checkHash

Available in Classic and VPC

Use hash values to check a file or URL string for maliciousness with hash filter.

Request

This section describes the request format. The method and URI are as follows:

Method	URI
GET	/hashfilter/v1/checkHash

Request headers

For information about the headers common to all File Safer APIs, see File Safer request headers.

Request query parameters

You can use the following query parameters with your request:

Field	Type	Required	Description
`hashCode`	String	Required	Hash value to query
`hashType`	String	Required	Algorithm used to create the hash value to query `sha1` \| `md5`

Request example

The request example is as follows:

curl --location --request GET 'https://filesafer.apigw.ntruss.com/hashfilter/v1/checkHash?hashCode=f093e7767bb63ac973b697d3fd1d40a78b87b8bf&hashType=sha1' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-apigw-api-key: {API Gateway API Key}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--header 'Accept: application/json'

Response

This section describes the response format.

Response body

The response body includes the following data:

Field	Type	Required	Description
`returnCode`	String	Required	Processing result code for the request
`returnMessage`	String	Required	Processing result message for the request
`totalRows`	Integer	Required	Number of objects for `hashCheckResultList`
`hashCheckResultList`	Array	Required	Detection results for the hash value queried: hashCheckResultList If an object is in the list: malware If no objects are in the list: normal

`hashCheckResultList`

The following describes hashCheckResultList.

Field	Type	Required	Description
`hashType`	String	Conditional	Algorithm used to create `hashCode` `sha1` \| `md5` Include only if detected as malware
`hashCode`	String	Conditional	Hash value detected as malware Include only if detected as malware
`group`	String	Conditional	Type of hash value detected as malware `file` \| `url` `file`: if the hash value is a file object `url`: if the hash value is a URL string Include only if detected as malware
`result`	String	Conditional	Whether the hash value queried was detected as malware `1` `1`: detected as malware Include only if detected as malware
`regDatetime`	Long	Conditional	Time the hash value was registered Include only if detected as malware

Response status codes

For information about the HTTP status codes common to all File Safer APIs, see File Safer response status codes.

Response example

The response example is as follows:

If malware is detected

The following is a sample response if malware is detected.

{
     "returnCode": "0",
     "returnMessage": "success",
     "totalRows": 1,
     "hashCheckResultList": [
        {
            "hashType": "sha1",
            "hashCode": "f093e7767bb63ac973b697d3fd1d40a78b87b8bf",
            "group": "file",
            "result": "1",
            "regDatetime": 1497409737000
         }
     ]
}

If malware is not detected

The following is a sample response if malware is not detected.

{
     "returnCode": "0",
     "returnMessage": "success",
     "totalRows": 0,
     "hashCheckResultList": [
     ]
}