OrbGuard Labs API Overview
Advanced threat intelligence and device security API for spyware detection, scam prevention, and enterprise security.
OrbGuard Labs API
Advanced threat intelligence and device security platform. Detect Pegasus spyware, prevent scams with AI, monitor the dark web, audit app permissions, analyze network threats, and integrate with enterprise SIEM and MDM systems -- all through a unified API.
Base URL
| Protocol | Base URL | Description |
|---|---|---|
| REST | https://guard.orbai.world | All REST API endpoints |
| gRPC | grpc://guard.orbai.world:50053 | gRPC threat intelligence services |
| WebSocket | wss://guard.orbai.world/ws/threats | Real-time threat alert stream |
Authentication
OrbGuard Labs supports two authentication methods. Use API Key for server-to-server integrations or JWT Bearer for user-facing applications.
API Key authentication:
X-API-Key: your_api_key_hereJWT Bearer authentication:
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...Obtaining an API Key
API keys are provisioned through the OrbVPN dashboard under Settings > API Keys > OrbGuard Labs. Enterprise customers receive dedicated API keys with higher rate limits and priority processing. JWT tokens from OrbNET authentication are also accepted.
Security Modules
OrbGuard Labs provides over 20 specialized security modules, each targeting a different threat vector.
Threat Intelligence
IoC database with millions of indicators. Check IPs, domains, hashes, and URLs against known threat feeds in real time.
Forensic Analysis
Pegasus and mercenary spyware detection. Analyze iOS shutdown logs, Android logcat dumps, and device artifacts for compromise indicators.
SMS Protection
Smishing and SMS fraud detection. Analyze incoming messages for phishing URLs, social engineering patterns, and known scam templates.
URL Protection
Real-time URL and phishing detection. Scan links for malicious redirects, credential harvesting, drive-by downloads, and domain impersonation.
Dark Web Monitoring
Monitor the dark web for compromised credentials. Email breach detection, password exposure alerts, and digital asset monitoring.
App Security Audit
Analyze mobile apps for privacy violations, excessive permissions, hidden trackers, data exfiltration, and known vulnerabilities.
Network Security
Wi-Fi security scanning, DNS hijacking detection, ARP spoofing alerts, rogue AP detection, and man-in-the-middle analysis.
AI Scam Detection
AI-powered analysis of text, URLs, images, voice calls, and phone numbers. Detects social engineering, deepfakes, and fraud patterns.
Device Security
Anti-theft features: locate, lock, and remote wipe. Vulnerability auditing, jailbreak detection, and device integrity verification.
Privacy Protection
Privacy audit suite. Tracker blocking, data broker removal requests, permission analysis, and privacy score calculation.
YARA Rules Engine
Custom YARA rule management. Upload, test, and deploy YARA rules for file and memory scanning across monitored devices.
QR Code Security
Quishing detection. Scan QR codes for malicious URLs, credential phishing, malware distribution, and cryptocurrency scam wallets.
Desktop Security
Desktop endpoint protection. Process monitoring, file integrity checking, browser extension audit, and startup item analysis.
Digital Footprint
Monitor your digital footprint across the internet. Data exposure tracking, social media account discovery, and public information audit.
Threat Correlation
Cross-module threat correlation engine. Connects indicators across modules to identify coordinated attack campaigns and advanced persistent threats.
MITRE ATT&CK Mapping
Map detected threats to the MITRE ATT&CK framework. Tactic and technique identification, kill chain visualization, and coverage analysis.
Machine Learning Models
ML model management for threat detection. Model versioning, inference endpoints, training data feedback, and accuracy metrics.
Threat Graph
Neo4j-powered threat graph. Visualize relationships between IoCs, threat actors, campaigns, malware families, and attack infrastructure.
Enterprise
MDM integration, SIEM log forwarding, Zero Trust policy engine, compliance reporting (SOC2, GDPR, HIPAA), and fleet management.
OrbNET Integration
Direct integration with OrbNET VPN services. Threat-aware routing, malicious domain blocking, and real-time connection protection.
gRPC Services
9 high-performance gRPC RPCs for bulk indicator checking, streaming threat feeds, and low-latency forensic analysis.
Unique Capabilities
What sets OrbGuard Labs apart from standard threat intelligence APIs.
