Browse docs

Getting Started

Feed URL format and license keys

Build a Cybora feed URL with the required license key and indicator type parameters.

Last updated: June 15, 2026

On this page

Cybora feed URLs are designed to be pasted into firewall configuration fields that expect a remote text list. The firewall performs an HTTPS request and receives a plain TXT response with one indicator per line.

Cybora does not use firewall-specific file formats. The same URL structure is used across supported firewall platforms; the firewall-specific part is where you paste the URL and how the firewall consumes the returned list.

Create your feed URL

Paste your license key, select the indicator category, and copy the generated URL into your firewall.

Indicator category

This generator runs only in your browser. The key is not stored by this page and is not sent to Cybora.

Base URL

The standard feed endpoint is:

https://api.cybora.io/feed?key=<LICENSE_KEY>&type=<INDICATOR_TYPE>

The URL has three parts:

  • https://api.cybora.io/feed is the HTTPS endpoint that returns the TXT feed.
  • key authorizes access to the feed subscription.
  • type selects the indicator category that should be returned.

Required GET parameters

ParameterRequiredExampleDescription
keyYesABCDE-12345-FGHIJ-67890-KLMNOYour unique Cybora license key. Use the exact key issued for the firewall device, edge, or trial feed.
typeYesipv4The indicator category to return. Supported values are ipv4, domain, and url, depending on your plan.

Cybora license keys are usually issued as five hyphen-separated blocks. Keep the hyphens when you paste the key into a feed URL or into the generator above.

The type value must match the indicator category you want the firewall to import:

  • ipv4 returns IPv4 addresses.
  • domain returns domain indicators.
  • url returns URL indicators.

For normal firewall integrations, no additional format parameter is required. Cybora returns a flat TXT feed by default.

Example URLs

IPv4 feed:

https://api.cybora.io/feed?key=ABCDE-12345-FGHIJ-67890-KLMNO&type=ipv4

Domain feed:

https://api.cybora.io/feed?key=ABCDE-12345-FGHIJ-67890-KLMNO&type=domain

URL feed:

https://api.cybora.io/feed?key=ABCDE-12345-FGHIJ-67890-KLMNO&type=url

TXT response format

The response body is plain text. There is no JSON wrapper, no nested structure, and no firewall-vendor-specific envelope. Each line contains one indicator.

Example IPv4 output:

203.0.113.10
198.51.100.24
192.0.2.4

Example domain-style output:

malicious-example.test
scanner-control.test
phishing-host.test

Example URL output:

https://malicious-example.test/login
http://scanner-control.test/payload
/wp-admin/setup-config.php

Choosing the indicator category

Choose the type value based on what your plan includes and what the firewall can enforce natively:

  • Use type=ipv4 for firewall address objects, aliases, external dynamic lists, or blocklists.
  • Use type=domain for DNS-layer policy or firewall features that support domain objects.
  • Use type=url only where the platform has URL-aware enforcement.

If a firewall only supports IP-based external lists, use an IPv4 feed even if your plan also includes domain or URL coverage. Domain and URL feeds should only be added to firewall features that can parse and enforce those indicator categories.

URL handling in firewalls

When you paste the feed URL into a firewall, use the full URL including the query string:

https://api.cybora.io/feed?key=<LICENSE_KEY>&type=ipv4

Do not remove the ?key=...&type=... part. Without the key, Cybora cannot authorize the request. Without the type, the API cannot know which indicator category to return.

Most firewalls store the URL as a remote list source and poll it on a schedule. Set the polling interval according to your Cybora plan and the firewall vendor’s supported refresh settings. Polling more frequently than your plan allows does not produce fresher data and can trigger protection against excessive requests.

Key handling

Use a unique license key for the firewall edge or device that is allowed by your plan. Do not reuse one key across unrelated devices unless your commercial agreement explicitly allows it.

If a key is exposed, rotate it through support and update the firewall configuration with the new feed URL.