checkHash

Prev Next

Available in Classic and VPC

Use hash values to check a file or URL string for maliciousness with hash filter.

Request

This section describes the request format. The method and URI are as follows:

Method URI
GET /checkHash

Request headers

For information about the headers common to all File Safer APIs, see Common File Safer API headers.

Request query parameters

The following describes the parameters.

Field Type Required Description
hashCode String Required Hash value to query
hashType String Required Algorithm used to create the hash value to query
  • sha1 | md5

Request example

The request example is as follows:

curl --location --request GET 'https://filesafer.apigw.ntruss.com/hashfilter/v1/checkHash
?hashCode=f093e7767bb63ac973b697d3fd1d40a78b87b8bf
&hashType=sha1' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-apigw-api-key: {API Gateway API Key}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--header 'Accept: application/json'

Response

This section describes the response format.

Response body

The response body includes the following data:

Field Type Required Description
returnCode String Required Processing result code for the request
returnMessage String Required Processing result message for the request
totalRows Integer Required Number of objects for hashCheckResultList
hashCheckResultList[] Array Required Detection results for the hash value queried
  • If an object is in the list: malware
  • If no objects are in the list: normal
hashCheckResultList[].hashType String Conditional Algorithm used to create hashCode
  • sha1 | md5
  • Include only if detected as malware
hashCheckResultList[].hashCode String Conditional Hash value detected as malware
  • Include only if detected as malware
hashCheckResultList[].group String Conditional Type of hash value detected as malware
  • file | url
    • file: if the hash value is a file object
    • url: if the hash value is a URL string
  • Include only if detected as malware
hashCheckResultList[].result String Conditional Whether the hash value queried was detected as malware
  • 1
    • 1: detected as malware
  • Include only if detected as malware
hashCheckResultList[].regDatetime Long Conditional Time the hash value was registered
  • Include only if detected as malware

Response status codes

For information about the HTTP status codes common to all File Safer APIs, see File Safer response status codes.

Response example

The response example is as follows:

If malware is detected

The following is a sample response if malware is detected.

{
     "returnCode": "0",
     "returnMessage": "success",
     "totalRows": 1,
     "hashCheckResultList": [
        {
            "hashType": "sha1",
            "hashCode": "f093e7767bb63ac973b697d3fd1d40a78b87b8bf",
            "group": "file",
            "result": "1",
            "regDatetime": 1497409737000
         }
     ]
}

If malware is not detected

The following is a sample response if malware is not detected.

{
     "returnCode": "0",
     "returnMessage": "success",
     "totalRows": 0,
     "hashCheckResultList": [
     ]
}