We value your privacy

We use cookies to enhance your browsing experience, serve personalised ads or content, and analyse our traffic. By clicking "Accept All", you consent to our use of cookies. Read more.

Customise Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorised as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

  • Cookie
    XSRF-TOKEN
  • Duration
    2 hours
  • Description
    This cookie enhances visitor browsing security by preventing cross-site request forgery.
  • Cookie
    intercom-id-*
  • Duration
    8 months 26 days 1 hour
  • Description
    Intercom sets this cookie that allows visitors to see any conversations they've had on Intercom websites.
  • Cookie
    intercom-session-*
  • Duration
    7 days
  • Description
    Intercom sets this cookie that allows visitors to see any conversations they've had on Intercom websites.
  • Cookie
    intercom-device-id-*
  • Duration
    8 months 26 days 1 hour
  • Description
    Intercom sets this cookie that allows visitors to see any conversations they've had on Intercom websites.
  • Cookie
    _GRECAPTCHA
  • Duration
    6 months
  • Description
    Google Recaptcha service sets this cookie to identify bots to protect the website against malicious spam attacks.
  • Cookie
    rc::a
  • Duration
    Never Expires
  • Description
    This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
  • Cookie
    rc::f
  • Duration
    Never Expires
  • Description
    This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
  • Cookie
    rc::c
  • Duration
    session
  • Description
    This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
  • Cookie
    rc::b
  • Duration
    session
  • Description
    This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
  • Cookie
    cookieyes-consent
  • Duration
    1 year
  • Description
    CookieYes sets this cookie to remember users' consent preferences so that their preferences are respected on subsequent visits to this site. It does not collect or store any personal information about the site visitors.
  • Cookie
    __cf_bm
  • Duration
    1 hour
  • Description
    This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
  • Cookie
    _cfuvid
  • Duration
    session
  • Description
    Calendly sets this cookie to track users across sessions to optimize user experience by maintaining session consistency and providing personalized services
  • Cookie
    keep_alive
  • Duration
    1 hour
  • Description
    The keep_alive cookie is used to maintain a user's session active on a website, preventing automatic logout during periods of inactivity.
  • Cookie
    localization
  • Duration
    1 year
  • Description
    The localization cookie stores user preferences for language and region to provide a personalized browsing experience.
  • Cookie
    _tracking_consent
  • Duration
    1 year
  • Description
    Shopify sets this cookie to store a user's preferences if a merchant has set up privacy rules in the visitor's region.
  • Cookie
    wpm-test-cookie
  • Duration
    session
  • Description
    The wpm-test-cookie is used to check if the user's browser supports cookies, essential for providing a functional website experience.
  • Cookie
    nlbi_*
  • Duration
    session
  • Description
    The Hotels Network sets this cookie to improve security and provide load-balancing to ensure that a client's requests are sent to the same origin server.
  • Cookie
    visid_incap_*
  • Duration
    1 year
  • Description
    Incapsula sets this cookie to provide cloud-based website security services.
  • Cookie
    incap_ses_*
  • Duration
    session
  • Description
    This is an Incapsula DDoS Protection and Web Application Firewall cookie that is used to relate HTTP requests to a certain session.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

  • Cookie
    yt-remote-device-id
  • Duration
    Never Expires
  • Description
    YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
  • Cookie
    ytidb::LAST_RESULT_ENTRY_KEY
  • Duration
    Never Expires
  • Description
    The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.
  • Cookie
    yt-remote-connected-devices
  • Duration
    Never Expires
  • Description
    YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
  • Cookie
    yt-remote-session-app
  • Duration
    session
  • Description
    The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player.
  • Cookie
    yt-remote-cast-installed
  • Duration
    session
  • Description
    The yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video.
  • Cookie
    yt-remote-session-name
  • Duration
    session
  • Description
    The yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video.
  • Cookie
    yt-remote-fast-check-period
  • Duration
    session
  • Description
    The yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos.
  • Cookie
    sp_t
  • Duration
    1 year
  • Description
    The sp_t cookie is set by Spotify to implement audio content from Spotify on the website and also registers information on user interaction related to the audio content.
  • Cookie
    sp_landing
  • Duration
    1 day
  • Description
    The sp_landing is set by Spotify to implement audio content from Spotify on the website and also registers information on user interaction related to the audio content.
  • Cookie
    li_gc
  • Duration
    6 months
  • Description
    Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
  • Cookie
    lidc
  • Duration
    1 day
  • Description
    LinkedIn sets the lidc cookie to facilitate data center selection.
  • Cookie
    yt-remote-cast-available
  • Duration
    session
  • Description
    The yt-remote-cast-available cookie is used to store the user's preferences regarding whether casting is available on their YouTube video player.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

