M
API Matrix

NoPhishy API

Anti-malware / API Key Intermediate HTTPS CORS
Varies by plan (check documentation)
87 Score
Grade A
Visit Official Site Compare Alternatives

Overview

NoPhishy (Exerra Phishing Check) checks URLs against a maintained database of known phishing sites and returns whether the link is flagged as a phishing attempt. It is straightforward to integrate and useful for adding link verification to Discord bots, chat applications, or browser extensions. The CORS support makes it usable directly from front-end JavaScript.

💡

Beginner Tip

Access this API through RapidAPI at rapidapi.com/Amiichu/api/exerra-phishing-check — sign up for RapidAPI (free) to get your key and test directly in the browser before writing any code.

Available Data

NoPhishy data via REST API
JSON-formatted response data
Requires API key authentication

Example Response

JSON Response 
{
  "url": "https://example.com",
  "safe": true,
  "threat_level": "none",
  "categories": [
    "clean"
  ],
  "scan_date": "2025-01-15T10:00:00Z"
}

Field Reference

url The URL that was checked against the phishing database
isPhishing True if the URL is a known phishing site, false or null if not found in the database
reportedAt ISO 8601 timestamp when this URL was first reported as phishing

Implementation Example 

const url = "https://rapidapi.com/Amiichu/api/exerra-phishing-check/";
// Replace headers or query params with the values required by this API.
const response = await fetch(url, {
  headers: {
  "X-API-Key": "YOUR_API_KEY"
  }
});
if (!response.ok) throw new Error(`Request failed: ${response.status}`);
const data = await response.json();
console.log(data);

What Can You Build?

Note: These code examples are AI-generated and unverified. Always refer to the official API documentation for accurate usage.

Common Errors & Troubleshooting

403 Forbidden RapidAPI key is missing or invalid
Include x-rapidapi-key and x-rapidapi-host headers in every request; copy them from the RapidAPI endpoint page
"isPhishing": null The URL was not found in the phishing database
A null or false result means the URL is not in the known-phishing list — the database is not exhaustive, so use additional checks for high-risk scenarios
400 Bad Request The url query parameter is missing or the value is not a valid URL
Always include the full URL with protocol, e.g. https://example.com, not just the domain

Matrix Score Breakdown

🌐 Reachability 30/30
⚡ Speed 15/20
🔒 Security 15/15
🛠 Developer XP 17/20
✓ Reliability 10/15

Partially tested on Apr 5, 2026

Technical Specifications

Auth API Key
HTTPS REQUIRED
CORS YES
Category Anti-malware
Difficulty Intermediate
Verified: 2026-04-04

Similar APIs

View All →

AbuseIPDB

77

AbuseIPDB lets you check whether an IP address has been reported for malicious activity like spam, hacking, or DDoS attacks.

API Key Intermediate HTTPS

AlienVault Open Threat Exchange (OTX)

0

AlienVault Open Threat Exchange (OTX) provides programmatic access to ip/domain/url reputation via REST API.

API Key Intermediate HTTPS

CAPEsandbox

77

CAPEsandbox is an open-source malware analysis platform that executes suspicious files in an isolated environment and reports on their behavior.

API Key Intermediate HTTPS

Google Safe Browsing

77

Google Safe Browsing lets you check any URL against Google's constantly updated lists of phishing sites, malware distributors, and unwanted software.

API Key Intermediate HTTPS

MalDatabase

0

MalDatabase provides programmatic access to provide malware datasets and threat intelligence feeds via REST API.

API Key Intermediate HTTPS