# OneFirewall Documentation ## Docs - [Chat Completions](https://docs.onefirewall.com/ai-gateway/api-reference/chat-completions.md): OpenAI-compatible chat completions endpoint with integrated security, PII masking, and web search. - [Available Models](https://docs.onefirewall.com/ai-gateway/api-reference/models.md): A list of supported AI models available through the gateway. - [Security Features](https://docs.onefirewall.com/ai-gateway/api-reference/security-features.md): How the Secure AI Gateway protects your data. - [API Usage Guide](https://docs.onefirewall.com/ai-gateway/introduction.md): Complete guide to using the Secure AI Gateway API. - [Authorization](https://docs.onefirewall.com/api-reference/authorization.md) - [Domains by Score](https://docs.onefirewall.com/api-reference/endpoint/domain-feeds/domains-by-score.md): Retrieve a list of malicious domains - [Domains by TS](https://docs.onefirewall.com/api-reference/endpoint/domain-feeds/domains-by-ts.md): Retrieve the latest malicious domains recorded - [Overwrite Decision](https://docs.onefirewall.com/api-reference/endpoint/domain-feeds/overwrite-decision.md): This API is used to change / overwrite the decision based on score, in other words setting manually a IoC in whitelist or blacklist. - [Report Domain](https://docs.onefirewall.com/api-reference/endpoint/domain-feeds/report-domain.md): Enable users to report domains suspected of serving malware, viruses, or trojans. - [Scan Domain](https://docs.onefirewall.com/api-reference/endpoint/domain-feeds/scan-domain.md): Retrieve metadata for over a million known malicious domains. - [CTI](https://docs.onefirewall.com/api-reference/endpoint/intel/get-intel.md): Cyber Threat Intelligence for a given IPv4, contains information about the IP, Crime Score, Reports, Members, MITRE, Agents, etc.. - [STIX2.0](https://docs.onefirewall.com/api-reference/endpoint/iocs/stix20.md): STIX2 (Structured Threat Information eXpression version 2) is a standardized language for representing cyber threat intelligence (CTI) that enables the sharing of threat intelligence across organizations and security tools. It is important to Threat Intel because it allows security professionals to… - [Latest IPv4](https://docs.onefirewall.com/api-reference/endpoint/ipv4-feeds/latest-ipv4.md): You can call the API `/api/v1/ips` in order to receive an array of the latest IPv4 feeds collected at the OneFirewall Data lake. - [Live IPv4](https://docs.onefirewall.com/api-reference/endpoint/ipv4-feeds/live-ipv4.md): This API is similar with the `IP addresses [FLAT]` however have some advantages and disadvantages in respect: - [One IPv4](https://docs.onefirewall.com/api-reference/endpoint/ipv4-feeds/one-ipv4.md): You can call the API `/api/v1/ips/` in order to receive information for the IPv4 feeds in request if is presented at the OneFirewall Data lake. This API is useful when you want to verify if OneFirewall have an information for the actor in request. - [Pre-compiled IPv4](https://docs.onefirewall.com/api-reference/endpoint/ipv4-feeds/pre-compiled-ipv4.md): If you need a simple list (example CSV) to retrieve all the IPv4 feeds based on their score, you can use the below API - [Report IPv4](https://docs.onefirewall.com/api-reference/endpoint/ipv4-feeds/report-ipv4.md): Post information about threat intelligence in relation to a IPv4 - [Create](https://docs.onefirewall.com/api-reference/endpoint/secure-vpn/create.md): Create a new VPN License - [Delete VPN ID](https://docs.onefirewall.com/api-reference/endpoint/secure-vpn/delete-one.md): Deactivate a given VPN License ID - [Get all](https://docs.onefirewall.com/api-reference/endpoint/secure-vpn/get-all.md): Use this method to get an array of active VPN for your organization - [Get VPN ID](https://docs.onefirewall.com/api-reference/endpoint/secure-vpn/get-one.md): Get Information and Installation instruction of a given VPN License ID - [Files](https://docs.onefirewall.com/api-reference/endpoint/security-binary-feeds/files.md) - [Files by