API Reference
REST endpoints for submitting abuse reports to MonoVM programmatically.
Base URL
https://abuse.monovm.com/api/v1
All requests go to this host. JSON in, JSON out (UTF-8).
Authentication
Every request must carry a partner token in the X-API-Key header.
X-API-Key: abuse_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Rate limits
- 60 requests/minute per token (sliding window).
- 100 reports per call on the bulk endpoint.
- Trusted partners get higher limits — request via support.
Errors
Errors return a JSON body with an error field and the relevant HTTP status:
| Status | Meaning |
|---|---|
| 400 | Malformed request body. |
| 401 | Missing X-API-Key. |
| 403 | Invalid or blocked token. |
| 422 | Validation failed (see errors map). |
| 429 | Rate limit exceeded. |
Endpoints
Submit a single abuse report. Accepts JSON or ARF (RFC 5965) based on Content-Type.
Request body
| Field | Type | Notes |
|---|---|---|
| abuse_type * | string | One of: spam, phishing, malware, ddos, csam, copyright, fraud, law_enforcement, brute_force, intrusion, botnet, other |
| description * | string | ≤ 10000 chars. What happened. |
| target_ip | string | IPv4 or IPv6. |
| target_domain | string | ≤ 255 chars. |
| target_url | string | Full URL, ≤ 2048 chars. |
| evidence | string | Raw evidence (headers, logs), ≤ 50000 chars. |
| reported_at | string | ISO-8601. Defaults to now. |
| headers | object | Email headers, free-form keys. |
Example request
curl -X POST https://abuse.monovm.com/api/v1/reports \
-H "X-API-Key: $YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"abuse_type": "phishing",
"target_ip": "203.0.113.42",
"target_url": "https://phishing.example/login",
"description": "Credential-harvesting page mimicking ACME bank",
"evidence": "Received: from mail.example ...",
"reported_at": "2026-05-26T21:57:15+00:00"
}'
Example response — 201 Created
{
"id": "01HX9Z…",
"case_number": "ABU-2026-00042",
"message": "Report received. Case: ABU-2026-00042"
}
Submit up to 100 reports in one call. Body is a JSON array of single-report objects.
Example request
curl -X POST https://abuse.monovm.com/api/v1/reports/bulk \
-H "X-API-Key: $YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '[
{ "abuse_type": "spam", "target_ip": "198.51.100.7", "description": "Mailbox flood from this IP" },
{ "abuse_type": "ddos", "target_ip": "198.51.100.8", "description": "SYN flood at 12:04 UTC" }
]'
Example response — 207 Multi-Status
{
"received": 2,
"results": [
{ "id": "01HX…", "case_number": "ABU-2026-00043" },
{ "id": "01HX…", "case_number": "ABU-2026-00044" }
]
}
Look up the status of a case you reported. Reporters can only read their own cases.
Example request
curl https://abuse.monovm.com/api/v1/cases/ABU-2026-00042 \ -H "X-API-Key: $YOUR_TOKEN"
Example response — 200 OK
{
"case_number": "ABU-2026-00042",
"status": "investigating",
"abuse_type": "phishing",
"severity_level": "high",
"first_seen_at": "…",
"last_seen_at": "…",
"report_count": 3
}
Receive provider-specific webhooks. HMAC signature is verified per provider — no X-API-Key needed.
Supported providers: abuseipdb, spamhaus, google_fbl, microsoft_fbl, spamcop, generic_arf.
Ready to start?
Get a token in under a minute. No payment, no waiting list.
Register for an API Token