API Access

Full Cypher access. Any query. Any depth.

Send any Cypher query against the Whisper graph and get structured JSON back in single-digit milliseconds. Parameterized inputs, full schema introspection, and built-in procedures for time-travel and threat scoring — everything you need to build infrastructure intelligence into your own code.

Get a free API key
POST /api/queryMATCH(h:HOSTNAME) -[:RESOLVES_TO]-> (ip:IPV4) -[:BELONGS_TO]-> (p:PREFIX)RETURN h, ip, phostipprefixRESOLVES_TOBELONGS_TO200 OK· 2ms{"rows":[{"ip":"1.1..."}],"ms":2}< 3msanchored query latencyCypherfull graph languageRESTno SDK requiredBuilt-in proceduresCALL whisper.history()CALL explain()CALL db.schema()

When to use the API

Build custom enrichment pipelines, automate investigations, pipe infrastructure intelligence into a SIEM or data warehouse, or wire Whisper into your own application. The API is the right call any time you need full Cypher in your own code — no proxy, no SDK, no shortcuts on the schema.

Read the Cypher guide

Three steps to your first query

No SDK install, no client setup. Authentication is a bearer token.

1

Get an API key

Sign up at console.whisper.security. Free tier includes anonymous + authenticated requests against the live graph.

2

Send Cypher over HTTPS

POST your query (with parameters) to /api/query. Standard JSON body. Any HTTP client works — curl, Python requests, Node fetch, Go, Rust.

3

Use the structured response

Get back columns, rows, and execution stats. Pipe to your SIEM, feed an LLM, store in a warehouse, or render in your own UI.

A real query

Send Cypher. Get JSON.

Below is a real, verified hosting-chain traversal against the live graph. Multi-hop pattern matching, structured JSON response, 2ms server-side.

Request
POST https://graph.whisper.security/api/query
Authorization: Bearer sk_live_...
Content-Type: application/json

{
  "query": "MATCH (h:HOSTNAME { name: $host })
    -[:RESOLVES_TO]->(ip:IPV4)
    -[:BELONGS_TO]->(p:PREFIX)
    <-[:ROUTES]-(a:ASN)
    -[:HAS_NAME]->(n:ASN_NAME)
    RETURN h.name AS host, ip.name AS ip,
      p.name AS prefix, a.name AS asn,
      n.name AS asn_name",
  "params": { "host": "www.cloudflare.com" }
}
200 OK· 2ms
{
  "columns": ["host", "ip", "prefix", "asn", "asn_name"],
  "rows": [
    {
      "host": "www.cloudflare.com",
      "ip": "104.16.123.96",
      "prefix": "104.16.112.0/20",
      "asn": "AS13335",
      "asn_name": "CLOUDFLARENET - Cloudflare, Inc."
    }
  ],
  "statistics": { "rowCount": 2, "executionTimeMs": 2 }
}

Full Cypher queries

Traversals, pattern matching, aggregations, path finding — the whole graph.

  • Multi-hop pattern matching
  • shortestPath procedures
  • COUNT subqueries and pattern comprehensions
Cypher reference

Parameterized inputs

Pass variables safely. No string concatenation, no injection risk.

  • Build reusable query templates
  • Bind lists and primitives
  • Tier-based rate limiting per key
Best practices

Built-in procedures

Whisper-specific superpowers on top of standard Cypher.

  • whisper.history() for time-travel queries
  • CALL explain() for threat scoring with evidence
  • CALL db.schema() for introspection
Function reference

Prefer a visual interface?

The Whisper Console lets you explore the graph interactively — search domains, run queries with syntax highlighting, visualize relationships, and export results. Same data, visual experience.

See the Console →

Start querying the graph

Get your API key and send your first Cypher query in under a minute.

Get a free API keyAPI documentationTalk to us