  • Cookie
    _omappvp
  • Duration
    1 year 1 month 4 days
  • Description
    The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
  • Cookie
    _omappvs
  • Duration
    20 minutes
  • Description
    The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.
  • Cookie
    _gcl_au
  • Duration
    3 months
  • Description
    Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.
  • Cookie
    _ga_*
  • Duration
    1 year 1 month 4 days
  • Description
    Google Analytics sets this cookie to store and count page views.
  • Cookie
    _ga
  • Duration
    1 year 1 month 4 days
  • Description
    Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
  • Cookie
    _hjSessionUser_*
  • Duration
    1 year
  • Description
    Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
  • Cookie
    _hjSession_*
  • Duration
    1 hour
  • Description
    Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
  • Cookie
    _fbp
  • Duration
    3 months
  • Description
    Facebook sets this cookie to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising after visiting the website.
  • Cookie
    _gh_sess
  • Duration
    session
  • Description
    GitHub sets this cookie for temporary application and framework state between pages like what step the user is on in a multiple step form.
  • Cookie
    wmc
  • Duration
    1 year 1 month 4 days
  • Description
    Workable sets this cookie to assign a unique visitor ID for statistical purposes.

Performance cookies are used to understand and analyse the key performance indexes of the website which helps in delivering a better user experience for the visitors.

  • Cookie
    loglevel
  • Duration
    Never Expires
  • Description
    Squarespace sets this cookie to maintain settings and outputs when using the Developer Tools Console on the current session.

Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.

  • Cookie
    YSC
  • Duration
    session
  • Description
    Youtube sets this cookie to track the views of embedded videos on Youtube pages.
  • Cookie
    VISITOR_INFO1_LIVE
  • Duration
    6 months
  • Description
    YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
  • Cookie
    VISITOR_PRIVACY_METADATA
  • Duration
    6 months
  • Description
    YouTube sets this cookie to store the user's cookie consent state for the current domain.
  • Cookie
    yt.innertube::requests
  • Duration
    Never Expires
  • Description
    YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
  • Cookie
    yt.innertube::nextId
  • Duration
    Never Expires
  • Description
    YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
  • Cookie
    bcookie
  • Duration
    1 year
  • Description
    LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.

Other uncategorised cookies are those that are being analysed and have not been classified into a category as yet.

  • Cookie
    psdb_session
  • Duration
    2 hours
  • Description
    Description is currently not available.
  • Cookie
    patchstack_src
  • Duration
    1 year 1 month 4 days
  • Description
    Description is currently not available.
  • Cookie
    __Secure-ROLLOUT_TOKEN
  • Duration
    6 months
  • Description
    Description is currently not available.
  • Cookie
    _octo
  • Duration
    1 year
  • Description
    No description available.
  • Cookie
    logged_in
  • Duration
    1 year
  • Description
    No description available.
  • Cookie
    patchstack_app_session
  • Duration
    2 hours
  • Description
    Description is currently not available.
  • Cookie
    vulnerability_database_v2_session
  • Duration
    12 hours
  • Description
    Description is currently not available.
  • Cookie
    _impv_routing
  • Duration
    session
  • Description
    Description is currently not available.
  • Cookie
    WMF-Uniq
  • Duration
    1 year
  • Description
    Description is currently not available.
Powered by Cookieyes logo
Skip to content
Patchstack Docs

Hosting API

Hosting API Documentation

Section titled “Hosting API Documentation”

Introduction

Section titled “Introduction”

The information below describes the API URL’s, payloads and authentication necessary to communicate with our API. A special authentication key will have to be supplied in each request (that will be created specifically for the hosting provider) against an endpoint.

All actions (such as adding sites, users, etc.) will be logged and flagged under the name of the hosting provider so only they can access and alter the data that they created.

Each request will respond with JSON containing certain information about the action that was executed.

Authorization

Section titled “Authorization”

A HTTP header “HostToken” will have to be supplied in each request against our API. This API key is given upon request.

Endpoints

Section titled “Endpoints”

HTTP endpoint prefix: api.patchstack.com/hosting/

User

Section titled “User”

POST /user/add

Section titled “POST /user/add”

Add a new user.

Request Data
name → required|string
company → optional|string
email → required|email
password → required|string|min:6
password_confirmation → required|string → must match password input field
newsletter → required|boolean → 0 or 1
phone → optional|string

Response Data
HTTP 401, 403, 404, 422
error → Message indicating that bad or missing data was supplied or that the user cannot be added.
HTTP 200
id → UserID of the user.

POST /user/search

Section titled “POST /user/search”

Find a user by email address.

Request Data
email → required|email

Response Data
HTTP 401, 403, 422
error → Message indicating that bad or missing data was supplied.
HTTP 404
error → Message indicating that the user could not be found.
HTTP 200
JSON response example can be found below.

