Skip to main content

Base URL

By default, Phisherman listens on port 4000. Set the PORT environment variable to change this. 
http://localhost:4000

Authentication

No authentication is required. All requests are accepted without an API key or token.

Content type

All requests must send Content-Type: application/json. All responses are returned as application/json.

Rate limiting

Requests are rate-limited per client IP address: 100 requests per 15-minute window. If you exceed this limit, the API returns 429 Too Many Requests. See Error codes for the full error shape.
Phisherman uses Express 5 with trust proxy enabled (app.set("trust proxy", 1)). When running behind a load balancer or reverse proxy, ensure the X-Forwarded-For header is set correctly so the API receives the real client IP for rate limiting.

Endpoints

MethodPathDescription
POST/api/checkAnalyze a URL and return a threat verdict

Next step

POST /api/check

Submit a URL for phishing analysis and receive a scored threat verdict.

Build docs developers (and LLMs) love

Get started for freeTalk to us