Do I need an API key to use the ioc reputation API?

No. watchers.ioc-reputation is x402-native — there is no signup and no API key. Your client makes the call, receives a 402 with payment requirements, signs a USDC payment, and retries. Funds come from a wallet you control.

How much does the ioc reputation API cost?

$0.0500 USDC per call, charged per request. There are no monthly fees, seats, or minimums — you pay only for the calls you make.

Can I try the ioc reputation API for free first?

Yes. Add ?trial=1 (or the header X-2s-Trial: 1) to get a free real call per endpoint per hour, so you can verify the response shape before wiring payment.

Which networks and tokens are supported?

USDC on Base (via EIP-3009 transferWithAuthorization) or Solana (SPL transfer), using the open x402 payment protocol.

How do I call watchers.ioc-reputation from an AI agent or MCP host?

Use @2sio/sdk (TypeScript), 2sio (Python), or the @2sio/mcp server for any MCP host — each handles the probe → sign → retry loop for you. See the code samples on this page.

watchers.ioc-reputation

WATCHER: get a signed callback when an indicator of compromise (IP or domain) changes malicious status across threat feeds. Arm once, pay once. Pass ioc (an IP address or domain). Fires when the malicious verdict flips; bounded by maxFires/expiry. The status at arm time is baselined. Signed (verify offline) + retried; recoverable via watchers.status. Returns a watcherId.

price

$0.0500 USDC per call

method

POST/api/watchers/ioc-reputation

payment

x402 v2 · USDC on Base (EIP-3009) or Solana (SPL transfer)

auth

None. Sign the payment, retry with PAYMENT-SIGNATURE.

Overview

The ioc reputation API is a pay-per-call watchers endpoint built for AI agents and autonomous software. WATCHER: get a signed callback when an indicator of compromise (IP or domain) changes malicious status across threat feeds.

There is no signup and no API key. An agent (or any HTTP client) hits the endpoint, receives an x402 "402 Payment Required" challenge, signs a sub-cent USDC payment on Base or Solana, and retries — the data comes back on the paid request. That makes it a drop-in ioc reputation data source for an agent tool-use loop, an MCP host, or a backend that needs watchers data on demand without onboarding to yet another vendor portal.

Use cases

Give an AI agent live ioc reputation lookups as a tool, with no API key to provision or rotate — the agent pays per call from a wallet you fund.
Enrich records in a data pipeline with watchers data, paying only for the calls you actually make instead of a monthly seat.
Ground LLM answers in authoritative watchers data to cut hallucination, then optionally request a signed response for verifiability.
Prototype against the live ioc reputation API in minutes using the free trial call, then flip to per-call x402 payment for production with no code change.

Parameters

Name	Type	Description
`ioc`required	string	Indicator to watch: an IP address or domain. min 3 chars · max 255 chars
`callbackUrl`required	string	Signed event POSTed here (verify X-2s-Signature). Any http(s) URL. max 2048 chars · uri
`payload`	object	Arbitrary JSON echoed back in every callback.
`expiresInSeconds`	integer	Active window in seconds (default 30d, max 90d). min 60 · max 7776000
`maxFires`	integer	Stop after this many changes (default 10). min 1 · max 1000
`label`	string	Optional free-text tag. max 64 chars

Code samples

cURLbash

# 1. Probe the endpoint with no auth — receive 402 with PaymentRequirements
curl -sS -X POST 'https://2s.io/api/watchers/ioc-reputation' \
  -H 'Content-Type: application/json' \
  -d '{"ioc":"xxx","callbackUrl":"https://example.com","payload":{},"expiresInSeconds":60,"maxFires":1,"label":"example"}'

# 2. Sign the EIP-3009 transferWithAuthorization for the advertised price +
#    payTo from the 402 envelope, then retry with PAYMENT-SIGNATURE:
curl -sS -X POST 'https://2s.io/api/watchers/ioc-reputation' \
  -H 'Content-Type: application/json' \
  -H 'PAYMENT-SIGNATURE: <base64-json-payload>' \
  -d '{"ioc":"xxx","callbackUrl":"https://example.com","payload":{},"expiresInSeconds":60,"maxFires":1,"label":"example"}'

