Authentication overview

GreyNoise provides threat intelligence data that helps identify and filter benign internet noise, categorize opportunistic attacks, and prioritize actual threats for security operations teams. Access to the GreyNoise API requires authentication to ensure that only authorized users and applications can retrieve data. The primary method for authenticating requests to the GreyNoise API is through the use of API keys. These keys are unique, alphanumeric strings that act as a secret credential, linking your API requests to your GreyNoise account and its associated access permissions and rate limits.

When making a request to the GreyNoise API, your API key must be included in the HTTP header of the request. This mechanism allows the GreyNoise servers to verify your identity and authorize the call before returning any data. Different GreyNoise plans, including the Community, Professional, and Enterprise tiers, provide varying levels of API access and rate limits, all controlled via the API key associated with your account. For detailed information on API functionality and endpoints, refer to the official GreyNoise API reference.

Supported authentication methods

GreyNoise exclusively supports API key authentication for accessing its public API. This method is widely adopted for its simplicity and effectiveness in securing programmatic access to web services. An API key serves as both an identifier and a secret token.

Method When to Use Security Level
API Key (X-GreyNoise-API-Key header) All programmatic access to GreyNoise API endpoints. Suitable for server-side applications, scripts, and integrations. Standard. Requires secure storage and transmission. Vulnerable if exposed.

API keys are typically generated through the GreyNoise user portal and should be treated as sensitive credentials, similar to passwords. They grant specific permissions depending on the GreyNoise plan (e.g., Community, Professional, Enterprise) and the scope defined for the key within your account. The GreyNoise documentation provides guidance on managing these keys.

Getting your credentials

To obtain your GreyNoise API key, you will typically follow these steps, starting from your GreyNoise account:

  1. Sign Up or Log In: Navigate to the GreyNoise website and either sign up for a new account (starting with the free Community tier) or log in to an existing one.
  2. Access Account Settings: Once logged in, locate your account settings or profile management section. This is often found by clicking on your username or avatar in the top right corner of the dashboard.
  3. Navigate to API Settings: Within your account settings, look for a section specifically labeled "API Keys," "API Access," or "Developers."
  4. Generate New Key: If you do not have an existing API key, there will typically be an option to "Generate New API Key" or "Create Key." Follow the prompts.
  5. Copy Your Key: After generation, your API key will be displayed. This is usually the only time it will be fully visible. Copy it immediately and store it securely. You cannot retrieve a lost key; you will need to generate a new one.

For users of the GreyNoise Community plan, an API key is provided that allows access to a limited subset of data and API functionality. Paid plans (Professional and Enterprise) offer expanded access and higher rate limits, which are reflected in the capabilities tied to their respective API keys. For a direct path to credential management, consult the GreyNoise API keys documentation.

Authenticated request example

Once you have obtained your GreyNoise API key, you can use it to authenticate your API requests. The key must be passed in the HTTP header named X-GreyNoise-API-Key. Here are examples using cURL and Python, two common methods for interacting with RESTful APIs.

cURL Example

To query an IP address using cURL, you would structure your request as follows. Replace YOUR_API_KEY with your actual key and 1.1.1.1 with the IP address you wish to query.

curl -X GET \
  -H "X-GreyNoise-API-Key: YOUR_API_KEY" \
  "https://api.greynoise.io/v3/community/1.1.1.1"

This example demonstrates a request to the Community API endpoint for a specific IP. Other endpoints, such as the GreyNoise Query Language (GNQL) API, would follow a similar header structure.

Python Example

Using Python, you can leverage the requests library or the official GreyNoise Python SDK for a more integrated experience.

Using requests library:

import requests

api_key = "YOUR_API_KEY"
headers = {"X-GreyNoise-API-Key": api_key}
ip_address = "1.1.1.1"

response = requests.get(f"https://api.greynoise.io/v3/community/{ip_address}", headers=headers)

if response.status_code == 200:
    print(response.json())
else:
    print(f"Error: {response.status_code} - {response.text}")

Using GreyNoise Python SDK:

The GreyNoise Python SDK simplifies API interactions. First, install it: pip install greynoise.

from greynoise import GreyNoise

api_key = "YOUR_API_KEY"
gn = GreyNoise(api_key=api_key)

ip_address = "1.1.1.1"

# Query an IP using the community endpoint
resp = gn.community(ip_address)
print(resp)

# Or use the enterprise context endpoint if using an enterprise key
# resp = gn.ip(ip_address)
# print(resp)

The SDK automatically handles placing the API key in the correct header, abstracting away the low-level HTTP details. This is generally the recommended approach for developers integrating GreyNoise into Python applications, as highlighted in the GreyNoise Python SDK guide.

Security best practices

Securing your GreyNoise API keys is crucial to prevent unauthorized access to your account and data. Adhering to robust security practices helps protect your integrations.

  • Treat API Keys as Passwords: API keys grant access to your GreyNoise account and data. Treat them with the same level of confidentiality as you would your passwords. Never hardcode them directly into publicly accessible repositories or client-side code.

  • Use Environment Variables: For server-side applications and scripts, store your API key as an environment variable. This keeps the key out of your codebase, making it easier to manage and less prone to accidental exposure.

    export GREYNOISE_API_KEY="YOUR_API_KEY"

    Then, in Python (or other languages), access it:

    import os
api_key = os.getenv("GREYNOISE_API_KEY")

  • Avoid Client-Side Exposure: Never embed API keys directly into client-side code (e.g., JavaScript in a web browser, mobile application front-ends). If a client-side application needs to access GreyNoise data, consider using a proxy server to make the API calls securely on the backend, or implement an OAuth 2.0 flow for user-specific access, though GreyNoise focuses on API keys for direct service access.

  • Restrict Network Access: If possible, configure network firewalls or security groups to allow outbound API calls only from known, trusted IP addresses associated with your GreyNoise account or infrastructure. While GreyNoise itself may not support IP whitelisting for API keys directly, you can implement this on your network's egress points.

  • Rotate API Keys Regularly: Periodically generate new API keys and revoke old ones. This practice reduces the window of opportunity for a compromised key to be exploited. GreyNoise provides mechanisms within your account settings to manage and revoke keys.

  • Monitor Usage: Regularly review your API usage and logs (if available through GreyNoise or your own systems) for any unusual activity that might indicate a compromised key or unauthorized access.

  • Secure Your Development Environment: Ensure that your local development machines and CI/CD pipelines are secure and that API keys are not left exposed in configuration files or build logs.