Safe Browsing API

Name: Safe Browsing API API
Brand: Safe Browsing API
Availability: InStock

✓ Official Vendor SpecSecurityThreat DetectionapiKey1 EndpointsREST

For Agents

Check whether URLs are flagged by Google Safe Browsing using the v5 hash-prefix lookup endpoint, with privacy-preserving partial-hash lookups.

Quickstart

Get started with Safe Browsing API in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"check url with safe browsing"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with Safe Browsing API API.

Check a URL hash prefix against Google's malware and phishing threat lists

Identify Safe Browsing threat types associated with returned full hashes

Operate the lookup with API key authentication suitable for backend services

Use partial hash lookups to avoid sending full URLs to the server

GET STARTED

Start building with Safe Browsing API API

Explore with Jentic

View OpenAPI Document

Use Cases

Patterns agents use Safe Browsing API API for, with concrete tasks.

★ Pre-delivery URL scanning for messaging platforms

A messaging service hashes every URL inside an inbound message and checks the prefix against Safe Browsing v5 before delivery. If the hash returns a matching threat, the service quarantines the message and notifies the sender. Hash-prefix lookups keep the full URL out of Google's view, supporting privacy-sensitive deployments.

Compute SHA-256 over each URL, take the 4-byte prefix, GET /v5/hashes:search with the prefix, and quarantine messages whose URLs return a matching threat.

User-generated content moderation

A content platform feeds every newly posted URL into Safe Browsing and removes posts whose URLs match malware or phishing lists. The hash-prefix model lets the platform check millions of URLs daily without revealing the underlying content to Google, and the v5 lookup is fast enough for inline use during post submission.

On each new post, compute the hash prefix for embedded URLs and call GET /v5/hashes:search; remove the post if any threat type is returned.

Crawler safety gate

A web crawler checks every fetch target against Safe Browsing before issuing the request, preventing the crawler from following links into known malware. The lookup happens once per host and is cached, so the crawl rate stays high while exposure to drive-by downloads is reduced.

Before each fetch, GET /v5/hashes:search with the URL hash prefix; skip the URL if the response includes any threatType.

Agent-driven URL safety checks through Jentic

An AI agent built on Jentic exposes URL safety as a tool: when asked to summarise a webpage, it first calls Safe Browsing through Jentic, refuses to fetch flagged URLs, and explains why. Jentic stores the API key in the vault and returns the matching operation by intent.

Search Jentic for 'check url with safe browsing', execute GET /v5/hashes:search with the URL hash prefix, refuse to summarise the page if any threat is returned.

Key Endpoints

1 endpoints — the google safe browsing api v5 lets client applications check whether urls and other web resources match google-curated lists of malware, phishing, and other unsafe content.

METHOD

PATH

DESCRIPTION

GET

/v5/hashes:search

Search hash prefixes against Safe Browsing threat lists

GET

/v5/hashes:search

Search hash prefixes against Safe Browsing threat lists

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

The Safe Browsing API key is stored encrypted in the Jentic vault. Agents call the endpoint via Jentic, and the key is appended to the request server-side; raw key material never enters the agent context.

Intent-based discovery

Agents search Jentic with intents like 'check url with safe browsing' and Jentic returns GET /v5/hashes:search with its full schema, so the agent calls the right endpoint without reading the developer guide.

Time to first call

Direct integration takes 1-2 days to implement canonicalization, hashing, and prefix-match logic correctly. Through Jentic the call is under 1 hour: search, load, execute with a precomputed hash prefix.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Alternative

Web Risk API

Commercial equivalent of Safe Browsing for products that sell or generate revenue.

Choose Web Risk for commercial use; choose Safe Browsing only for non-commercial deployments.

Complementary

reCAPTCHA Enterprise API

Adds bot and abuse detection alongside URL threat checks.

Use Safe Browsing for URL reputation; use reCAPTCHA Enterprise for bot scoring on form submissions.

Complementary

Web Security Scanner API

Scans your own apps for vulnerabilities rather than checking external URLs.

Use Web Security Scanner to test your application; use Safe Browsing to evaluate user-supplied URLs.

Complementary

Security Command Center API

Aggregates security findings across Google Cloud, including URL threat signals.

Use Security Command Center for organisation-wide findings; use Safe Browsing for inline URL checks.

FAQs

Specific to using Safe Browsing API API through Jentic.

What authentication does the Safe Browsing API use?

The v5 spec exposes a single GET /v5/hashes:search endpoint accessed with a Google API key passed via the standard key query parameter. Through Jentic, the API key is stored encrypted in the vault and injected into requests at execution time, so the agent never holds the raw key.

Can I check a URL for phishing with the Safe Browsing API?

Yes. Compute SHA-256 over the canonicalized URL, send a hash prefix on GET /v5/hashes:search, and inspect the response for matching full hashes and their threat types. SOCIAL_ENGINEERING in the threat type indicates phishing; MALWARE indicates a malicious binary or script.

What are the rate limits for the Safe Browsing API?

Google publishes a default quota of 10,000 queries per day per project for Safe Browsing v5, with a per-second cap of approximately 10 requests per second. Higher quotas are not generally granted because Safe Browsing is restricted to non-commercial use; commercial deployments should use the Web Risk API instead.

How do I check a URL through Jentic?

Search Jentic for 'check url with safe browsing', load the schema for GET /v5/hashes:search, compute the SHA-256 hash prefix client-side, and execute the call. Jentic returns the parsed response so the agent can inspect threatType values for each match.

Is the Safe Browsing API free?

Yes, but only for non-commercial use as defined in Google's terms. If you sell or generate revenue from the threat data, use Google's Web Risk API instead, which is the paid commercial equivalent and is also covered in this catalogue.

Why does Safe Browsing only send hash prefixes to the server?

The hash-prefix model preserves user privacy: the client sends a 4-byte prefix of the SHA-256 hash of the URL rather than the URL itself. The server returns matching full hashes for that prefix, and the client compares locally to determine whether the original URL is on the list — so Google never sees the full URLs being checked.