6.1 V4 Migration guide

The following table shows the difference in headers between the API versions for the file upload:

Header

Used for

V2

V3

V4

Authentication header

(see 2. API Authentication Mechanisms for details)

General

apikey

Authorization

apikey

Filename header

File upload

filename

x-filename

filename

Scan workflow selection

File upload

user_agent

x-rule

rule

Archive password

File upload

archivepwd

x-archive-password

archivepwd

Private scanning

File upload

samplesharing

x-sample-sharing

samplesharing

Scan URL

File upload

downloadfrom

x-download-from

downloadfrom

Bulk hash scan details

Bulk hash lookup

include_scan_details

x-include_scan_details

includescandetails

Include additional hash details

Hash lookup

file_metadata

x-file-metadata

-

Hash lookup changes

The hash lookup endpoint would return additional information like PEInfo and EXIF when the "file_metadata" header was passed. In V4 this header was deprecated in favor of the "additional_info" key in the JSON body response which specifies exactly what additional info the file API can return. To see more information about this header go to 3.1 Retrieving scan reports using a data hash.

File scan changes

The rule header used to be a fixed string which specifies what operation to perform on the file. Now the rule header can accept multiple values, separated by commas:

Header

Operation Performed

not sent

Multiscan (default, always performed)

sanitize

Perform data sanitization

unarchive

Multiscanning and unarchiving of the file

The headers can be sent in any combination separated by commas. This allows for future operations to be added in a seamless way, and for clients to easily control operations performed on the file.

Also, the file upload will now return an error if the content type is not one of the supported formats. See 2.1 Scanning a file by file upload for details.

Sanitization change

The old endpoint for downloading the sanitized version of the file: /v4/file/:fileId/sanitizedLink

The new endpoint for downloading the sanitized version of the file starting with v4: /v4/file/converted/:data_id

This was changed to match the MetaDefender API url.

IP scanning changes

The response format of IP scanning has changed:

Old format

New format

{
"address": "1.1.1.1",
"start_time": "2019-03-11T09:50:58.645Z",
"detected_by": 0,
"scan_results": [
{
"source": "reputation.alienvault.com",
"results": [
{
"alternativeid": "",
"assessment": "",
"confident": "",
"detecttime": "",
"updatetime": "2019-03-11T09:50:58.707Z",
"result": "unknown"
}
]
},
{
"source": "danger.rulez.sk",
"results": [
{
"alternativeid": "",
"assessment": "",
"confident": "",
"detecttime": "",
"updatetime": "2019-03-11T09:50:58.707Z",
"result": "unknown"
}
]
},
{
"source": "feodotracker.abuse.ch",
"results": [
{
"alternativeid": "",
"assessment": "",
"confident": "",
"detecttime": "",
"updatetime": "2019-03-11T09:50:58.707Z",
"result": "unknown"
}
]
},
{
"source": "malc0de.com",
"results": [
{
"alternativeid": "",
"assessment": "",
"confident": "",
"detecttime": "",
"updatetime": "2019-03-11T09:50:58.707Z",
"result": "unknown"
}
]
},
{
"source": "malwaredomainlist.com",
"results": [
{
"alternativeid": "",
"assessment": "",
"confident": "",
"detecttime": "",
"updatetime": "2019-03-11T09:50:58.707Z",
"result": "unknown"
}
]
},
{
"source": "phishtank.com",
"results": [
{
"alternativeid": "",
"assessment": "",
"confident": "",
"detecttime": "",
"updatetime": "2019-03-11T09:50:58.707Z",
"result": "unknown"
}
]
},
{
"source": "spamhaus.org",
"results": [
{
"alternativeid": "",
"assessment": "",
"confident": "",
"detecttime": "",
"updatetime": "2019-03-11T09:50:58.707Z",
"result": "unknown"
}
]
},
{
"source": "zeustracker.abuse.ch",
"results": [
{
"alternativeid": "",
"assessment": "",
"confident": "",
"detecttime": "",
"updatetime": "2019-03-11T09:50:58.707Z",
"result": "unknown"
}
]
}
],
"geo_info": {
"ip": "1.1.1.1",
"country_name": "Australia",
"country_code": "AU",
"region_name": "",
"region_code": "",
"city": "",
"latitude": -27,
"longitude": 133
}
}
{
"address": "101.200.81.187",
"lookup_results": {
"start_time": "2019-03-11T09:30:37.094Z",
"detected_by": 1,
"sources": [
{
"provider": "zeustracker.abuse.ch",
"assessment": "botnet, zeus",
"detect_time": "2019-03-08T09:33:58.303966Z",
"update_time": "2019-03-08T09:33:58.560775",
"status": 3
},
{
"provider": "reputation.alienvault.com",
"assessment": "",
"detect_time": "",
"update_time": "2019-03-11T09:30:37.146Z",
"status": 0
},
{
"provider": "danger.rulez.sk",
"assessment": "",
"detect_time": "",
"update_time": "2019-03-11T09:30:37.146Z",
"status": 0
},
{
"provider": "feodotracker.abuse.ch",
"assessment": "",
"detect_time": "",
"update_time": "2019-03-11T09:30:37.146Z",
"status": 0
},
{
"provider": "malc0de.com",
"assessment": "",
"detect_time": "",
"update_time": "2019-03-11T09:30:37.146Z",
"status": 0
},
{
"provider": "malwaredomainlist.com",
"assessment": "",
"detect_time": "",
"update_time": "2019-03-11T09:30:37.146Z",
"status": 0
},
{
"provider": "phishtank.com",
"assessment": "",
"detect_time": "",
"update_time": "2019-03-11T09:30:37.146Z",
"status": 0
},
{
"provider": "spamhaus.org",
"assessment": "",
"detect_time": "",
"update_time": "2019-03-11T09:30:37.146Z",
"status": 0
}
]
},
"geo_info": {
"continent": {
"code": "AS",
"name": "Asia"
},
"country": {
"code": "CN",
"name": "China"
},
"city": {
"code": "",
"name": "Hangzhou"
},
"location": {
"latitude": 30.2936,
"longitude": 120.1614
},
"registered_country": {
"code": "CN",
"name": "China"
},
"subdivisions": [
{
"code": "33",
"name": "Zhejiang Sheng"
}
]
}
}

The "confidence" field has been removed.

Other changes:

V3 response included a "success" key in the JSON, and the rest of the response was in the "data" key. Now both of these keys have been removed and the response contains the content from the "data" key.