{
   "id": 1,
   "name": "Dave",
   "email": "support@patchstack.com",
   "created_at": "2017-10-19T00:00:00.000000Z",
   "blocked_attacks": 367,
   "expires_at": "2025-01-01 11:11:11",
   "class": "premium", // Can be free or premium,
   "renew_freq": "monthly" // Can be monthly or annually
}

POST /user/{userid}/edit

Section titled “POST /user/{userid}/edit”

Modify an existing user.

Request Data
name → optional|string
company → optional|string
email → optional|email
phone → optional|string
newsletter → optional|boolean → 0 or 1

Response Data
HTTP 401, 403, 404, 422
error → Message indicating that bad or missing data was supplied or that the user cannot be added.
HTTP 200
success → Message indicating that it updated the user.

POST /user{userid}/delete

Section titled “POST /user{userid}/delete”

Delete an existing user.

Request Data
None

Response Data
HTTP 401, 403, 404
error → Message indicating that bad or missing data was supplied, the user cannot be deleted or the user was not found.
HTTP 200
success → Message indicating that the user was deleted.

POST /user/{userid}/sso

Section titled “POST /user/{userid}/sso”

Returns a URL that can be used by the user to login into the portal. Each user can only have 1 non-expired and unused token which will be valid for 24 hours.

Request Data
None

Response Data
HTTP 403, 404
error → Message indicating that the user cannot be accessed or the user was not found.
HTTP 200
url → The URL that can be used to login as the user.
expires_at → The timestamp in UTC time in the format Y-m-d H:i:s when the token is no longer valid.

GET /user/{userid}/view

Section titled “GET /user/{userid}/view”

Get information about a user.

Request Data
None

Response Data
HTTP 401, 404, 404
HTTP 200
JSON response example can be found below.

{
    "user": {
        "id": 1,
        "name": "Dave",
        "email": "support@patchstack.com",
        "created_at": "2017-10-19T00:00:00.000000Z",
        "blocked_attacks": 367,
        "expires_at": "2025-01-01 11:11:11",
        "class": "premium", // Can be free or premium,
        "renew_freq": "monthly", // Can be monthly or annually,
        "addon_mr": "false", // Malware removal guarantee addon
        "addon_wl": "false" // Whitelabel reporting addon
    },
    "sites": [
        {
            "id": 315,
            "url": "http://wptest.com/singlesite/"
        },
        {
            "id": 16106,
            "url": "http://test1.com"
        }
    ]
}

Site

Section titled “Site”

POST /site/add

Section titled “POST /site/add”

Add a new site to a specific user.

Request Data
url → required|url → In the form of https://www.domain.com
userid → required|integer → The userid of the user to which the URL should be bound to.
strict → optional|boolean → true|false → Whether or not we should check if the site has already been added globally to Patchstack.

Response Data
HTTP 403, 404, 422
error → Message indicating that bad or missing data was supplied or that the site could not be added.
HTTP 200
success → Message indicating that the site was added.
siteid → The ID of the site.
api → array containing id and secret for plugin/firewall API authentication

POST /site/{siteid}/edit

Section titled “POST /site/{siteid}/edit”

Modify an existing site.

Request Data
url → required|url → In the form of https://www.domain.com/

Response Data
HTTP 401, 403, 404, 422
error → Message indicating that bad or missing data was supplied, the site cannot be modified or the site could not be found.
HTTP 200
success → Message indicating that the site has been updated.

POST /site/{siteid}/delete

Section titled “POST /site/{siteid}/delete”

Delete an existing site.

Request Data
None

Response Data
HTTP 401, 403, 404
error → Message indicating that bad or missing data was supplied, the site cannot be deleted or the site could not be found.
HTTP 200
success → Message indicating that the site has been deleted.

GET /site/{siteid}/download

Section titled “GET /site/{siteid}/download”

Download the plugin file that belongs to the site.

Request Data
None

Response Data
HTTP 401, 403, 404, 422
error → Message indicating that bad or missing data was supplied, the plugin could not be downloaded or the site could not be found.
HTTP 200
Prompts the download of the plugin .zip file that needs to be installed on the site.
This .zip file contains hardcoded API keys for that specific site, the same .zip file cannot be installed on other sites. However, once this specific plugin .zip file has been installed on a site, the Patchstack plugin can be updated as usual through WordPress.

GET /site/{siteid}/view

Section titled “GET /site/{siteid}/view”

Get information about a site such as the number of attacks blocked in the past day and week.

Request Data

None

Response Data
HTTP 401, 404, 404
HTTP 200
JSON response example can be found below.

