Stay organized with collections Save and categorize content based on your preferences.

Using the Lookup API


The Lookup API lets your client applications check if a URL is included on any of the Web Risk lists.

Checking URLs

To check if a URL is on a Web Risk list, send an HTTP GET request to the method:

  • The Lookup API supports one URL per request. To check multiple URLs, you need to send a separate request for each URL.
  • You can specify multiple threat types in a single request by repeating the threatTypes field. For example:

  • The URL must be valid (see RFC 2396) but it doesn't need to be canonicalized.

  • If you use the REST API, you must encode GET parameters, like the URI.

  • The HTTP GET response returns the matching threat types, if any, along with the cache expiration.


HTTP method and URL:


To send your request, choose one of these options:


Execute the following command:

curl -X GET \
-H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \


Execute the following command:

$cred = gcloud auth application-default print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
-Method GET `
-Headers $headers `
-Uri "" | Select-Object -Expand Content

You should receive a JSON response similar to the following:

  "threat": {
    "threatTypes": [
    "expireTime": "2019-07-17T15:01:23.045123456Z"

If no results match your request, you will get an empty JSON response of {}. This means that the URL you provided isn't on any threat lists.

Cache durations

The expireTime field indicates the timestamp at which the match should be considered expired. For details, see Caching.

What's next?

Learn about Using the Update API.