Mlab.sh Mlab.sh
v1.9.2
Platform
Free Tools Blog Glossary Ecosystem Pricing Developer API MCP Integration Academy
Cheat Sheets
Regex HTTP Status Codes Network Ports ASCII Table CIDR / Subnets MIME Types HTML Entities
Learn
MD5 vs SHA-256 YARA vs Sigma SIEM vs SOAR Base64 vs Hex
Support
Help Center Partners
Terms · Privacy · Sales
tprm.mlab.sh
Third-party risk management
Pricing · Docs · Changelog
policy.mlab.sh SOON
Security policy management
pra.mlab.sh SOON
Business continuity & recovery
aware.mlab.sh SOON
Phishing simulation & awareness
ir.mlab.sh
Self-hosted incident response
Pricing · Docs · Changelog
siem.mlab.sh SOON
Log correlation & alerting
intel.mlab.sh SOON
Threat intel feeds & IOC enrichment
hunt.mlab.sh SOON
Threat hunting with Sigma & YARA
vuln.mlab.sh
Attack surface & CVE tracking
sandbox.mlab.sh SOON
Malware analysis & sandboxing
watch.mlab.sh SOON
Dark web monitoring
Deception & Endpoint
honey.mlab.sh SOON
Honeypots & canary tokens
edr.mlab.sh SOON
Endpoint detection & response
Sign up
Navigation
Terms Privacy Contact
Help Center · API

API Guide

Integrate mlab into your security workflows with the REST API. Automate lookups, submit files and retrieve results programmatically.

Back to Help Center

Authentication

All API requests require an API key passed in the Authorization header. You can generate your API key from your account settings (Pro plan or above required).

# Include your API key in every request
GET https://mlab.sh/api/v1/search?q=8.8.8.8
Authorization: Bearer YOUR_API_KEY
Your API key is tied to your account and shares your daily scan quotas. Keep it secure and never expose it in client-side code.

Rate limits

API requests count against your plan's daily scan quotas. When you exceed your daily limit, the API returns a 429 Too Many Requests response with a Retry-After header.

Plan Domain scans IP scans File scans
Pro 25 / day 50 / day 20 / day
Team 100 / day 200 / day 80 / day
Enterprise Custom — as you go

Core endpoints

Search an indicator

Look up an IP, domain, hash or URL.

GET /api/v1/search?q={indicator}

# Example: search an IP address
curl -H "Authorization: Bearer YOUR_API_KEY" \
     "https://mlab.sh/api/v1/search?q=185.220.101.47"

Submit a file for analysis

Upload a file (max 10 MB) for scanning and analysis.

POST /api/v1/file/upload
Content-Type: multipart/form-data

# Example: upload a suspicious binary
curl -X POST \
     -H "Authorization: Bearer YOUR_API_KEY" \
     -F "[email protected]" \
     "https://mlab.sh/api/v1/file/upload"

Get scan results

Retrieve the results of a previous scan by its ID.

GET /api/v1/scan/{scan_id}

# Example: retrieve a domain scan result
curl -H "Authorization: Bearer YOUR_API_KEY" \
     "https://mlab.sh/api/v1/scan/abc123def456"

Response format

All API responses are returned as JSON. Successful requests return a 200 status with a data object. Errors return an appropriate HTTP status code with a message field.

// Successful response
{
  "status": "ok",
  "data": { ... }
}

// Error response
{
  "status": "error",
  "message": "Rate limit exceeded",
  "code": 429
}

HTTP status codes

Code Meaning
200 Success — result returned
400 Bad request — invalid parameter or missing required field
401 Unauthorized — missing or invalid API key
403 Forbidden — your plan does not include API access
404 Not found — scan ID does not exist
429 Rate limited — daily quota exceeded, check Retry-After header
500 Server error — please retry or contact support