Overview
WordPress plugin, theme and core vulnerability lookups for a single product + version.
Patchstack Threat Intelligence API — Standard (v2)
Section titled “Patchstack Threat Intelligence API — Standard (v2)”The Standard Threat Intelligence API returns vulnerability information for a single WordPress plugin, theme or core version. It’s the entry-level tier of the v2 API — if you need bulk lookups, the latest-24h feed, or by-id advisory lookup, use the Extended tier instead.
Authentication
Every request must include your API key in the PSKey HTTP request header.
Request a key via your Patchstack App billing page.
Rate limiting
Standard is limited to 5,000 requests per 24 hours. Contact https://patchstack.com/for-hosts/ if you need an elevated quota or the Extended tier.
Caching
Responses are JSON and cached until the Patchstack database updates, at which point the appropriate caches are cleared.
Errors
| Status | Meaning |
|---|---|
401 | Missing or invalid PSKey header. |
403 | API key not authorised for the requested endpoint. |
404 | Unknown product/version combination. |
429 | Rate limit exceeded. |
500 | Server error — include the request id in any bug report. |
Related pages
- Narrative guide with code samples: Standard tier API
- Field glossary: API properties
- OpenAPI spec (import into Postman / Insomnia / Bruno / Hoppscotch): https://docs.patchstack.com/schemas/threat-intel-standard.yaml
- Postman collection (pre-imported): https://docs.patchstack.com/schemas/threat-intel-standard.postman_collection.json
Integration questions: dave.jong@patchstack.com.
- Patchstack: https://patchstack.com/for-hosts/ - dave.jong@patchstack.com
- OpenAPI version: 3.1.0
Authentication
Section titled “ Authentication ”PSKey
Section titled “PSKey ”API key issued by Patchstack. Request one from your Patchstack App billing page.
Security scheme type: apiKey
Header parameter name: PSKey