Pegasus / Spyware Forensics
Detect NSO Group's Pegasus and other mercenary spyware on iOS and Android devices. Analyze iOS shutdown logs (sysdiagnose), Android logcat dumps, and device artifacts for known compromise indicators used by nation-state surveillance tools.
AI-Powered Scam Detection
Multi-modal AI engine that analyzes text messages, URLs, images, voice recordings, and phone numbers for scam patterns. Detects social engineering, impersonation, deepfake audio, investment fraud, romance scams, and phishing attempts with high accuracy.
Dark Web Monitoring
Continuous monitoring of dark web marketplaces, paste sites, and breach databases. Real-time alerts when your email, passwords, credit cards, or digital assets appear in new data breaches or are listed for sale on underground forums.
MITRE ATT&CK Mapping
Automatically map all detected threats to MITRE ATT&CK tactics and techniques. Visualize attack kill chains, identify coverage gaps in your security posture, and generate compliance-ready reports aligned to industry frameworks.
Threat Graph Visualization
Neo4j-powered graph database connecting indicators of compromise, threat actors, malware families, campaigns, and attack infrastructure. Query complex relationships and discover hidden connections between seemingly unrelated threats.
Enterprise MDM/SIEM Integration
Deep integration with enterprise security infrastructure. Forward threat alerts to Splunk, Elastic, and QRadar SIEM systems. Manage device fleet security through MDM integration. Enforce Zero Trust policies with real-time threat-aware access control.
Quick Start
Check a threat indicator and analyze a suspicious URL in seconds.
/api/v1/intelligence/checkCheck an indicator (IP, domain, hash, or URL) against the threat intelligence database
# Check if a domain is malicious
curl -X POST https://guard.orbai.world/api/v1/intelligence/check \
-H "X-API-Key: your_api_key" \
-H "Content-Type: application/json" \
-d '{
"type": "domain",
"value": "suspicious-site.example.com"
}'{
"success": true,
"data": {
"indicator": "suspicious-site.example.com",
"type": "domain",
"threatLevel": "high",
"score": 87,
"categories": ["phishing", "credential-harvesting"],
"firstSeen": "2025-11-20T08:30:00Z",
"lastSeen": "2026-02-07T14:22:00Z",
"sources": ["orbguard-crawlers", "community-feed", "partner-intel"],
"mitre": {
"tactics": ["initial-access"],
"techniques": ["T1566.002"]
},
"recommendation": "block"
}
}Key Endpoints
Query the IoC database for IPs, domains, hashes, and URLs
Upload device logs for Pegasus and mercenary spyware analysis
AI-powered scam detection for text, URLs, images, and voice
Check if an email or password appears in known data breaches
Real-time URL scanning for phishing, malware, and redirects
Analyze SMS messages for smishing and fraud patterns
Scan Wi-Fi networks for rogue APs, ARP spoofing, and DNS hijacking
Vulnerability audit, jailbreak detection, and anti-theft controls
Analyze mobile apps for trackers, permissions abuse, and vulnerabilities
Forward threat alerts to Splunk, Elastic, QRadar, and other SIEM systems
Integration with OrbVPN
OrbGuard Labs integrates directly with the OrbVPN platform to provide real-time protection during VPN sessions.
Threat-Aware DNS
When connected to OrbVPN, all DNS queries are checked against OrbGuard's threat intelligence in real time. Malicious domains are blocked before they resolve.
Connection Protection
OrbGuard monitors active VPN connections for suspicious traffic patterns, command-and-control beacons, and data exfiltration attempts.
Scam Alerts
SMS, URL, and QR code scanning runs continuously on-device when enabled, with threat data enriched by OrbGuard's cloud intelligence.
Enterprise Fleet Protection
Organizations can deploy OrbGuard across all employee devices via MDM, with centralized threat monitoring and SIEM integration.
Free Tier Available
OrbGuard Labs offers a free tier with 100 API calls per day for threat intelligence checks and URL scanning. Enterprise plans include unlimited calls, priority processing, dedicated support, and SIEM integration. See pricing for details.
Secure Your Users with OrbGuard Labs
Access 94+ REST endpoints and 20+ security modules for comprehensive threat intelligence, spyware forensics, scam detection, and enterprise security.