Stay organized with collections
Save and categorize content based on your preferences.
Using the Evaluate API
The page explains how to use the Evaluate API to let your client applications
evaluate the maliciousness of a URL. This API returns a confidence score that
indicates the maliciousness of a URL based on blocklists, machine learning
models and heuristic rules. If you want a binary result instead of a confidence
score, use the Lookup API.
Note: Any URLs submitted to the Evaluate API may undergo additional processing, including crawls.
To evaluate a URL, send an HTTP POST request to
the evaluateUri
method. Understand the following considerations when evaluating URLs:
The Evaluate API supports one URL per request. If you want to check multiple
URLs, send a separate request for each URL.
The URL must be valid and doesn't need to be canonicalized. For more
information, see RFC 2396.
The Evaluate API supports three threatTypes: SOCIAL_ENGINEERING, MALWARE and
UNWANTED_SOFTWARE.
Deprecated. The allow_scan field was used to determine whether Web Risk is
allowed to scan the URL provided. This functionality can no longer be disabled
in the Evaluate API. See the Lookup and Update APIs for crawl-free options.
The HTTP POST response returns a confidence score for the specified
threatType. The confidence score represents the confidence level indicating
how risky the specified URL is.
API request
Before using any of the request data,
make the following replacements:
URL: a URL that needs to be evaluated.
HTTP method and URL:
POST https://webrisk.googleapis.com/v1eap1:evaluateUri?key=API_KEY
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["# Using the Evaluate API\n======================\n\n|\n| **Preview**\n|\n|\n| This feature is subject to the \"Pre-GA Offerings Terms\" in the General Service Terms section\n| of the [Service Specific Terms](/terms/service-terms#1).\n|\n| Pre-GA features are available \"as is\" and might have limited support.\n|\n| For more information, see the\n| [launch stage descriptions](/products#product-launch-stages).\n\nThe page explains how to use the Evaluate API to let your client applications\nevaluate the maliciousness of a URL. This API returns a confidence score that\nindicates the maliciousness of a URL based on blocklists, machine learning\nmodels and heuristic rules. If you want a binary result instead of a confidence\nscore, use the [Lookup API](/web-risk/docs/lookup-api).\n\n**Note:** Any URLs submitted to the Evaluate API may undergo additional processing, including crawls.\n\nBefore you begin\n----------------\n\n[Contact our sales team](https://go.chronicle.security/webriskapi) or your customer\nengineer to obtain access to this feature.\n\nEvaluating URLs\n---------------\n\nTo evaluate a URL, send an HTTP `POST` request to\nthe [`evaluateUri`](/web-risk/docs/reference/rest/v1eap1/TopLevel/evaluateUri)\nmethod. Understand the following considerations when evaluating URLs:\n\n- The Evaluate API supports one URL per request. If you want to check multiple URLs, send a separate request for each URL.\n- The URL must be valid and doesn't need to be canonicalized. For more information, see [RFC 2396](http://www.ietf.org/rfc/rfc2396.txt).\n- The Evaluate API supports three threatTypes: SOCIAL_ENGINEERING, MALWARE and UNWANTED_SOFTWARE.\n- Deprecated. The `allow_scan` field was used to determine whether Web Risk is allowed to scan the URL provided. This functionality can no longer be disabled in the Evaluate API. See the [Lookup](/web-risk/docs/lookup-api) and [Update](/web-risk/docs/update-api) APIs for crawl-free options.\n- The HTTP `POST` response returns a confidence score for the specified threatType. The confidence score represents the confidence level indicating how risky the specified URL is.\n\n### API request\n\n\nBefore using any of the request data,\nmake the following replacements:\n\u003cvar translate=\"no\"\u003eURL\u003c/var\u003e: a URL that needs to be evaluated.\n\n\nHTTP method and URL:\n\n```\nPOST https://webrisk.googleapis.com/v1eap1:evaluateUri?key=API_KEY\n```\n\n\nRequest JSON body:\n\n```\n{\n \"uri\": \"URL\",\n \"threatTypes\": [\"SOCIAL_ENGINEERING\", \"MALWARE\", \"UNWANTED_SOFTWARE\"]\n}\n```\n\nTo send your request, choose one of these options: \n\n#### curl\n\n\nSave the request body in a file named `request.json`,\nand execute the following command:\n\n```\ncurl -X POST \\\n -H \"Content-Type: application/json; charset=utf-8\" \\\n -d @request.json \\\n \"https://webrisk.googleapis.com/v1eap1:evaluateUri?key=API_KEY\"\n```\n\n#### PowerShell\n\n\nSave the request body in a file named `request.json`,\nand execute the following command:\n\n```\n$headers = @{ }\n\nInvoke-WebRequest `\n -Method POST `\n -Headers $headers `\n -ContentType: \"application/json; charset=utf-8\" `\n -InFile request.json `\n -Uri \"https://webrisk.googleapis.com/v1eap1:evaluateUri?key=API_KEY\" | Select-Object -Expand Content\n```\n\nYou should receive a JSON response similar to the following:\n\n```\n{\n \"scores\": [\n {\n \"threatType\": \"MALWARE\",\n \"confidenceLevel\": \"EXTREMELY_HIGH\"\n },\n {\n \"threatType\": \"SOCIAL_ENGINEERING\",\n \"confidenceLevel\": \"SAFE\"\n },\n {\n \"threatType\": \"UNWANTED_SOFTWARE\",\n \"confidenceLevel\": \"SAFE\"\n }\n ]\n}\n```"]]
