Reference manual

The F-Secure Radar API is intended for developers who want to integrate F-Secure Radar with third-party applications.
This documentation gives a quick introduction to the F-Secure Radar API and discusses its conventions and best practices.

URI structure

F-Secure Radar API provides access to resources (data entities) via URI paths. By default, the F-Secure Radar API uses JSON as its communication format and standard HTTP methods like GET, PUT, POST, and DELETE, most often in the following way:

Access to most resources via F-Secure Radar API requires user authentication. However there are several API actions that can be performed anonymously.

API channels

F-Secure Radar provides two API channels (they may be regarded as two API versions serving different purposes):

latest channel
Up to date API development. May introduce breaking changes without prior notice. Click here to see the documentation.
integration channel
Designated for developers wanting to integrate F-Secure Radar. Will preserve existing endpoints for the time being if a breaking change is introduced in the 'latest' channel (users will be notified). Click here to see the documentation.

Request headers and parameters

To follow best practices and to ensure that all requests work correctly, apply the following HTTP header to all API requests:

Content-Type: application/json;

The request authentication headers (ApiAccessKey and ApiAccessKey) together with their values are case-sensitive.
The parameter names in the request body are also case-sensitive.


F-Secure Radar API uses API keys for authentication. An API key consists of an access key (for example, PA3IAKNANLM9) and a secret key (for example, UO9mkDEHFGa1Vau6o#1AfxwRmBQW@!qV). To create an API key:

  1. Log in to F-Secure Radar.
  2. Select My profile.
  3. Scroll down to the Configure API Keys section.
  4. Add a new API key and store it safely.
  5. Apply the created API key to the HTTP header of every API request that requires authentication.
  6. Run a simple request to check the authentication:
curl -X GET
-H 'Content-Type: application/json'
-H 'ApiAccessKey: {ApiAccessKey}'
-H 'ApiSecretKey: {ApiSecretKey}'

Note that access and secret keys in the above request must be replaced with real values. Omit the enclosing brackets when you submit requests.

If authentication was successful, you will get a HTTP 'Authenticated' response with status code 200.

The above example, as well as all sample requests described in use cases, are performed on the integration channel of the API, located at If you are using a different channel or instance of F-Secure Radar, replace it with the appropriate server URL.

Use cases

See the F-Secure Radar API help page for example use cases.

Throttle API requests for better throughput

F-Secure Radar throttles API requests to prevent servers from being overwhelmed by too many requests. When request submissions from a particular client exceeds the limit, a 429 HTTP error message (Too Many Requests) is sent to the client. The response contains a 'Retry-After' HTTP header that indicates how long to wait before resubmitting the request.