Score](https://docs.onefirewall.com/api-reference/endpoint/security-binary-feeds/files-by-score.md) - [Files by TS](https://docs.onefirewall.com/api-reference/endpoint/security-binary-feeds/files-by-ts.md) - [Overwrite Decision](https://docs.onefirewall.com/api-reference/endpoint/security-binary-feeds/overwrite-decision.md) - [Report Digest](https://docs.onefirewall.com/api-reference/endpoint/security-binary-feeds/report-digest.md) - [File types](https://docs.onefirewall.com/api-reference/endpoint/tools/file-types.md): OneFirewall revertive each file flagged as malware and associates it with a specific file type (when possible), or more precisely, a MIME type. Currently, OneFirewall only accepts file types from a predetermined list provided by this API. - [Health Check](https://docs.onefirewall.com/api-reference/endpoint/tools/health-check.md): The \`/version\` API endpoint is primarily used to verify the operational status of the API service. When accessed, it responds with basic information indicating the current version of the API, along with a confirmation that the service is active and available. This endpoint typically does not requi… - [IP Metadata](https://docs.onefirewall.com/api-reference/endpoint/tools/ip-metadata.md): You can call the API `/api/v1/info/` in order to receive GeoIP information for the IPv4. This API is useful when you want to verify public data in regards to the GeoIP of any IPv4 - [List of CDNs](https://docs.onefirewall.com/api-reference/endpoint/tools/list-of-cdns.md): To retrieve a list of well-known Content Delivery Network (CDN) providers along with their respective edge IP addresses, you can utilize the `/api/v1/info/cdn/list` endpoint. The data provided by this API is generally static, yet the R&D team at OneFirewall periodically updates it. It’s worth noting… - [Reverse Domain](https://docs.onefirewall.com/api-reference/endpoint/tools/reverse-domain.md): You can call the API `/api/v1/info/domain/` in order to receive an array IPs resolved for the Domain name. - [Overwrite Decision](https://docs.onefirewall.com/api-reference/endpoint/url-feeds/overwrite-decision.md): This API is used to change / overwrite the decision based on score, in other words setting manually a IoC in whitelist or blacklist. - [Report URL](https://docs.onefirewall.com/api-reference/endpoint/url-feeds/report-url.md): Enable users to report url suspected of serving malware, viruses, or trojans. - [Scan URL](https://docs.onefirewall.com/api-reference/endpoint/url-feeds/scan-url.md): Retrieve metadata for over a million known malicious feeds. - [URLs by Score](https://docs.onefirewall.com/api-reference/endpoint/url-feeds/urls-by-score.md): Retrieve a list of malicious urls - [URLs by TS](https://docs.onefirewall.com/api-reference/endpoint/url-feeds/urls-by-ts.md): Retrieve the latest malicious url recorded - [Create WCF Agent](https://docs.onefirewall.com/api-reference/endpoint/wcf-agent/create.md): Creates a new WCF Agent with specified configuration for threat detection and IP blocking across multiple security platforms - [Delete an Agent](https://docs.onefirewall.com/api-reference/endpoint/wcf-agent/delete-one.md): Delete Agent from the DB (this does not make the agent to stop working, you must disable the running before deleting) - [Get WCF Installation](https://docs.onefirewall.com/api-reference/endpoint/wcf-agent/get-all.md): The end point is used to retreive a list of WCF Agent installed, along with configuration presented and how each WCF Agent is performing - [Handle WCF Configuration](https://docs.onefirewall.com/api-reference/endpoint/wcf-agent/update.md): End-point to submit changes to the WCF Agent, the configuration set it here, will be saved into the DB and will be retreived from the WCF Installed agent, next time is synced - [Introduction](https://docs.onefirewall.com/api-reference/introduction.md) - [OpenAPI 3.0](https://docs.onefirewall.com/api-reference/openapi.md) - [Reliable Sources in Threat Intelligence](https://docs.onefirewall.com/essentials/ThreatIntelligence.md): Active, reliable sources of blocklists are essential for threat