{
    "id": 315,
    "url": "https://my-site.com",
    "created_at": "2019-01-01",
    "user": {
        "id": 1,
        "name": "Dave",
        "email": "dave.jong@patchstack.com",
        "created_at": "2017-10-19T00:00:00.000000Z",
        "site_count": 25,
        "blocked_attacks": 8482
    },
    "attacks": [
        {
            "num": 1,
            "dateday": "2023-06-30"
        },
        {
            "num": 0,
            "dateday": "2023-07-01"
        },
        {
            "num": 0,
            "dateday": "2023-07-02"
        },
        {
            "num": 0,
            "dateday": "2023-07-03"
        },
        {
            "num": 30,
            "dateday": "2023-07-04"
        },
        {
            "num": 0,
            "dateday": "2023-07-05"
        },
        {
            "num": 0,
            "dateday": "2023-07-06"
        },
        {
            "num": 0,
            "dateday": "2023-07-07"
        },
        {
            "num": 0,
            "dateday": "2023-07-08"
        },
        {
            "num": 0,
            "dateday": "2023-07-09"
        },
        {
            "num": 5,
            "dateday": "2023-07-10"
        },
        {
            "num": 0,
            "dateday": "2023-07-11"
        },
        {
            "num": 0,
            "dateday": "2023-07-12"
        },
        {
            "num": 0,
            "dateday": "2023-07-13"
        },
        {
            "num": 0,
            "dateday": "2023-07-14"
        },
        {
            "num": 0,
            "dateday": "2023-07-15"
        },
        {
            "num": 0,
            "dateday": "2023-07-16"
        },
        {
            "num": 0,
            "dateday": "2023-07-17"
        },
        {
            "num": 0,
            "dateday": "2023-07-18"
        },
        {
            "num": 0,
            "dateday": "2023-07-19"
        },
        {
            "num": 0,
            "dateday": "2023-07-20"
        },
        {
            "num": 0,
            "dateday": "2023-07-21"
        },
        {
            "num": 0,
            "dateday": "2023-07-22"
        },
        {
            "num": 0,
            "dateday": "2023-07-23"
        },
        {
            "num": 0,
            "dateday": "2023-07-24"
        },
        {
            "num": 0,
            "dateday": "2023-07-25"
        },
        {
            "num": 0,
            "dateday": "2023-07-26"
        },
        {
            "num": 0,
            "dateday": "2023-07-27"
        },
        {
            "num": 0,
            "dateday": "2023-07-28"
        },
        {
            "num": 0,
            "dateday": "2023-07-29"
        },
        {
            "num": 555,
            "dateday": "2023-07-30"
        },
        {
            "num": 0,
            "dateday": "2023-07-31"
        }
    ],
    "api": {
        "id": 315,
        "secret": "D4ajwfPddOQ6VAhhPYCOR5sggkpe9byNsSCobxxP"
    },
    "software": [
        {
            "name": "PHP",
            "type": "php",
            "version": "7.4.3",
            "version_new": null,
            "slug": null,
            "is_active": true,
            "is_outdated": false,
            "is_vulnerable": false
        },
        {
            "name": "Akismet Anti-Spam",
            "type": "plugin",
            "version": "5.0",
            "version_new": "5.0.1",
            "slug": "akismet",
            "is_active": false,
            "is_outdated": true,
            "is_vulnerable": false
        },
        {
            "name": "Hello Dolly",
            "type": "plugin",
            "version": "1.7.2",
            "version_new": null,
            "slug": "hello.php",
            "is_active": false,
            "is_outdated": false,
            "is_vulnerable": false
        },
        {
            "name": "Patchstack Security",
            "type": "plugin",
            "version": "2.1.22",
            "version_new": null,
            "slug": "patchstack",
            "is_active": true,
            "is_outdated": false,
            "is_vulnerable": false
        },
        {
            "name": "Twenty Twenty",
            "type": "theme",
            "version": "2.0",
            "version_new": null,
            "slug": "twentytwenty",
            "is_active": true,
            "is_outdated": false,
            "is_vulnerable": false
        },
        {
            "name": "Twenty Twenty-One",
            "type": "theme",
            "version": "1.6",
            "version_new": null,
            "slug": "twentytwentyone",
            "is_active": true,
            "is_outdated": false,
            "is_vulnerable": false
        },
        {
            "name": "Twenty Twenty-Two",
            "type": "theme",
            "version": "1.2",
            "version_new": null,
            "slug": "twentytwentytwo",
            "is_active": true,
            "is_outdated": false,
            "is_vulnerable": false
        },
        {
            "name": "WordPress",
            "type": "wordpress",
            "version": "6.0.2",
            "version_new": "6.0.3",
            "slug": null,
            "is_active": true,
            "is_outdated": true,
            "is_vulnerable": true
        }
    ],
    "has_vuln_plugin": 1,
    "software_outdated": 2,
    "software_vulnerable": 1
}
1