RST Cloud API - Python Client



rstapi-python is a Python 3 library designed to interact with various RST Cloud APIs, such as:

  • RST Threat Feed
  • RST Report Hub
  • RST Noise Control
  • RST IoC Lookup
  • RST Whois API



To install the library using pip, run:

pip install rstapi 

The package details are here:


Refer to the GitHub Repository for comprehensive details and example usage. Example code can be found in the file.

Additionally, consult the RST Cloud API Documentation for more information.

API Token

An API token is required to access RST Cloud APIs. You can obtain an API token by:

Environment Variable Setup

The recommended approach is to set the RST_API_KEY as an environment variable. This avoids hardcoding the API key in your code:

import rstapi
c = rstapi.ioclookup()
response = c.GetIndicator("")

Explicit Token Usage

Alternatively, you can explicitly pass the API token when creating the API client:

import rstapi
c = rstapi.ioclookup(APIKEY="YOUR_API_KEY")
response = c.GetIndicator("")


1. Import Statements

# common imports
import os
from datetime import date, timedelta
from pprint import pprint
# required imports
from rstapi import ioclookup, noisecontrol, reporthub, threatfeed, whoisapi

2. Replace the Placeholder API Key


3. RST Threat Feed

print("\n--- RST Threat Feed ---\n")
# Initialize client
rst_threatfeed = threatfeed(APIKEY=USER_APIKEY)
# Fetch threat feed data
file = rst_threatfeed.GetFeed(ioctype="hash", filetype="csv")
if "status" in file and file["status"] == "ok":

4. RST IoC Lookup

print("\n--- RST IoC Lookup ---\n")
# Initialize client
rst_ioclookup = ioclookup(APIKEY=USER_APIKEY)
# Get an indicator
# Submit an indicator
pprint(rst_ioclookup.SubmitIndicator("", "detected by sandbox"))
# Submit a false positive
pprint(rst_ioclookup.SubmitFalsePositive("", "cdn address"))

5. RST Noise Control

print("\n--- RST Noise Control ---\n")
# Initialize client
rst_noisecontrol = noisecontrol(APIKEY=USER_APIKEY)
# Lookup a value
# Batch lookup
data = "\\"
ioc_type = "domain"
token = rst_noisecontrol.BatchLookup(ioctype=ioc_type, data=data)
# Get batch result
result = rst_noisecontrol.BatchResult(ioctype=ioc_type, token=token)

6. RST Report Hub

print("\n--- RST Report Hub ---\n")
# Initialize client
rst_reporthub = reporthub(APIKEY=USER_APIKEY)
# Fetch reports
startDate = ( - timedelta(days=1)).strftime("%Y%m%d")
report_digest = rst_reporthub.GetReports(startDate)
if len(report_digest) > 0:
    # Get report PDF
    report_pdf = rst_reporthub.GetReportPDF(reportid=report_digest[0]["id"])
    # Get report JSON
    report_json = rst_reporthub.GetReportJSON(reportid=report_digest[0]["id"])
    # Get report STIX
    report_stix = rst_reporthub.GetReportSTIX(reportid=report_digest[0]["id"])

7. RST Whois API

print("\n--- RST Whois API ---\n")
# Initialize client
rst_whois = whoisapi(APIKEY=USER_APIKEY)
# Get domain info
pprint(rst_whois.GetDomainInfo(domain="", raw=False))
pprint(rst_whois.GetDomainInfo(domain="", raw=True))