• Changed max limit for /v1/reports endpoint to 10.

2025-08-11

Added functionality to manage static assets within ASI Projects.

• Bulk Static Asset Management – Added POST/projects/{project_id}/rules/_bulk_static_assets endpoint to add or remove up to 1000 static asset rules in a single request.
• Static Asset Listing – Enhanced GET/projects/{project_id}/rules/static_assets to filter by asset, static_type, membership_type, last_applied_before, and last_applied_after.

New version of Malware Intelligence API released.

• Add query as optional input when creating job, storing it as metadata for the job
• Add editJob endpoint to Auto-Yara

• API documentation moved from api.recordedfuture.com/v2 to api.recordedfuture.com/alert
• Updated URL paths at https://docs.recordedfuture.com to point to new URLs
• All traffic to the old api.recordedfuture.com/v2 Alert endpoints is now redirected to api.recordedfuture.com/alert
• No changes to request or response shapes

2025-06-30

Added Bulk Malware Report alert lookup endpoint to Playbook Alert API.

2025-04-29

Added malware report alert notification endpoint to Playbook Alert API.

New Malware Intelligence API available at https://api.recordedfuture.com/malware-intelligence.

• New field in response on invalid IOCs. More lax validation of IOCs and if any valid ones are present in the request they will be processed. The invalid ones will be returned in a list in the response called dropped.
• Any detections exceeding the default maximum number of detections of 100k burst or ~1 detections/second will also be present in the dropped response.

• New API version available at https://api.recordedfuture.com/soar/v3
• No changes to API request and response formats
• API calls to the existing v2 endpoints at https://api.recordedfuture.com/v2/soar will continue to work exactly as before but will be redirected to https://api.recordedfuture.com/soar/v3
• The old swagger documentation at https://api.recordedfuture.com/v2/soar has be moved to https://api.recordedfuture.com/soar/v3 and have the newer look-and-feel used by other APIs.

The new version is available at https://api.recordedfuture.com/fusion/v3.

Other than improved performance, a set of changes has been introduced that affects how the API is used:

• Removed X-RF-Content-SHA256 and X-RF-Created response headers
  • Replaced by ETag and Last-Modified headers
• Merged flow status endpoints into one endpoint
• Renamed flow response property for flows to id
• Renamed name response property for blocks to id
• Added block lookup endpoint
• Files directory lookup moved to a new separate endpoint
• Added owner response property for flows
• Improved OpenAPI documentation
• All request and response properties use snake_case
  • The query block is an exception due to upstream requirements