenow.ai`	User login, settings
OTLP Endpoint	`https://ingest.securenow.ai`	Trace ingestion (OpenTelemetry)

Rate Limits

Rate limits are applied per client IP address. Exceeding the limit returns a 429 status with a retryAfter field indicating seconds to wait.

Endpoint	Limit	Cache
`/api/public/ip-intel/:ip`	10 req/min	1 hour (public), 24h (server)
`/api/public/ip-intel/recent-ips`	2 req/min	24 hours
`/api/public/ip/:ip`	10 req/min	1 hour
Authenticated endpoints	Varies by plan	—

Error Handling

All errors return a JSON body with an error field. HTTP status codes follow standard conventions.

Status	Meaning	Example
400	Bad Request	`{ "error": "Only IPv4 addresses are currently supported" }`
401	Unauthorized	`{ "error": "Authentication required" }`
404	Not Found	`{ "error": "Resource not found" }`
429	Rate Limited	`{ "error": "Rate limit exceeded. Max 10 requests per minute.", "retryAfter": 60 }`
500	Server Error	`{ "error": "Failed to fetch IP intelligence" }`

SDKs & Collections

📦

npm Package

CLI + SDK for Node.js, Next.js, Nuxt, and Express.

bash

npm install securenow@latest

View on npm →

🟠

Postman Collection

Import into Postman or Insomnia. All endpoints pre-configured.

📄

OpenAPI Spec

OpenAPI 3.1 spec for code generation and tooling.

View openapi.json

SDK Setup

Install the npm package and integrate with your framework. See also: CLI Reference | Download SKILL.md files

Installation

The securenow package includes the SDK (tracing, logging, body capture, firewall), CLI binary, MCP server, and framework integrations. Install the latest package, then connect with the credentials-first login flow.

Project dependency

npm install securenow@latest

Global CLI

npm install -g securenow@latest

Connect

npx securenow login

Current flow: npx securenow login picks or creates the app, enables the firewall, and writes runtime app config plus the runtime API key to .securenow/runtime.json. Admin/control-plane auth lives separately in .securenow/admin.json. Environment variables are not required for SDK runtime setup.

Requires: Node.js 18+. CommonJS package, works on macOS, Linux, and Windows.

Framework Integration

Pick your framework below. Most need zero code changes — just a preload flag or one config line.

Express / Node

0 lines changed

bash

# Connect once. This writes .securenow/runtime.json.
npx securenow login

# Then add the preload flag — zero code changes.
node -r securenow/register src/index.js

# Or use the CLI
npx securenow run src/index.js

# PM2 ecosystem.config.cjs
module.exports = {
  apps: [{
    script: './app.js',
    node_args: '-r securenow/register',
  }],
};

Runtime Configuration

SecureNow boots from .securenow/runtime.json locally, then legacy/generated runtime credential files. Production should mount the tokenless runtime export as .securenow/credentials.json or .securenow/credentials.<env>.json.

Variable	Default	Description
.securenow/runtime.json	local SDK runtime	Generated by `npx securenow login` or `npx securenow app connect`. Stores app identity, runtime API key, ingest routing, and SDK defaults.
.securenow/admin.json	admin CLI/MCP	Generated by `npx securenow admin login` or the friendly login flow. Stores admin/control-plane auth only.
.securenow/credentials.json	legacy/prod mount	Legacy combined credentials are still read. Production should mount the tokenless runtime export here when needed.
.securenow/credentials.<env>.json	production export	Generated by `npx securenow credentials runtime --env production`; accepted directly when credentials.json is absent.

Public API Reference

Free endpoints — no authentication required.

Get IP Intelligence

GEThttps://api.securenow.ai/api/public/ip-intel/{ip}

Returns a comprehensive AI-powered threat report for any IPv4 address. Combines SecureNow's proprietary scoring, AI analysis, bot detection, attack classification, and SecureNow AI IPDB community data into a single response.