# Or just use the canonical runner — it handles the whole loop:
#   EVM_PRIVATE_KEY=0x... node --env-file=.env.local \
#     --experimental-strip-types scripts/x402-pay.ts \
#     'https://2s.io/api/watchers/ioc-reputation'

TypeScript / Node — @2sio/sdktypescript

import { TwoS } from '@2sio/sdk'

const client = new TwoS({
  privateKey: process.env.EVM_PRIVATE_KEY as `0x${string}`,
})

const result = await client.watchers.iocReputation({
  "ioc": "xxx",
  "callbackUrl": "https://example.com",
  "payload": {},
  "expiresInSeconds": 60,
  "maxFires": 1,
  "label": "example"
})

console.log('endpoint:', result.endpoint)
console.log('cost:', result.costUsd, 'USDC')
console.log('tx:', result.settlement?.txHash)
console.log('data:', result.data)

Python — 2siopython

import os
from twosio import TwoS

client = TwoS(private_key=os.environ["EVM_PRIVATE_KEY"])

result = client.watchers.ioc_reputation(ioc="xxx", callbackUrl="https://example.com", payload={}, expiresInSeconds=60, maxFires=1, label="example")

print("endpoint:", result.endpoint)
print("cost:", result.cost_usd, "USDC")
print("tx:", (result.settlement or {}).get("tx_hash"))
print("data:", result.data)

MCP — Claude Desktop / AgentKit / any MCP hostjson

// 1. Add @2sio/mcp to your MCP host config (Claude Desktop example below).
//    EVM_PRIVATE_KEY funds x402 payments per call.

// claude_desktop_config.json
{
  "mcpServers": {
    "2sio": {
      "command": "npx",
      "args": ["-y", "@2sio/mcp"],
      "env": { "EVM_PRIVATE_KEY": "0x..." }
    }
  }
}

// 2. Once the server is running, agents call this tool via standard MCP:

{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "tools/call",
  "params": {
    "name": "watchers.ioc-reputation",
    "arguments": {
      "ioc": "xxx",
      "callbackUrl": "https://example.com",
      "payload": {},
      "expiresInSeconds": 60,
      "maxFires": 1,
      "label": "example"
    }
  }
}

Response

Field	Type	Description
`ok`	boolean	one of: true
`items`	array
`total`	integer	Total matching rows upstream; null when unknown.
`source`	object

Example response datajson

{
  "ok": true,
  "items": [
    {}
  ],
  "total": 1,
  "source": {
    "provider": "example",
    "url": "example",
    "license": "example"
  }
}

FAQ

Do I need an API key to use the ioc reputation API?: No. watchers.ioc-reputation is x402-native — there is no signup and no API key. Your client makes the call, receives a 402 with payment requirements, signs a USDC payment, and retries. Funds come from a wallet you control.
How much does the ioc reputation API cost?: $0.0500 USDC per call, charged per request. There are no monthly fees, seats, or minimums — you pay only for the calls you make.
Can I try the ioc reputation API for free first?: Yes. Add ?trial=1 (or the header X-2s-Trial: 1) to get a free real call per endpoint per hour, so you can verify the response shape before wiring payment.
Which networks and tokens are supported?: USDC on Base (via EIP-3009 transferWithAuthorization) or Solana (SPL transfer), using the open x402 payment protocol.
How do I call watchers.ioc-reputation from an AI agent or MCP host?: Use @2sio/sdk (TypeScript), 2sio (Python), or the @2sio/mcp server for any MCP host — each handles the probe → sign → retry loop for you. See the code samples on this page.

Discovery

/api/directory — full catalog of every endpoint
/openapi.json — OpenAPI 3.1 spec (per-op x-payment-info, x402Payment security)
/.well-known/x402 — machine-readable service descriptor for x402-aware crawlers
/.well-known/mcp/server-card.json — MCP SEP-1649 server card
/llms.txt — plain-text manifest for LLM ingestion

Related: ioc reputation api · watchers ioc reputation api · ioc reputation api for ai agents · x402 watchers api · ioc reputation api no api key · pay per call ioc reputation api · watchers api