Register a push API endpoint

Using this form, you can register a HTTP callback pointing to your own server. We will use this callback to immediately notify you when a domain is added or removed from CERT.PL Phishing Domain List.

Your application must conform to the input/output specification. Example web application implementations are provided within CERT-Polska / phishing-api project on GitHub.

Required headers

According to the abovementioned input/output specification, in order to pass the validation procedure, your endpoint must return the following headers in response to the HTTP OPTIONS request: 

X-PUSHAPI-CERT-PL: https://www.cert.pl/ostrzezenia_phishing
X-PUSHAPI-CERT-PL-UID: 388a9eaadfa03776d9e3b676ef3c519a

Signature validation key

Your secret JWT validation key is:

96d50ee27a03fa6f3e494691893d98f9

You are required to protect the validation key. Once it's leaked, you would have no way to determine whether calls to your HTTP endpoint are legitimate.

Do not close this page until you finish the registration process. The values may be re-generated if you reopen this form.

CERT Polska | Technical support: info@cert.pl (please add [Push API] in the mail subject).