Path Parameters

Name	Type	Required	Description
ip	string	REQUIRED	IPv4 address to analyze (e.g. "185.220.101.1")

Response Fields

Field	Type	Description
ip	string	The queried IP address
securenowScore	integer	Composite threat score (0 = clean, 100 = highly malicious)
verdict	string	AI-generated threat verdict (e.g. "Malicious - Automated Scanner", "Clean")
isMalicious	boolean	Whether the IP is classified as malicious
isBot	boolean \| null	Whether traffic is bot/automated (null if unknown)
activityType	string	Type of activity observed (e.g. "Automated Scanning")
attackTypes	string[]	Array of attack categories (Port Scan, Brute Force, etc.)
summary	string	Human-readable AI analysis summary
riskFactors	string[]	List of risk factors contributing to the score
botVsHumanAnalysis	string	Detailed bot vs human classification reasoning
securenowIpdb	object	SecureNow AI IPDB data: confidenceScore, countryCode, isp, domain, totalReports, recentReports
sources	string[]	Data sources used (SecureNow AI IPDB, securenow-internal, securenow-ai)
lastUpdatedAt	string (ISO 8601)	Timestamp of last data refresh

Code Examples

bash

curl -s "https://api.securenow.ai/api/public/ip-intel/185.220.101.1" | jq .

Example Response

json

{
  "ip": "185.220.101.1",
  "securenowScore": 87,
  "verdict": "Malicious - Automated Scanner",
  "isMalicious": true,
  "isBot": true,
  "activityType": "Automated Scanning",
  "attackTypes": ["Port Scan", "Brute Force", "Web Application Attack"],
  "summary": "This IP has been widely reported for automated scanning and brute force attacks...",
  "riskFactors": [
    "High SecureNow AI IPDB confidence score (95%)",
    "Known Tor exit node",
    "Over 500 community abuse reports"
  ],
  "botVsHumanAnalysis": "Traffic patterns are consistent with automated scanning tools...",
  "securenowIpdb": {
    "abuseConfidenceScore": 95,
    "countryCode": "DE",
    "countryName": "Germany",
    "domain": "torproject.org",
    "isp": "Tor Exit Node",
    "usageType": "Hosting/Transit/CDN",
    "totalReports": 543,
    "lastReportedAt": "2026-03-13T10:30:00Z",
    "recentReports": [
      {
        "reportedAt": "2026-03-13T10:30:00Z",
        "categories": [14, 15],
        "comment": "Port scan and SSH brute force attempts"
      }
    ]
  },
  "sources": ["securenow-ipdb", "securenow-internal", "securenow-ai"],
  "lastUpdatedAt": "2026-03-13T12:00:00Z"
}

Get Recent IPs

GEThttps://api.securenow.ai/api/public/ip-intel/recent-ips

Returns a list of recently analyzed IP addresses. Useful for building sitemaps or discovering trending threat IPs. Heavily cached (24 hours) and more strictly rate-limited.

Rate limit: 2 requests per minute. Response is cached for 24 hours.

Example Response

json

{
  "ips": [
    "185.220.101.1",
    "45.33.32.156",
    "103.152.220.44",
    "192.42.116.16"
  ]
}

bash

curl -s "https://api.securenow.ai/api/public/ip-intel/recent-ips" | jq .

Get IP Data (Legacy)

GEThttps://api.securenow.ai/api/public/ip/{ip}

Deprecated: This endpoint returns a flatter, SecureNow AI IPDB-compatible response shape. Use /api/public/ip-intel/{ip} instead for the full AI-powered analysis.

Returns basic IP reputation data in a simplified format compatible with older integrations.

Path Parameters

Name	Type	Required	Description
ip	string	REQUIRED	IPv4 address to look up

Example Response

json

{
  "ip": "185.220.101.1",
  "abuseConfidenceScore": 95,
  "countryCode": "DE",
  "isp": "Tor Exit Node",
  "domain": "torproject.org",
  "totalReports": 543,
  "lastReportedAt": "2026-03-13T10:30:00Z"
}

Authenticated API Reference

These endpoints require a Bearer token. Obtain one through the dashboard or via npx securenow login.

Applications

GEThttps://api.securenow.ai/api/applications

Auth Required

Manage your monitored applications. Create, update, delete applications and retrieve their API keys for integration.

Method	Path	Description
GET	/api/applications	List all applications
POST	/api/applications	Create a new application
GET	/api/applications/:id	Get application by ID
PUT	/api/applications/:id	Update an application
DELETE	/api/applications/:id	Delete an application
POST	/api/applications/bulk	Bulk operations on applications
GET	/api/applications/:id/ips	List IPs hitting this application
POST	/api/applications/:id/detect-tech	Detect application tech stack

Traces

GEThttps://api.securenow.ai/api/traces

Auth Required

Access HTTP request traces collected by the SecureNow SDK. View individual traces, analyze suspicious requests with AI, and investigate incidents.