intelligence, offering real-time data on malicious IPs, domains, URLs, and files. Updating and verifying these sources ensures proactive threat mitigation and enhances organizational resilience against evolving threats - [Configurations](https://docs.onefirewall.com/essentials/configurations.md) - [Alliance Contribution](https://docs.onefirewall.com/essentials/contribution.md): Contributions are anonymized, weighted, and combined into a shared intelligence pool that strengthens proactive threat prevention - [OneFirewall Crime Score](https://docs.onefirewall.com/essentials/crime-score.md) - [Elasticsearch index settings for PoV](https://docs.onefirewall.com/essentials/elasticindex.md) - [Integrations](https://docs.onefirewall.com/essentials/integrations.md) - [Threat Intelligence](https://docs.onefirewall.com/essentials/intelligence.md) - [Logs and Network Events](https://docs.onefirewall.com/essentials/logs-events.md) - [OneFirewall Coins](https://docs.onefirewall.com/essentials/ofa-coins.md) - [OFA-DNS Servers](https://docs.onefirewall.com/essentials/ofa-dns.md): Step-by-step guide to change DNS settings on the most common OS and Italian ISP routers. - [OneFirewall Mobile](https://docs.onefirewall.com/essentials/ofa-mobile.md) - [ONE-F3D-Agent Installation](https://docs.onefirewall.com/essentials/one-f3d-agent.md): How to install and run the World Crime Feed-Defend-Detect (F3D) Agent - by OneFirewall (one-f3d-agent) - [OneFirewall System Events](https://docs.onefirewall.com/essentials/onefirewall-events.md) - [Proof of Value](https://docs.onefirewall.com/essentials/pov.md) - [Sizing Requirements (GCP)](https://docs.onefirewall.com/essentials/sizing-requirements-gcp.md): Sizing Requirements of the OneFirewall Alliance solution - [Virtual Private Server](https://docs.onefirewall.com/essentials/vps.md): Technical Implementation - [WCF Installation](https://docs.onefirewall.com/essentials/wcf-installation.md): How to install and run World Crime Feeds (WCF) by OneFirewall - [OneFirewall Alliance Documentation](https://docs.onefirewall.com/introduction.md): Welcome to the documentation portal of OneFirewall Alliance - [Get Scan Policy](https://docs.onefirewall.com/offensive-security/configuration/get-policy.md): Retrieves the custom scan policy for the user. - [Update Scan Policy](https://docs.onefirewall.com/offensive-security/configuration/update-policy.md): Creates or updates the user's custom scan policy. - [Introduction to Vulnix0](https://docs.onefirewall.com/offensive-security/introduction.md): An overview of the Vulnix0 platform and how to get started with the API. - [Delete Scan](https://docs.onefirewall.com/offensive-security/scan-management/delete-scan.md): Deletes a scan record and its associated data by request ID. - [Initiate Scan](https://docs.onefirewall.com/offensive-security/scan-management/initiate-scan.md): Starts a new vulnerability scan for a given target. The target is specified as the final part of the URL path. - [List User Scans](https://docs.onefirewall.com/offensive-security/scan-management/list-scans.md): Retrieves a list of all scans initiated by the authenticated user. - [Get Scan Details](https://docs.onefirewall.com/offensive-security/scan-management/scan-details.md): Retrieves full results and status of a specific scan by its request ID. - [Health Check](https://docs.onefirewall.com/offensive-security/utilities/health.md): Verifies the API is running and responding. - [NetFlow Security](https://docs.onefirewall.com/products/NetFlow-Security-Report.md): Guide to integrate and utilize OneFirewall's NetFlow Security Analysis API - [R&D Projects](https://docs.onefirewall.com/products/RnD.md): Research and Development projects within OneFirewall - [OneFirewall DeceptionGrid](https://docs.onefirewall.com/products/deceptiongrid.md) - [Federated XDR](https://docs.onefirewall.com/products/federated-xdr.md) - [ClosedVPN](https://docs.onefirewall.com/products/secure-vpn.md) - [Web Attack Filter](https://docs.onefirewall.com/products/waf.md) - [Release: