M
API Matrix

Google Safe Browsing API

Anti-malware / API Key Intermediate HTTPS
Varies by plan (check documentation)
77 Score
Grade B
Visit Official Site Compare Alternatives

Overview

Google Safe Browsing lets you check any URL against Google's constantly updated lists of phishing sites, malware distributors, and unwanted software. It is the same technology that powers Chrome's built-in warnings. Beginners can use it to validate user-submitted links before displaying or visiting them in an application.

💡

Beginner Tip

Enable the API in Google Cloud Console and use the threatMatches:find endpoint with a POST body — a GET request will not work. The free quota is 10,000 lookups per day.

Available Data

Use case: Integrate google link/domain flagging data into web and mobile applications
Google Safe Browsing data via REST API
JSON-formatted response data
Requires API key authentication

Example Response

JSON Response 
{
  "status": "success",
  "data": {
    "result": "Data from Google Safe Browsing",
    "description": "Google Link/Domain Flagging",
    "timestamp": "2025-01-15T10:00:00Z"
  }
}

Field Reference

matches List of threat matches found; empty array or absent field means the URL is safe
matches[].threatType Type of threat detected, e.g. MALWARE or SOCIAL_ENGINEERING
matches[].platformType Platform the threat targets, such as WINDOWS or ANY_PLATFORM
matches[].threat.url The URL that matched a threat list entry
matches[].cacheDuration How long to cache this result before re-checking, in seconds with an s suffix

Implementation Example 

const url = "https://developers.google.com/safe-browsing/";
// Replace headers or query params with the values required by this API.
const response = await fetch(url, {
  headers: {
  "X-API-Key": "YOUR_API_KEY"
  }
});
if (!response.ok) throw new Error(`Request failed: ${response.status}`);
const data = await response.json();
console.log(data);

What Can You Build?

Note: These code examples are AI-generated and unverified. Always refer to the official API documentation for accurate usage.

Common Errors & Troubleshooting

400 Bad Request The request body JSON is malformed or a required field like clientId is missing
Ensure your POST body includes client.clientId, client.clientVersion, and at least one entry in threatEntries
403 Forbidden The API key is invalid or the Safe Browsing API is not enabled for your project
Go to Google Cloud Console, enable the Safe Browsing API, and verify the key has no IP/referrer restrictions blocking your request
Empty response body The URL is not found in any threat list, which is returned as an empty JSON object
An empty {} response means the URL is safe — this is expected behavior, not an error

Matrix Score Breakdown

🌐 Reachability 30/30
⚡ Speed 10/20
🔒 Security 15/15
🛠 Developer XP 12/20
✓ Reliability 10/15

Partially tested on Apr 5, 2026

Technical Specifications

Auth API Key
HTTPS REQUIRED
CORS UNKNOWN
Category Anti-malware
Difficulty Intermediate
Verified: 2026-04-04

Recipes Using Google Safe Browsing

Build something with this API. Each recipe includes step-by-step instructions and code outlines.

Advanced 5-7 hours

Build a URL Security Scanner

3 APIs

Similar APIs

View All →

AbuseIPDB

77

AbuseIPDB lets you check whether an IP address has been reported for malicious activity like spam, hacking, or DDoS attacks.

API Key Intermediate HTTPS

AlienVault Open Threat Exchange (OTX)

0

AlienVault Open Threat Exchange (OTX) provides programmatic access to ip/domain/url reputation via REST API.

API Key Intermediate HTTPS

CAPEsandbox

77

CAPEsandbox is an open-source malware analysis platform that executes suspicious files in an isolated environment and reports on their behavior.

API Key Intermediate HTTPS

MalDatabase

0

MalDatabase provides programmatic access to provide malware datasets and threat intelligence feeds via REST API.

API Key Intermediate HTTPS

MalShare

69

MalShare is a free community-driven repository of malware samples that security researchers upload and share for analysis.

API Key Intermediate HTTPS