Authentication & Setup
Prerequisites
To use the Live Exploit Tracker API, you need an API key. Contact the CrowdSec team to obtain yours if you haven't already.
The same API key works for both the web interface and the REST API.
Base URL
All API endpoints are available at:
https://admin.api.crowdsec.net/v1/
Authentication
Every API request must include your API key in the x-api-key header:
curl -X 'GET' \
'https://admin.api.crowdsec.net/v1/cves?page=1&size=10' \
-H 'accept: application/json' \
-H 'x-api-key: YOUR_API_KEY'
SDKs
CrowdSec provides official SDKs for convenient API access with typed models, authentication handling, and a better developer experience. See the SDKs & Libraries page for installation instructions, examples, and the full list of available SDKs.
Quick start with the Python SDK:
pip install crowdsec_service_api
import os
from crowdsec_service_api import Cves, ApiKeyAuth
auth = ApiKeyAuth(api_key=os.getenv("CROWDSEC_SERVICE_API_KEY"))
cve = Cves(auth=auth).get_cve("CVE-2024-25600")
print(f"{cve.title}: Score {cve.crowdsec_score}, Phase: {cve.exploitation_phase.label}")
Error Handling
The API returns standard HTTP status codes:
| Status Code | Meaning |
|---|---|
200 | Success |
201 | Resource created successfully |
204 | Success with no content (e.g., after deletion) |
401 | Invalid or missing API key |
404 | Resource not found |
422 | Validation error (check request parameters) |
429 | Rate limit exceeded |
Next Steps
- Explore CVEs — List, search, and get detailed intelligence
- Fingerprint Rules — Monitor product-level probing activity
- Integrations & Blocklists — Create firewall integrations and subscribe to CVEs
- Browse by Vendor, Product, or Tag — Explore the coverage landscape
- SDKs & Libraries — Official SDKs for Python and more
- API Reference — Full interactive API documentation
