Röst API
This is the documentation of the Rösti API v2
This API provides access to all Rösti (Repackaged Öpen Source Threat Intelligence) data.
Older Versions
Rösti API version 2 is now the default and recommended way to interact with the platform programmatically. It builds significantly upon v1, offering a more consistent design, improved performance, and access to expanded functionality.
Rösti API v1 will remain available and fully functional at least until the end of 2026, but it is no longer actively supported. We strongly encourage users to migrate to v2 to take full advantage of the improvements, including better query capabilities, extended metadata, and enhanced support for future features.
Authentication
You can get your API key here: https://rosti.bin.re/api.
Currently, the presence and value of theX-Api-Key header are not being checked or validated. However, this will change soon as we implement stricter API key validation to prevent unauthorized access and potential abuse. To ensure uninterrupted access, please start including a valid X-Api-Key header in all your requests now. Once this feature is enforced, any requests without a valid API key will be rejected.
Documentation
The API is described using the OpenAPI 3.1 specification. Use the interactive documentation below:
API ExplorerErrors and Feedback
Note: The specification has been largely edited by hand. While every effort was made to ensure it reflects the actual implementation, some discrepancies may exist. For the most accurate and up-to-date reference, please consult the automatically generated API documentation at
https://api.rosti.bin.re/v2/docs#/.
If you notice any inconsistencies, don’t hesitate to reach out at rosti@bin.re.
Migration Guide
Reports
Search for Reports
Instead of
Use the query directly on the reports endpoint
Get list of IOC sources
Instead of
Call
Get an individual report by id
Instead of
https://rosti.bin.re/api/v1/reports/:reportId
Call
https://api.rosti.bin.re/v2/reports/:reportId
Get list of all reports
Instead of
https://rosti.bin.re/api/v1/reports?after=2025-01-01&source=asec
Call
https://api.rosti.bin.re/v2/reports?after=2025-01-01&source=asec
Do not use fromdate anymore. This worked in v1 as an alternative to after due to being introduced by mistake in the docs. In v2, only after is valid.
The offset based pagination has been replaced with a cursor-based one. Instead of limit and offset, use limit and cursor.
IOCs
Search for IOCs
Instead of
https://rosti.bin.re/api/v1/search/iocs?q=mcrosoft&pattern=1
Call
https://api.rosti.bin.re/v2/iocs?q=mcrosoft&pattern=1
Get list of all IOC categories
Instead of
https://rosti.bin.re/api/v1/categories
Call
https://api.rosti.bin.re/v2/categories
Get list of all IOCTypes
Instead of
https://rosti.bin.re/api/v1/ioctypes
Call
https://api.rosti.bin.re/v2/ioc-types
Get list of all IOCs
Instead of
https://rosti.bin.re/api/v1/iocs?ioctype=domain,ip&category=network_activity
Call
https://api.rosti.bin.re/v2/iocs?type=domain,ip&category=network_activity
The offset based pagination has been replaced with a cursor-based one. Instead of limit and offset, use limit and cursor.
Feeds
Get list of all available feeds
Instead of
https://rosti.bin.re/api/v1/feeds
Call
https://api.rosti.bin.re/v2/feeds
Export
Get report by id in various formats
Instead of
https://rosti.bin.re/api/v1/export/C3ePaYAO?format=csv
Call
https://api.rosti.bin.re/v2/reports/C3ePaYAO/exports/csv
Get list of all export types
Instead of
https://rosti.bin.re/api/v1/exporttypes
Call
https://api.rosti.bin.re/v2/file-types
Changelog
|
Date |
Version |
Changes Made |
|---|---|---|
|
2025-07-30 |
2.0.2 |
Initial Release of the API |
|
2025-07-31 |
2.1.0 |
Clarify the false positive risk and add disclaimer to each response. |