Standard tier API
The Standard Threat Intelligence API is no longer offered to new customers. New integrations should use the Threat Intelligence API, which is a strict superset — every endpoint and field documented here is available there. This page is preserved for existing Standard integrations.
Interactive reference: Every endpoint, parameter and response shape is documented in the Threat Intelligence API (Standard) reference.
Tooling (Postman, SDK, LLM): spec URLs and import instructions for all three tiers live on Overview → Using the APIs with your tools.
This page covers the concepts you need to use the API effectively — authentication, rate limiting, errors, and code samples. Use it alongside the interactive reference.
Base URL
Section titled “Base URL”https://patchstack.com/database/api/v2/Authentication
Section titled “Authentication”Every request must include your API key in the PSKey HTTP request header. Standard keys remain valid for existing customers. New keys are not issued — contact us about Extended.
PSKey: <your-api-key>Response format
Section titled “Response format”All responses are JSON. Responses are cached until the Patchstack database updates, at which point the cache is cleared.
The Standard tier returns a flat per-item shape. For the richer shape with description, vuln_type, cvss_score, cve, and patched_in_ranges, use the Extended tier. Field definitions live in API properties.
Rate limiting
Section titled “Rate limiting”Standard is limited to 5,000 requests per 24 hours. Contact https://patchstack.com/for-hosts/ to move to Extended for a higher quota and additional endpoints.
Errors
Section titled “Errors”| Status | Meaning |
|---|---|
401 Unauthorized | Missing or invalid PSKey header. |
403 Forbidden | API key not authorised for the requested endpoint. |
404 Not Found | Unknown product/version combination. |
429 Too Many Requests | Rate limit exceeded. |
500 | Server error — please include the request id in any bug report. |
Testing — curl one-liners
Section titled “Testing — curl one-liners”# Full advisory list for a plugin versioncurl 'https://patchstack.com/database/api/v2/product/plugin/tutor/1.5.2' \ -H 'PSKey: <your-api-key>'
# Boolean-only exists check (faster)curl 'https://patchstack.com/database/api/v2/product/plugin/tutor/1.5.2/exists' \ -H 'PSKey: <your-api-key>'
# WordPress corecurl 'https://patchstack.com/database/api/v2/product/wordpress/wordpress/5.8.2' \ -H 'PSKey: <your-api-key>'More information
Section titled “More information”You can find more information about the Patchstack Threat Intelligence API on https://patchstack.com/for-hosts/. If you have integration questions, email dave.jong@patchstack.com.