Version 4.0
The following updates and new features are included in the Safe Browsing APIs (v4).
Lookup API (v4)
What's the same:
- The API still has clients directly query the Google Safe Browsing server and Safe Browsing lists.
What's different:
- The HTTP
GET
method is no longer supported. Use the HTTPPOST
method instead. - The
key
parameter is now the only parameter required in the HTTPPOST
request URL. - The HTTP
POST
request and response format have changed. Plain text is no longer supported. Use JSON instead.
Update API (v4)
What's the same:
- The API still has clients periodically update the SHA256 hash prefixes in the local database's lists.
- The API also has a similar request to retrieve the SHA256 full-length hashes when a client encounters a hash prefix collision.
What's different:
- The
key
parameter is now the only parameter required in the HTTPPOST
request URL. - The HTTP
POST
request and response format have changed. Plain text is no longer supported. Use JSON instead. - The way updates are encoded has changed. Instead of serving add and sub chunks, the API now serves diffs using a simple versioning protocol. The client sends its current state to the server along with the requested updates. The server responds with a new client state and a diff to get the client fully updated.
- To ensure minimal sacrifice of protection when accommodating client constraints, the API serves prioritized threat lists. Device resources, bandwidth, geolocation, and other signals are used to serve the highest priority threat data to each client.
threatLists.list Method
A new method, threatLists.list
, returns a list of the Safe Browsing lists currently
available for lookup or download.
Status Codes
The HTTP status codes generated by the server in response to an HTTP POST
request have changed.