Page tree


BloxOne Threat Defense Cloud uses Swagger to publish and deliver its APIs. For a list of available APIs, first log in to the Cloud Services Portal, and then click the following link: Note that you won’t be able to access the API page if you are not already logged in to the portal.

Below is a list of currently supported calls along with their descriptions.

BloxOne FW API (BloxOne Threat Defense Cloud)



Detailed information for the ATCFW API can be viewed on at

BloxOne Threat Defense Cloud is an extension of the BloxOne Suite that provides visibility into infected and compromised off-premises devices, roaming users, remote sites, and branch offices. You can subscribe to Infoblox BloxOne Threat Defense Cloud and use its functionality to mitigate and control malware as well as provide unprecedented insight into your network security posture and enable timely action. BloxOne  Cloud also offers unified policy management, reporting, and threat analytics across the entire spectrum. Using automated and high-quality threat intelligence feeds and unique behavioral analytics, it automatically stops device communications with C&Cs/botnets and prevents DNS based data exfiltration.

The mission-critical DNS infrastructure can become a vulnerable component in your network when it is inadequately protected by traditional security solutions and consequently used as an attack surface. Compromised DNS services can result in catastrophic network and system failures. To fully protect your network in today’s cyber security threat environment, Infoblox sets a new DNS security standard by offering scalable, enterprise-grade, and integrated protection for your DNS infrastructure.

Through the Infoblox Cloud Services Portal, you can view the status of your subscription and threat intelligence feeds, manage your network scope and roaming end users, and learn more about threats on your networks through the Infoblox Threat Lookup tool and predefined reports.



GET/access_codesList Access Codes
POST/access_codesCreate Access Codes
DELETE/access_codes/{access_key}Delete Access Codes
GET/access_codes/{access_key}Read Access Codes
PUT/access_codes/{payload.access_key}Update Access Codes


GET/category_filtersList Category Filters
POST/category_filtersCreate Category Filters
DELETE/category_filtersDelete Category Filters
GET/category_filters/{id}Read Category Filter
PUT/category_filters/{id}Update Category Filter


GET/cert_download_urlsGet Proxy Certificates


GET/content_categoriesList Content Categories


GET/custom_redirectsList Custom Redirects
POST/custom_redirectsCreate Custom Redirect
DELETE/custom_redirectsDelete Custom Redirect
GET/custom_redirects/{id}Read Custom Redirect
PUT/custom_redirects/{id}Update Custom Redirect


GET/internal_domain_listsList Internal Domains
POST/internal_domain_listsCreate Internal Domains
DELETE/internal_domain_listsDelete Internal Domains
GET/internal_domain_lists/{id}Read Internal Domains
PUT/internal_domain_lists/{id}Update Internal Domains


GET/lookalike_targetsList Lookalike Target Domains
PUT/lookalike_targetsUpdate Lookalike Target Domains


GET/named_listsList Named Lists
POST/named_listsCreate Named Lists
DELETE/named_listsDelete Named Lists
GET/named_lists/{id}Read Named Lists
PUT/named_lists/{id}Update Named Lists


POST/named_lists/{id}/itemsInsert Named List Items
DELETE/named_lists/{id}/itemsDelete Named List Items


GETnetwork_listsList Network Lists
POSTnetwork_listsCreate Network Lists
DELETEnetwork_listsDelete Network Lists
GET/network_lists/{id}Read Network Lists
PUT/network_lists/{id}Update Network Lists


GET/redirect_pageRead Redirect Page
PUT/redirect_pageUpdate Redirect Page


GET/security_policiesList Security Policies
POST/security_policiesCreate Security Policies
DELETE/security_policiesDelete Security Policies
GET/security_policies/{id}Read Security Policies
PUT/security_policies/{id}Update Security Policies


GET/security_policy_rulesSecurity Policy Rules


GET/threat_feedsList Threat Feeds

BloxOne Cloud EP API (BloxOne Endpoint)



Detailed information for the ATCEP API can be viewed on at

Infoblox BloxOne Endpoint is a lightweight mobile agent that redirects DNS traffic from your remote devices to BloxOne Threat Defense Cloud. It allows you to apply applicable security policies to your roaming end users in remote sites and branch offices.

