Facebook introduced ThreatExchange last month as a way for tech companies to share information about malware and other security threats, and the social network announced Friday that the application-programming-interface documentation for ThreatExchange, as well as the PHP and Python reference code, are now available on GitHub.
The first thing to understand about the design of ThreatExchange is that it’s a subset of APIs residing within the much larger set of Graph APIs used by third-party developers to programmatically interact with Facebook. Much like any other third-party developer, a ThreatExchange member starts by creating a Facebook platform application and then uses it to query or post threat data into ThreatExchange. Once Facebook grants access to a developer’s application, they interact with ThreatExchange by issuing RESTful API calls to the Facebook platform. This API based approach works well for our current members, all of whom are looking to integrate the data available via ThreatExchange into their existing security systems. ThreatExchange data doesn’t show up, or have any link, to the personal Facebook accounts of the application owners or people who use them.
Another core design component of ThreatExchange is that the data is modeled in what mathematicians and computer scientists commonly call a graph. This design — the same one Facebook uses to represent your Facebook account and connections between friends — lends itself very well to representing real-world interactions between threats like malware, bad domains and spammy URLs.
We will continue using this page to provide details about the design, functionality and new features of ThreatExchange. We are growing the platform slowly at this stage to ensure that it works well for all members, but our long-term goal is that organizations anywhere will be able to use these features of ThreatExchange to share threat information more easily, learn from each other’s discoveries and make everyone’s systems safer.