Python applications which accept URL inputs and/or pass URLs to client-side users need to check these links carefully for potential threats.

Compromised websites can initiate instant virus downloads onto a client device. They can also play host to phishing pages which closely approximate legitimate pages client-side users might expect to land on.

Scanning websites with the Virus Scan API

Employing Cloudmersive’s website threat scanning API (one of several API services available through the Virus Scan API) in a Python web application backend is a great way to check URLs for harmful content before making those links accessible.

This API will scan URL contents for malicious entities like viruses and known phishing sites, following links (including redirects) all the way to the end destination. This process safely abstracts the process of unpacking URL threats to an external sandbox, ensuring the application initiating the API call experiences zero risk.

Consuming a Cloudmersive API call in Python is exceptionally straightforward. The website threat scanning API can be implemented and called using pre-formatted, ready-to-run code examples provided on Cloudmersive’s API Console.

Below, we’ll walk through the process of consuming API calls with Python code examples sourced from the API Console page. We’ll include screenshots from an example code implementation to fully demystify the process.

Installing the Cloudmersive Virus API client

Installing Cloudmersive’s Virus API client in Python boils down to running a single pip command:

pip install cloudmersive-virus-api-client

This command gives us access to all the Virus API client libraries we need to consume API calls, including a custom exception package for detailed, graceful error handling.

Adding the Imports

Imports are structured to include the Virus API libraries we downloaded with our pip command, along with some additional resources we might need (or benefit from) in our Integrated Development Environment (IDE).

from __future__ import print_function
import time
import cloudmersive_virus_api_client
from cloudmersive_virus_api_client.rest import ApiException
from pprint import pprint

Importing the print_function is only relevant if we’re working in a Python 2 code base. The time import can help us delay actions while API requests occur, and the pprint library helps beautify our API response object when we print it to our terminal.

Using the client libraries to consume an API call

There’s no need to get familiar with the SDK or read through any cumbersome documentation – we’ve already formatted code examples to make consuming API calls easy. The below code configures API key authorization, instantiates the API, correctly asks for input, and consumes the API call within a try/except block:

# Configure API key authorization: Apikey
configuration = cloudmersive_virus_api_client.Configuration()
configuration.api_key['Apikey'] = 'YOUR_API_KEY'



# create an instance of the API class
api_instance = cloudmersive_virus_api_client.ScanApi(cloudmersive_virus_api_client.ApiClient(configuration))
input = cloudmersive_virus_api_client.WebsiteScanRequest() # WebsiteScanRequest | 

try:
    # Scan a website for malicious content and threats
    api_response = api_instance.scan_website(input)
    pprint(api_response)
except ApiException as e:
    print("Exception when calling ScanApi->scan_website: %s\n" % e)

To authorize our requests, we’ll replace the ’YOUR_API_KEY’ placeholder text with our actual API key string (if don’t have an API key yet, we can get a free one to try out the service with zero commitments (this allows up to 800 API calls per month). In the below example, we replace the placeholder text with an API key string stored as an attribute in a custom class.

To provide website URLs for scanning, we’ll simply pass our URL strings into the WebsiteScanRequest() method as shown in the below example.

Handling API Responses

If we run the current code exactly as it is (in this case scanning the Cloudmersive website home page), the API response object will print in our terminal like below:

In this case, the example code is using the pprint library to display the API response object in our terminal.

Alternatively, however, we can access attributes from the response object directly. In the below example, we print a conditional message to the terminal based on the scan result.

Conclusion

That’s all there is to it – we can now safely scan website URLs for threats in our Python application using pre-formatted, minimalist code examples.

The best part: we can now use any API on the Cloudmersive platform with the API key we acquired. There’s a huge number of turn-key API services available for our application now.

If you have any questions about implementing Cloudmersive APIs, please feel free to contact a member of our team.