In order for end users to connect to Infoblox cloud services, you must download and install BloxOne Endpoint on their devices. The client enforces security policies that are applied to remote networks, regardless of where your end users are located, and to which networks they are connected. BloxOne Endpoint listens on port 53 of the device. If other software listens on the same port, DNS traffic cannot be redirected to BloxOne Threat Defense Cloud, and your device will not be protected by BloxOne Endpoint.

When you use BloxOne Endpoint, DNS queries are sent to BloxOne Threat Defense Cloud directly except for (1) queries that target the bypassed domains and (2) internal domains collected through the DHCP server. If you have internal domains that are served by your local DNS servers and you want to reach them without interruptions, you should consider adding them to the bypassed internal domains list so that DNS queries for these internal domains are sent to the local DNS servers instead of BloxOne Threat Defense Cloud.

BloxOne Endpoint supports dual-stack IPv4 and IPv6 DNS configurations, thereby protecting all devices regardless of their network environments. BloxOne Endpoint in a dual-stack environment is able to proxy IPv6 DNS queries and forward them to BloxOne Threat Defense Cloud over IPv4.


BloxOne Cloud DFP API (DNS Forwarding Policy)



Detailed information for the ATCDFP API can be viewed on at

BloxOne Threat Defense Cloud is a SaaS offering designed to provide protection to devices on and off-premises, including roaming, remote, and branch offices. It provides visibility into infected and compromised devices, prevents DNS-based data exfiltration, and automatically stops device communications with command-and-control servers (C&Cs) and botnets, in addition to providing recursive DNS services in the cloud. You can access the services by deploying the BloxOne Endpoint agent or the DNS forwarding proxy.

For remote office deployments, or in cases where installing an endpoint agent is not desirable or possible, you can use the DNS forwarding proxy. It is a software application that runs on bare-metal, VM infrastructures, or Infoblox NIOS appliances, and embeds the client IPs in DNS queries before forwarding them to BloxOne Threat Defense Cloud. The communications are encrypted and client visibility is maintained. The proxy also provides DNS resolution to local DNS zones when you configure local resolvers. Once you set up a DNS forwarding proxy, it becomes the main DNS server for your remote site. It will also cache responses to speed resolution of future queries.

By implementing the DNS forwarding proxy, you can rest assured that BloxOne Threat Defense Cloud effectively enforces DNS client-based security policies at your remote sites. On-premises devices that send DNS queries reveal their actual client IP addresses (instead of their NAT IP address), thus allowing BloxOne Threat Defense Cloud to apply the security policies applicable to the respective endpoints and identify infected clients.

BloxOne LAD API (BloxOne Lookalike Domains)



Detailed information for the ATCLAD API can be viewed on at

BloxOne LAD is an extension of the BloxOne Threat Defense Suite that provides lookalike domains detection. You can subscribe to BloxOne LAD and use its functionality to protect domains from spoofing threats.

BloxOne Anycast API



Detailed information for the ANYCAST API can be viewed on at 

Anycast capability enables HA (High Availability) configuration of BloxOne applications that run on equipment located on customer’s premises (on-prem hosts). Anycast supports DNS, as well as DNS-forwarding services.

Anycast-enabled application setups use multiple on-premises installations for one particular application type. Multiple application instances are configured to use the same endpoint address. Anycast capability is collocated with such application instance, monitoring the local application instance and advertising to the upstream router (a customer equipment) a per-instance, local route to the common application endpoint address, as long as the local application instance is available. Depending on the type of the upstream router, the customer may configure local route advertisement via either BGP (Boarder Gateway Protocol) or OSPF (Open Shortest Path First) routing protocols. Both protocols may be enabled as well. Multiple routes to the common application service address provide redundancy without the need to reconfigure application clients.

Should an application instance become unavailable, the local route advertisements stop, resulting in withdrawal of the route (in the upstream router) to the application instance that has gone out of service and ensuring that subsequent application requests thus get routed to the remaining available application instances.

  • Additional API Resources

    Listed below are  additional API resources.

  • No labels

This page has no comments.