Skip to content

Overview

Patchstack publishes three tiers of the Threat Intelligence API. Each tier has a narrative Guide and an interactive Reference generated from its OpenAPI spec. All three specs use the same tooling for import, SDK generation, and LLM-assisted client writing — covered once in Using the APIs with your tools below.

WordPress plugin, theme and core lookups for a single product + version. Flat per-item shape, 5,000 requests / 24 hours. Purchase access from the Patchstack App.

Everything in Standard, plus bulk lookups (POST /batch, up to 50 products per request), the /latest rolling feed, advisory-by-id detail, and a richer per-item payload (cvss_score, cve, is_exploited, patch_priority, patched_in_ranges…). Custom pricing, activated on request — contact us.

A new generation of the API, currently available to selected partners working directly with Patchstack. Adds npm ecosystem coverage, an opt-in full advisory body (?include=details), a consistent nested response shape (product, cvss, cwe, version_info…), and cursor-based pagination alongside offset. If you’re already working with us on an integration and would like access, contact us.


New integration? If you have Beta access, use Beta — it’s the direction we’re heading, and Standard/Extended will eventually adopt the same nested shape. Otherwise start with Standard or Extended depending on your data needs.

Existing integration? Standard and Extended remain supported; no migration is required. See API properties for v2 field definitions.


All three tiers ship the same three artefacts — pick whichever URL matches the tier you’re integrating:

TierOpenAPI specPostman collection
Standardthreat-intel-standard.yamlthreat-intel-standard.postman_collection.json
Extendedthreat-intel-extended.yamlthreat-intel-extended.postman_collection.json
Betathreat-intel-beta.yamlthreat-intel-beta.postman_collection.json

Every endpoint, parameter, request body and example is preconfigured. Download the Postman collection and drag it into your tool, or import by URL from inside the tool:

ToolHow to import
PostmanFile → Import → Link and paste the collection URL.
InsomniaCreate → Import From → URL → paste the OpenAPI URL.
BrunoCollection → Import → OpenAPI V3 Spec → paste the OpenAPI URL.
HoppscotchCollections → Import/Export → OpenAPI → paste the OpenAPI URL.

Authentication: in Postman set the collection Authorization to API Key, key PSKey, value {{PSKEY}}, and add PSKEY as a collection variable with your real key as the Current value (leave Initial blank so it doesn’t sync to teammates). Other tools work the same way — set PSKey as a collection header once.

Claude Code and other LLM coding assistants

Section titled “Claude Code and other LLM coding assistants”

Point your assistant at the spec. LLMs parse OpenAPI cleanly and will generate clients that match the real field names instead of hallucinating.

  • Ad hoc: paste the spec URL into your prompt. Example: “Write a Python client for https://docs.patchstack.com/schemas/threat-intel-extended.yaml. I need a batch walker over a package.json-style list.”
  • In your repo: download the spec to docs/vendor/patchstack-threat-intel-<tier>.yaml and reference it from your CLAUDE.md / AGENTS.md. Your assistant can then grep the YAML for specific fields without refetching.
  • Plain-text fallback: for tools that don’t parse YAML, our llms-full.txt contains the full reference as flat markdown.

Generate a client in any language from the same spec — swap the spec URL for the tier you want:

Terminal window
# TypeScript (Extended tier shown)
npx @openapitools/openapi-generator-cli generate \
-i https://docs.patchstack.com/schemas/threat-intel-extended.yaml \
-g typescript-fetch -o ./patchstack-client
# Python
npx @openapitools/openapi-generator-cli generate \
-i https://docs.patchstack.com/schemas/threat-intel-extended.yaml \
-g python -o ./patchstack-client-py

Speakeasy and Fern also consume the same spec and produce more idiomatic SDKs if you need a polished client library.

Spec stability: the Beta spec may change without a version bump while the API is in beta. Pin a commit of the YAML in production integrations, or wait for the GA release when we’ll publish versioned URLs. Standard and Extended specs track the stable v2 surface.