Method	Path	Description
GET	/api/traces	List traces (supports filtering & pagination)
GET	/api/traces/:traceId	Get a single trace by ID
POST	/api/analyze-trace	Start AI analysis on a trace
GET	/api/analyze-trace/:analysisId	Get analysis results

Analytics

GEThttps://api.securenow.ai/api/analytics

Auth Required

Retrieve aggregated security analytics for your applications. Response codes, error rates, and traffic patterns broken down by status category.

Method	Path	Description
GET	/api/analytics/2xx-responses	Successful responses over time
GET	/api/analytics/3xx-responses	Redirect responses over time
GET	/api/analytics/4xx-responses	Client error responses
GET	/api/analytics/5xx-responses	Server error responses
GET	/api/analytics/500-errors	Detailed 500-level errors

Forensics

POSThttps://api.securenow.ai/api/forensics/query

Auth Required

AI-powered security forensics. Ask questions in natural language and get structured results from your trace data. Supports chat-based investigations and saved query libraries.

Method	Path	Description
POST	/api/forensics/query	Execute a natural language query
GET	/api/forensics/query/status/:jobId	Check query execution status
POST	/api/forensics/chat	Start or continue a chat investigation
GET	/api/forensics/chat/status/:id	Get chat response status
POST	/api/forensics/chat/confirm/:id	Confirm a suggested action
GET	/api/forensics/conversations	List saved conversations
GET	/api/forensics/conversations/:id	Get conversation history
GET	/api/forensics/query-library	List saved query templates
POST	/api/forensics/query-library/execute	Execute a saved query

Example: Natural Language Query

bash

curl -X POST https://api.securenow.ai/api/forensics/query \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"query": "Show me all suspicious IPs from the last 24 hours"}'

Alert Rules & Channels

GEThttps://api.securenow.ai/api/alert-rules

Auth Required

Configure security alert rules, notification channels (Slack, email, webhooks), and review alert history.

Method	Path	Description
GET	/api/alert-rules	List alert rules
POST	/api/alert-rules	Create an alert rule
PUT	/api/alert-rules/:id	Update an alert rule
DELETE	/api/alert-rules/:id	Delete an alert rule
GET	/api/alert-channels	List notification channels
POST	/api/alert-channels	Create a notification channel
GET	/api/alert-history	List alert history
GET	/api/alert-history/:id	Get alert details
GET	/api/notifications	List notifications
POST	/api/notifications/read-all	Mark all notifications read

Blocklist & Allowlist

GEThttps://api.securenow.ai/api/blocklist

Auth Required

Manage IP blocklists and allowlists for your applications. Block known threats automatically or whitelist trusted IPs and services.

Method	Path	Description
GET	/api/blocklist	List blocked IPs
POST	/api/blocklist	Add IP to blocklist
GET	/api/allowlist	List allowed IPs
POST	/api/allowlist	Add IP to allowlist
GET	/api/trusted-ips	List trusted IPs
POST	/api/trusted-ips	Add a trusted IP

Firewall

GEThttps://api.securenow.ai/api/firewall

Auth Required

Real-time firewall integration endpoints. Used by the SecureNow SDK to sync blocklists and allowlists with your application's firewall middleware.

Method	Path	Description
GET	/api/v1/firewall/status	Get firewall status
GET	/api/v1/firewall/check/:ip	Check if an IP is blocked
GET	/api/v1/firewall/blocklist	Get full blocklist
GET	/api/v1/firewall/allowlist	Get full allowlist
GET	/api/v1/firewall/blocklist/version	Get blocklist version (for sync)
GET	/api/v1/firewall/allowlist/version	Get allowlist version (for sync)

SDK Integration

javascript

// Next.js middleware integration
import { SecureNow } from "securenow";

const securenow = new SecureNow({
  apiKey: "snk_live_replace_me",
});

// In your middleware
export async function middleware(request) {
  const ip = request.headers.get("x-forwarded-for");
  const result = await securenow.checkIp(ip);

  if (result.blocked) {
    return new Response("Forbidden", { status: 403 });
  }
}

Need Help?

Join our community, check out the blog, or contact us for enterprise support and custom integrations.

Read the Blog Contact Us npm Package