Overview

Patchstack publishes three tiers of the Threat Intelligence API. Each tier has a narrative Guide and an interactive Reference generated from its OpenAPI spec. All three specs use the same tooling for import, SDK generation, and LLM-assisted client writing — covered once in Using the APIs with your tools below.

WordPress plugin, theme and core lookups for a single product + version. Flat per-item shape, 5,000 requests / 24 hours. Purchase access from the Patchstack App.

• Guide · Reference · OpenAPI · Postman

Everything in Standard, plus bulk lookups (POST /batch, up to 50 products per request), the /latest rolling feed, advisory-by-id detail, and a richer per-item payload (cvss_score, cve, is_exploited, patch_priority, patched_in_ranges…). Custom pricing, activated on request — contact us.

• Guide · Reference · OpenAPI · Postman

A new generation of the API, currently available to selected partners working directly with Patchstack. Adds npm ecosystem coverage, an opt-in full advisory body (?include=details), a consistent nested response shape (product, cvss, cwe, version_info…), and cursor-based pagination alongside offset. If you’re already working with us on an integration and would like access, contact us.

• Guide · Reference · OpenAPI · Postman

New integration? If you have Beta access, use Beta — it’s the direction we’re heading, and Standard/Extended will eventually adopt the same nested shape. Otherwise start with Standard or Extended depending on your data needs.

Existing integration? Standard and Extended remain supported; no migration is required. See API properties for v2 field definitions.

All three tiers ship the same three artefacts — pick whichever URL matches the tier you’re integrating:

Every endpoint, parameter, request body and example is preconfigured. Download the Postman collection and drag it into your tool, or import by URL from inside the tool:

Authentication: in Postman set the collection Authorization to API Key, key PSKey, value {{PSKEY}}, and add PSKEY as a collection variable with your real key as the Current value (leave Initial blank so it doesn’t sync to teammates). Other tools work the same way — set PSKey as a collection header once.

Point your assistant at the spec. LLMs parse OpenAPI cleanly and will generate clients that match the real field names instead of hallucinating.

• Ad hoc: paste the spec URL into your prompt. Example: “Write a Python client for https://docs.patchstack.com/schemas/threat-intel-extended.yaml. I need a batch walker over a package.json-style list.”
• In your repo: download the spec to docs/vendor/patchstack-threat-intel-<tier>.yaml and reference it from your CLAUDE.md / AGENTS.md. Your assistant can then grep the YAML for specific fields without refetching.
• Plain-text fallback: for tools that don’t parse YAML, our llms-full.txt contains the full reference as flat markdown.

Generate a client in any language from the same spec — swap the spec URL for the tier you want:

# TypeScript (Extended tier shown)
npx @openapitools/openapi-generator-cli generate \
  -i https://docs.patchstack.com/schemas/threat-intel-extended.yaml \
  -g typescript-fetch -o ./patchstack-client

# Python
npx @openapitools/openapi-generator-cli generate \
  -i https://docs.patchstack.com/schemas/threat-intel-extended.yaml \
  -g python -o ./patchstack-client-py

Speakeasy and Fern also consume the same spec and produce more idiomatic SDKs if you need a polished client library.

Spec stability: the Beta spec may change without a version bump while the API is in beta. Pin a commit of the YAML in production integrations, or wait for the GA release when we’ll publish versioned URLs. Standard and Extended specs track the stable v2 surface.