Articles on: Integrations

API Docs & Explorer

Selki API Explorer & Docs – Full Guide for All Users


Selki’s API Explorer is a powerful feature that allows you to interact with the platform's data programmatically using GraphQL — a flexible query language ideal for cybersecurity use cases. But don’t worry — you don’t need to be a developer to use it effectively. This article will walk you through what the API Explorer is, how it works, and how to run useful queries to unlock insights directly from your Selki data.


What Is the API Explorer?

The API Explorer is an interactive playground that lets you:

  • Browse the full Selki data schema
  • Write and test API queries
  • Pull real-time data from your organization’s Selki instance
  • Preview and debug results before integrating into other tools

You’ll find it under the Integrations tab → Launch API Explorer.

Think of it like your personal ChatGPT for Selki’s backend — but it only responds to questions about your threat data.


Key Concepts (Non-Technical Explanations)

Term

Meaning

API

A way for two systems to talk to each other. In this case, Selki is one system, and your tools or browser are the other.

GraphQL

A type of API that lets you ask for exactly the data you want — nothing more, nothing less.

Query

Like a question you're asking Selki's database.

Schema

A map or menu of all the types of data Selki has available.

Mutation

Not used often in Selki, but means changing or writing data (most users only need to read/query data).

Variables

Think of these like blanks you can fill in, e.g., “get me threats for domain = X


Navigating the Explorer

The screenshot you've provided shows the main view of the API Explorer, with:

  • Docs tab (left) – a full breakdown of all the data types and fields you can query. This is like a menu of Selki's internal data structure.
  • Query Editor (center) – where you type your queries and hit run.
  • Run Button (top right) – click this to execute your query and get data in real-time.
  • Tabs – run and compare multiple queries in separate tabs.
  • History – access previous queries to reuse or modify.


Your First Query (Non-Technical Example)

Let’s say you want to view all threats that are still open.

Here’s the query:

graphql
CopyEditquery GetOpenThreats {
  threats(where: {status: {equals: OPEN}}) {
    id
    category
    riskLevel
    url
    email
    username
    password
    family
    createdAt
  }
}

💡 What this does:

This query asks Selki for a list of open threats, and returns useful fields like:

  • id: unique reference for the threat
  • category: phishing, credential leak, etc.
  • riskLevel: severity rating (e.g., LOW, MEDIUM, HIGH)
  • url: where the threat was seen (phishing or dark web link)
  • email, username, password: leaked credentials if available
  • family: malware family if applicable (e.g., RedLine, Raccoon)
  • createdAt: when the threat was detected


Useful Queries You Can Try

1. Get All Recent Threats (Last 7 Days)

graphql
CopyEditquery GetRecentThreats {
  threats(where: {createdAt: {gte: "2025-08-01T00:00:00Z"}}) {
    id
    url
    username
    riskLevel
  }
}

This filters by date, showing only recent findings.


2. List All Phishing Campaigns

graphql
CopyEditquery ListPhishingCampaigns {
  phishingCampaigns {
    id
    name
    startDate
    endDate
    openRate
    clickRate
    reportRate
  }
}

This query gives you metrics on phishing simulation campaigns you’ve launched via Selki.


3. Check for Exposed Emails

graphql
CopyEditquery GetExposedEmails {
  threats(where: {email: {not: {equals: null}}}) {
    email
    url
    riskLevel
    createdAt
  }
}

Helps you see which email addresses were found exposed in infostealer logs or phishing kits.


4. Top Threat Families

graphql
CopyEditquery TopThreatFamilies {
  threats {
    family
  }
}

Use this with Excel or a BI tool to group and count which malware families are most active (RedLine, Raccoon, etc.).


Important Limitations

  • You can’t use this to ask general knowledge questions (e.g., “What’s the weather today?”)
  • The API only understands and responds to data stored in Selki
  • Every query consumes 1 credit from your monthly usage. If you run out, credits can be topped up or reset monthly


Tips for Power Users

  • Use the Schema browser (left side) to find out what’s available — just like looking through a restaurant menu
  • You can toggle the “Variables” tab to dynamically input values like email addresses or date ranges
  • Save your most-used queries for reuse in the History tab
  • Export query results into your own dashboards or security reports


Schema Overview (For Curious Users)

Some of the most useful schema types you’ll encounter:

  • Threat: Compromised credentials, phishing links, etc.
  • PhishingCampaign: Simulated phishing emails you’ve sent to your users
  • Notification: Alerts or system-level messages
  • Organization: Your company profile and settings

You don’t need to memorize these — just explore the Docs tab on the left and click through.


Troubleshooting & Help

If your query fails:

  • Check for missing brackets {} or typos in field names
  • Make sure you’re querying a valid field from the schema
  • Ensure your API key is active (under Integrations → API Key)


Still stuck? Contact Selki Support or ask your admin for help!


🚀 Ready to Explore?

Head to Integrations → Launch API Explorer and start experimenting with live data from your organization. With a few lines of code, you’ll unlock real-time insights that power faster decisions and better protection.

Updated on: 08/08/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!