Recorded Future is a threat intelligence platform whose Intelligence Cloud combines open-web, dark-web, technical, and customer telemetry sources via the Intelligence Graph, indexed and analyzed by Insikt Group analysts and AI. The platform spans Threat Intelligence, Brand Intelligence, Identity Intelligence, SecOps Intelligence, Vulnerability Intelligence, Attack Surface Intelligence, Payment Fraud Intelligence, and Geopolitical Intelligence, plus Cyber Daily and the AI Analyst. Recorded Future exposes a REST API at api.recordedfuture.com (commonly called ConnectAPI) that customers and integration partners use to pull indicators, entities, alerts, and risk scores into SIEMs, SOARs, TIPs, and custom security workflows. Named a Leader in the 2026 Gartner Magic Quadrant for Cyberthreat Intelligence Technologies.
Recorded Future publishes 1 API on the APIs.io network. Tagged areas include Cybersecurity, Threat Intelligence, Intelligence Cloud, Brand Intelligence, and Identity Intelligence.
Recorded Future’s developer surface includes developer portal, support, documentation, engineering blog, product news, and 8 more developer resources.
The Recorded Future Intelligence Cloud REST API (api.recordedfuture.com) provides programmatic access to threat intelligence sourced from over a million open-web, dark-web, tech...
aid: recorded-future
url: https://raw.githubusercontent.com/api-evangelist/recorded-future/refs/heads/main/apis.yml
name: Recorded Future
type: Index
image: https://kinlane-productions.s3.amazonaws.com/apis-json/apis-json-logo.jpg
tags:
- Cybersecurity
- Threat Intelligence
- Intelligence Cloud
- Brand Intelligence
- Identity Intelligence
- Vulnerability Intelligence
- AI Analyst
description: Recorded Future is a threat intelligence platform whose Intelligence Cloud combines open-web, dark-web, technical,
and customer telemetry sources via the Intelligence Graph, indexed and analyzed by Insikt Group analysts and AI. The platform
spans Threat Intelligence, Brand Intelligence, Identity Intelligence, SecOps Intelligence, Vulnerability Intelligence,
Attack Surface Intelligence, Payment Fraud Intelligence, and Geopolitical Intelligence, plus Cyber Daily and the AI Analyst.
Recorded Future exposes a REST API at api.recordedfuture.com (commonly called ConnectAPI) that customers and integration
partners use to pull indicators, entities, alerts, and risk scores into SIEMs, SOARs, TIPs, and custom security workflows.
Named a Leader in the 2026 Gartner Magic Quadrant for Cyberthreat Intelligence Technologies.
created: '2026-05-23'
modified: '2026-05-23'
specificationVersion: '0.19'
apis:
- aid: recorded-future:recorded-future-connect-api
name: Recorded Future Intelligence Cloud API
tags:
- Threat Intelligence
- Indicators
- Risk Scores
- Alerts
- Entities
humanURL: https://support.recordedfuture.com/hc/en-us
baseURL: https://api.recordedfuture.com
properties:
- url: https://support.recordedfuture.com/hc/en-us
type: Documentation
title: Recorded Future Support and API Documentation (gated)
- url: https://www.recordedfuture.com/platform
type: Portal
title: Recorded Future Intelligence Cloud
description: The Recorded Future Intelligence Cloud REST API (api.recordedfuture.com) provides programmatic access to threat
intelligence sourced from over a million open-web, dark-web, technical, and customer feeds and structured by the Intelligence
Graph. The API supports lookups for indicators of compromise (IPs, domains, hashes, URLs, vulnerabilities), entity context,
risk scoring, alert and watchlist management, and intelligence search. Detailed reference documentation and credentials
are issued to Recorded Future customers through the support portal and customer community.
common:
- type: LinkedIn
url: https://www.linkedin.com/company/recorded-future
- type: Website
url: https://www.recordedfuture.com/
- type: Portal
url: https://app.recordedfuture.com/
title: Recorded Future Customer Portal
- type: Support
url: https://support.recordedfuture.com/hc/en-us
- type: Documentation
url: https://support.recordedfuture.com/hc/en-us
- type: Blog
url: https://www.recordedfuture.com/blog
- type: News
url: https://therecord.media/
title: The Record by Recorded Future
- type: CyberDaily
url: https://www.recordedfuture.com/products/cyber-daily
- type: ContactSales
url: https://www.recordedfuture.com/contact
- type: Careers
url: https://www.recordedfuture.com/careers
- type: Partners
url: https://www.recordedfuture.com/partners
- type: PrivacyPolicy
url: https://www.recordedfuture.com/legal/privacy-policy
- type: TermsOfService
url: https://www.recordedfuture.com/legal/terms-of-service
- type: Features
data:
- name: Intelligence Cloud
description: Unified intelligence platform delivering prioritized, organization-specific intelligence
- name: Intelligence Graph
description: Core graph data structure indexing and analyzing 1M+ open-web, dark-web, technical, and telemetry sources
- name: Threat Intelligence
description: Tactical, operational, and strategic threat intelligence on actors, malware, TTPs, and indicators
- name: Brand Intelligence
description: Detection of brand impersonation, typosquatting, and digital risk to corporate brands
- name: Identity Intelligence
description: Monitoring of leaked credentials, identity exposures, and credential compromise events
- name: SecOps Intelligence
description: Intelligence purpose-built for SOC workflows, alerting, and triage
- name: Vulnerability Intelligence
description: Vulnerability risk scoring, exploit chatter, and prioritization for patching decisions
- name: Attack Surface Intelligence
description: Continuous discovery and monitoring of external-facing assets and exposures
- name: Payment Fraud Intelligence
description: Intelligence on stolen cards, fraud actors, and dark-web payment fraud markets
- name: Geopolitical Intelligence
description: Geopolitical and physical security intelligence for global operations
- name: AI Analyst
description: Generative AI assistant that summarizes intelligence and accelerates analyst workflows
- name: Cyber Daily
description: Daily curated digest of the global threat landscape
- name: Insikt Group
description: In-house intelligence research and analyst team producing finished intelligence
- type: UseCases
data:
- name: SOC Alert Triage
description: Enrich SIEM and SOAR alerts with risk scores and entity context from the Intelligence Cloud
- name: Vulnerability Management
description: Prioritize CVE remediation using real-world exploit and threat-actor activity
- name: Brand Protection
description: Detect and respond to brand impersonation, typosquatting, and phishing infrastructure
- name: Identity and Credential Monitoring
description: Detect leaked credentials and identity exposures for employees and customers
- name: Third-Party Risk
description: Monitor third-party and supply-chain partners for threat exposure
- name: Geopolitical Risk
description: Track geopolitical events affecting people, facilities, and operations
- type: Integrations
data:
- name: SIEM
description: Out-of-the-box integrations with Splunk, Microsoft Sentinel, Google Chronicle, IBM QRadar, and others
- name: SOAR
description: Playbook content and integrations for Cortex XSOAR, Splunk SOAR, Tines, Torq, and similar platforms
- name: TIP
description: Integrations with ThreatConnect, Anomali, and other Threat Intelligence Platforms
- name: Firewalls and Proxies
description: IOC feeds and blocklists for next-gen firewalls and secure web gateways
- name: Endpoint and EDR
description: Enrichment integrations with CrowdStrike, Microsoft Defender, SentinelOne, and others
- name: Browser Extension
description: Recorded Future browser extension surfaces intelligence in any web-based security tool
maintainers:
- FN: Kin Lane
email: [email protected]
