Getting Started
Feed URL format and license keys
Build a Cybora feed URL with the required license key and indicator type parameters.
Last updated: June 15, 2026
On this page
Cybora feed URLs are designed to be pasted into firewall configuration fields that expect a remote text list. The firewall performs an HTTPS request and receives a plain TXT response with one indicator per line.
Cybora does not use firewall-specific file formats. The same URL structure is used across supported firewall platforms; the firewall-specific part is where you paste the URL and how the firewall consumes the returned list.
Create your feed URL
Paste your license key, select the indicator category, and copy the generated URL into your firewall.
This generator runs only in your browser. The key is not stored by this page and is not sent to Cybora.
Base URL
The standard feed endpoint is:
https://api.cybora.io/feed?key=<LICENSE_KEY>&type=<INDICATOR_TYPE>The URL has three parts:
https://api.cybora.io/feedis the HTTPS endpoint that returns the TXT feed.keyauthorizes access to the feed subscription.typeselects the indicator category that should be returned.
Required GET parameters
| Parameter | Required | Example | Description |
|---|---|---|---|
key | Yes | ABCDE-12345-FGHIJ-67890-KLMNO | Your unique Cybora license key. Use the exact key issued for the firewall device, edge, or trial feed. |
type | Yes | ipv4 | The indicator category to return. Supported values are ipv4, domain, and url, depending on your plan. |
Cybora license keys are usually issued as five hyphen-separated blocks. Keep the hyphens when you paste the key into a feed URL or into the generator above.
The type value must match the indicator category you want the firewall to import:
ipv4returns IPv4 addresses.domainreturns domain indicators.urlreturns URL indicators.
For normal firewall integrations, no additional format parameter is required. Cybora returns a flat TXT feed by default.
Example URLs
IPv4 feed:
https://api.cybora.io/feed?key=ABCDE-12345-FGHIJ-67890-KLMNO&type=ipv4Domain feed:
https://api.cybora.io/feed?key=ABCDE-12345-FGHIJ-67890-KLMNO&type=domainURL feed:
https://api.cybora.io/feed?key=ABCDE-12345-FGHIJ-67890-KLMNO&type=urlTXT response format
The response body is plain text. There is no JSON wrapper, no nested structure, and no firewall-vendor-specific envelope. Each line contains one indicator.
Example IPv4 output:
203.0.113.10
198.51.100.24
192.0.2.4Example domain-style output:
malicious-example.test
scanner-control.test
phishing-host.testExample URL output:
https://malicious-example.test/login
http://scanner-control.test/payload
/wp-admin/setup-config.phpChoosing the indicator category
Choose the type value based on what your plan includes and what the firewall can enforce natively:
- Use
type=ipv4for firewall address objects, aliases, external dynamic lists, or blocklists. - Use
type=domainfor DNS-layer policy or firewall features that support domain objects. - Use
type=urlonly where the platform has URL-aware enforcement.
If a firewall only supports IP-based external lists, use an IPv4 feed even if your plan also includes domain or URL coverage. Domain and URL feeds should only be added to firewall features that can parse and enforce those indicator categories.
URL handling in firewalls
When you paste the feed URL into a firewall, use the full URL including the query string:
https://api.cybora.io/feed?key=<LICENSE_KEY>&type=ipv4Do not remove the ?key=...&type=... part. Without the key, Cybora cannot authorize the request. Without the type, the API cannot know which indicator category to return.
Most firewalls store the URL as a remote list source and poll it on a schedule. Set the polling interval according to your Cybora plan and the firewall vendor’s supported refresh settings. Polling more frequently than your plan allows does not produce fresher data and can trigger protection against excessive requests.
Key handling
Use a unique license key for the firewall edge or device that is allowed by your plan. Do not reuse one key across unrelated devices unless your commercial agreement explicitly allows it.
If a key is exposed, rotate it through support and update the firewall configuration with the new feed URL.