v2025-01-10](https://docs.onefirewall.com/releases/2025-01-10.md): OneFirewall WCF Server release - [Release: v2025-05-22](https://docs.onefirewall.com/releases/2025-05-22.md): OneFirewall Tags, and resereved IPs - [Release: v2025-06-21](https://docs.onefirewall.com/releases/2025-06-21.md): OneFirewall Tags, and resereved IPs - [Release: v2025-07-19](https://docs.onefirewall.com/releases/2025-07-19.md): OneFirewall Authentication Hardening and Embedded Queue Processing - [Release: v2025-09-14 ](https://docs.onefirewall.com/releases/2025-09-14.md): Defense Center - Agent Monitoring & Malicious Activity Visualization - [Release: v2025-09-23 ](https://docs.onefirewall.com/releases/2025-09-23.md): IPv4 Threat Intelligence Search Page - [Release: v2025-10-24 ](https://docs.onefirewall.com/releases/2025-10-24.md): WCF Installation Page - [Release: v2026-01-16 ](https://docs.onefirewall.com/releases/2026-01-16.md): Two-Factor Authentication (2FA) in OneFirewall - [Release: v2026-02-18 ](https://docs.onefirewall.com/releases/2026-02-18.md): CTI for Given IPv4 - [Automated Deployment](https://docs.onefirewall.com/releases/Automated-Deployment.md): OneFirewall: Cloud-Native Solution with Automated Deployment via GitLab and Canary Strategy - [Enterprise-Grade Reliability](https://docs.onefirewall.com/releases/Enterprise-GradeReliability.md): High availability (HA) OneFirewall Infra - [High Level Design](https://docs.onefirewall.com/releases/HighLevelDesign.md): A High-Level Design (HLD) architecture of a OneFirewall (White-label) - [Sizing Requirements (AWS)](https://docs.onefirewall.com/releases/SizingRequirements.md): OneFirewall Solution Install - [HAProxy with Fluent Bit](https://docs.onefirewall.com/study-cases/fluentbit.md): Integrating HAProxy Logs with OneFirewall Using Fluent Bit - [35.000 attacks daily](https://docs.onefirewall.com/study-cases/member-x.md): How we stopped 35.000 attacks daily - The Tactical Advantage of Threat Intelligence: A Case Study with OneFirewall - [Cloudflare Outage](https://docs.onefirewall.com/updates/cloudflare.md) - [Check Point Integration Guide](https://docs.onefirewall.com/wcf-agents/checkpoint-feeds.md) - [Cloud Armor Enterprise: Address Group & Deny List](https://docs.onefirewall.com/wcf-agents/cloud-armor.md): How to configure a centralized IP deny list using Address Groups in Cloud Armor Enterprise with Terraform. - [Sensor Configuration](https://docs.onefirewall.com/wcf-agents/config-sensor.md): How to configure your WCF Agent (Sensor) - [ForcePoint NGFW Integration Guide](https://docs.onefirewall.com/wcf-agents/forcepoint-ngfw.md) - [ForcePoint Web Security / URL Filtering Integration Guide](https://docs.onefirewall.com/wcf-agents/forcepoint-websec.md) - [FortiCloud WCF Integration](https://docs.onefirewall.com/wcf-agents/forticloud.md): Step-by-step guide to set up the FortiCloud Web Content Filtering integration with OneFirewall. - [FortiGate Integration Guide](https://docs.onefirewall.com/wcf-agents/fortigate.md) - [OneDevice Parallel](https://docs.onefirewall.com/wcf-agents/onedevice-parallel.md) - [OneDevice Series](https://docs.onefirewall.com/wcf-agents/onedevice-series.md) - [Palo Alto (EDL) Integration Guide](https://docs.onefirewall.com/wcf-agents/paloalto.md): How to consume a OneFirewall IP feed using External Dynamic Lists (EDL) on Palo Alto Networks firewalls. - [pfSense Integration Guide](https://docs.onefirewall.com/wcf-agents/pfsense.md) - [Checkpoint Secure XL](https://docs.onefirewall.com/wcf-agents/secure-xl.md) - [Sophos Integration Guide](https://docs.onefirewall.com/wcf-agents/sophos.md) - [Web App (HTTP) Feeds](https://docs.onefirewall.com/wcf-agents/webapp-feeds.md): How to notify OneFirewall if your web app is under attack ## OpenAPI Specs - [gateway-api](https://docs.onefirewall.com/gateway-api.json) - [ai-gateway-spec](https://docs.onefirewall.com/ai-gateway-spec.json) - [apidoc](https://docs.onefirewall.com/offensive-security/apidoc.json) - [openapi](https://docs.onefirewall.com/api-reference/openapi.json) ## Optional - [Proof of Value](https://onefirewall.com/proof-of-value.html)