Gets the full hashes that match the requested hash prefix. This is used after a hash prefix is looked up in a threatList and there is a match. The client side threatList only holds partial hashes so the client must query this method to determine if there is a full hash match of a threat.
HTTP request
GET https://webrisk.googleapis.com/v1beta1/hashes:search
The URL uses gRPC Transcoding syntax.
Query parameters
Parameters | |
---|---|
hashPrefix |
A hash prefix, consisting of the most significant 4-32 bytes of a SHA256 hash. For JSON requests, this field is base64-encoded. A base64-encoded string. |
threatTypes[] |
Required. The ThreatLists to search in. Multiple ThreatLists may be specified. |
Request body
The request body must be empty.
Response body
If successful, the response body contains data with the following structure:
JSON representation |
---|
{
"threats": [
{
object ( |
Fields | |
---|---|
threats[] |
The full hashes that matched the requested prefixes. The hash will be populated in the key. |
negativeExpireTime |
For requested entities that did not match the threat list, how long to cache the response until. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
Authorization Scopes
Requires the following OAuth scope:
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
ThreatHash
Contains threat information on a matching hash.
JSON representation |
---|
{
"threatTypes": [
enum ( |
Fields | |
---|---|
threatTypes[] |
The ThreatList this threat belongs to. This must contain at least one entry. |
hash |
A 32 byte SHA256 hash. This field is in binary format. For JSON requests, hashes are base64-encoded. A base64-encoded string. |
expireTime |
The cache lifetime for the returned match. Clients must not cache this response past this timestamp to avoid false positives. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |