Posts
A post (Note) is a comment in one of your ThreatConnect owners. When creating posts using the v3 API, you can link them to Groups, Indicators, Tags, and Victims.
Endpoint: {baseUrl}/api/v3/posts
Endpoint Options
Available Request Body Fields
Send the following request to retrieve a list of available request body fields, including each field’s name, description, and accepted data type, that you can use in a POST or PUT request to the /v3/posts endpoint:
Request
OPTIONS /v3/posts
Hint
To include read-only fields in the API response, use the show query parameter and assign it a value of readonly.
Include Additional Fields in Responses
When creating, retrieving, or updating data, you can use the fields query parameter to include additional fields in the API response that are not included by default.
Send the following request to retrieve a list of fields you can include in responses returned from the /v3/posts endpoint:
OPTIONS /v3/posts/fields
Filter Results With TQL
When retrieving data, you can use the tql query parameter to filter results with ThreatConnect Query Language (TQL).
Send the following request to retrieve a list of valid TQL parameters you can assign to the tql query parameter when using it in a request to the /v3/posts endpoint:
Request
OPTIONS /v3/posts/tql
Schemas
Request Body (POST)
Posts
The following is the request body schema for a POST request to the /v3/posts endpoint:
objectId: <Integer> REQUIRED The ID number of the object to add the post to.objectType: <String> REQUIRED The type of object to add the post to. (Acceptable values: Group, Indicator, Tag, Victim)text: <String> REQUIRED The contents of the post.
Example
{
"objectId" : 0,
"objectType": "<string>",
"text": "<string>"
}
Post Replies
The following is the request body schema for a POST request to the /v3/posts/reply endpoint:
id: <Integer> REQUIRED The ID number of the post to add the reply to.objectId: <Integer> REQUIRED The ID number of the object to add the reply to.objectType: <String> REQUIRED The type of object to add the reply to. (Acceptable values: Group, Indicator, Tag, Victim)replies: <Array of Objects> REQUIRED The replies to add to the specified post.text: <String> REQUIRED The contents of the reply.
Example
{
"id": 0,
"objectId" : 0,
"objectType": "<string>",
"replies": [
{
"text": "<string>"
}
]
}
Request Body (DELETE)
Posts
The following is the request body schema for a DELETE request to the /v3/posts endpoint:
id: <Integer> REQUIRED The ID number of the post to delete.
Example
{
"id" : 0
}
Post Replies
The following is the request body schema for a DELETE request to the /v3/posts/reply endpoint:
id: <Integer> REQUIRED The ID number of the post that contains the reply to delete.replies: <Array of Objects> REQUIRED The details of the reply to delete.sequenceId: <String> REQUIRED The sequence ID number of the reply to delete.
Example
{
"id": 0,
"replies": [
{
"sequenceId": "<string>"
}
]
}
Response Body
The default response returned for successful GET and POST requests to the /v3/posts or /v3/posts/reply endpoint may include one or more objects with the following fields:
id: <Integer> The post’s ID number.author: <Object> The user who created the post. The amount of data returned for this field depends on where the author’s user account exists and the settings configured for the owner where the post was created.id: <Integer> The ID number of the user who created the post.userName: <String> The username of the user who created the post.firstName: <String> The first name of the user who created the post.lastName: <String> The last name of the user who created the post.pseudonym: <String> The pseudonym of the user who created the post.owner: <String> The Organization that the user who created the post belongs to.
authorType: <String> Indicates how the user who created the post will be identified when viewing the post in ThreatConnect and whether the user can delete the post. (Possible values: full, restricted, pseudonym)dateAdded: <DateTime> The date and time the post was created (ISO 8601).text: <String> The contents of the post.linkedItems: <Array of Objects> The objects that the post is linked to.id: <Integer> The type and ID combination of the object that the post is added to (e.g., B12345). Possible type identifiers include B (Group), I (Indicator), T (Tag), and V (Victim).type: <String> The object’s type (e.g., Adversary).display: <String> The object’s name/summary.owner: <String> The object’s owner.
linkedText: <String> The contents of the post with embedded hyperlinks, including links to objects that were added using the ADD LINK… feature on the Posts screen or legacy Details screen. This field is included only when retrieving all posts added to a specific object.aboutLinkedText: <String> The URL of the object that the post is added to. This field is included only when retrieving all posts added to a specific object.linkedAuthor: <String> The URL of the Organization where the post was created and the URL of the author who created the post. This field is included only when retrieving all posts added to a specific object.deleteAvailable: <Boolean> Specifies whether your API user account can delete the post.replies: <Array of Objects> The replies added to the post. This field is included only for posts that have one or more replies.sequenceId: <String> Indicates the reply’s position in the thread of replies.author: <Object> The user who created the reply. The amount of data returned for this field depends on where the author’s user account exists and the settings configured for the owner where the post was created.id: <Integer> The ID number of the user who created the reply.userName: <String> The username of the user who created the reply.firstName: <String> The first name of the user who created the reply.lastName: <String> The last name of the user who created the reply.pseudonym: <String> The pseudonym of the user who created the reply.owner: <String> The Organization that the user who created the reply belongs to.
authorType: <String> The author’s permission level for posts.text: <String> The contents of the reply.deleteAvailable: <Boolean> Specifies whether your API user account can delete the reply.
Example
{
"id": 0,
"author": {
"id": 0,
"userName": "<string>",
"firstName": "<string>",
"lastName": "<string>",
"pseudonym": "<string>",
"owner": "<string>"
},
"authorType": "<string>",
"dateAdded": "<datetime>",
"text": "<string>",
"linkedItems": [
{
"id": "<string>",
"type": "<string>",
"display": "<string>",
"owner": "<string>"
}
],
"linkedText": "<string>",
"aboutLinkedText": "<string>",
"linkedAuthor": "<string>",
"deleteAvailable": true,
"replies": [
{
"sequenceId": "<string>",
"author": {
"id": 0,
"userName": "<string>",
"firstName": "<string>",
"lastName": "<string>",
"pseudonym": "<string>",
"owner": "<string>"
},
"authorType": "<string>",
"text": "<string>",
"deleteAvailable": true
}
]
}
Retrieve Posts
Requirements
To retrieve posts in an Organization, your API user account can have any Organization role.
To retrieve posts in a Community or Source, your API user account can have any Community role except Banned for that Community or Source.
Retrieve All Posts for a Specific Object
GET /v3/posts?objectId={id}&objectType={type}
Retrieve details about all posts added to the specified object.
Query Parameters
The following table outlines the query parameters that may be used when sending a GET request to the /v3/posts endpoint.
Parameter |
Description |
Data Type |
Default Value |
Required? |
|---|---|---|---|---|
|
The ID number of the object to retrieve posts for. |
Integer |
N/A |
Required |
|
The type of object to retrieve posts for.
Acceptable values: Group, Indicator, Organization
|
String |
N/A |
Required |
|
Specifies whether to return a count of items in the API response. |
Boolean |
false |
Optional |
|
Returns additional fields in the API response based on one or more specified values. |
String |
N/A |
Optional |
|
The maximum number of objects to include each result set within the API response. |
Integer |
100 |
Optional |
|
The starting index of the result set within the API response. |
Integer |
0 |
Optional |
|
The order and field by which to sort results in the API response. |
String |
N/A |
Optional |
|
Filters results based on the provided TQL query. |
String |
N/A |
Optional |
Example Request
Note
You must include the required authentication headers for the method you are using to authenticate your API request.
Request
GET /v3/posts?objectId=12345&objectType=Group
Response
{
"data": [
{
"id": 1,
"author": {
"id": 3,
"userName": "11112222333344445555",
"firstName": "John",
"lastName": "Smith",
"pseudonym": "jsmithAPI",
"owner": "Demo Organization"
},
"authorType": "full",
"dateAdded": "2026-01-10T20:56:55Z",
"text": "Post about Bad Guy",
"linkedItems": [
{
"id": "B12345",
"type": "Adversary",
"display": "Bad Guy",
"owner": "Demo Organization"
}
],
"linkedText": "Post generated using the v3 API",
"aboutLinkedText": "<a href=\"https://app.threatconnect.com/#/details/groups/12345\">Bad Guy</a>",
"linkedAuthor": "<a href=\"https://app.threatconnect.com/auth/profile/organization.xhtml?name=Demo+Organization\" >Demo Organization</a> / <a href=\"https://app.threatconnect.com/auth/profile/user.xhtml?id=3\" >John Smith</a>",
"deleteAvailable": true,
"replies": [
{
"sequenceId": "1.1",
"author": {
"id": 3,
"userName": "11112222333344445555",
"firstName": "John",
"lastName": "Smith",
"pseudonym": "jsmithAPI",
"owner": "Demo Organization"
},
"authorType": "full",
"text": "Reply to post about Bad Guy",
"deleteAvailable": true
}
]
},
{
"id": 2,
"author": {
"id": 3,
"userName": "11112222333344445555",
"firstName": "John",
"lastName": "Smith",
"pseudonym": "jsmithAPI",
"owner": "Demo Organization"
},
"authorType": "full",
"dateAdded": "2026-01-11T16:54:55Z",
"text": "Another post about Bad Guy",
"linkedItems": [
{
"id": "B12345",
"type": "Adversary",
"display": "Bad Guy",
"owner": "Demo Organization"
}
],
"linkedText": "Another post about Bad Guy",
"aboutLinkedText": "<a href=\"https://app.threatconnect.com/#/details/groups/12345\">Bad Guy</a>",
"linkedAuthor": "<a href=\"https://app.threatconnect.com/auth/profile/organization.xhtml?name=Demo+Organization\" >Demo Organization</a> / <a href=\"https://app.threatconnect.com/auth/profile/user.xhtml?id=3\" >John Smith</a>",
"deleteAvailable": true
}
],
"status": "Success"
}
To filter posts by their contents, use the tql query parameter as follows:
Request (Decoded URL)
GET /v3/posts?objectId=12345&objectType=Group&tql=text contains "test"
Request (Encoded URL)
GET /v3/posts?objectId=12345&objectType=Group&tql=text%20contains%20%22test%22
This request will retrieve all posts added to the Group whose ID is 12345 that meet one of the following conditions:
The post contains the text “test”
The post has a reply that contains the text “test”
Retrieve a Specific Post
GET /v3/posts/{id}
Retrieve details about a specific post.
Query Parameters
The following table outlines the query parameters that may be used when sending a GET request to the /v3/posts/{id} endpoint.
Parameter |
Description |
Data Type |
Default Value |
Required? |
|---|---|---|---|---|
|
Returns additional fields in the API response based on one or more specified values. |
String |
N/A |
Optional |
Example Request
Note
You must include the required authentication headers for the method you are using to authenticate your API request.
Request
GET /v3/posts/2
Response
{
"data": {
"id": 2,
"author": {
"id": 3,
"userName": "11112222333344445555",
"firstName": "John",
"lastName": "Smith",
"pseudonym": "jsmithAPI",
"owner": "Demo Organization"
},
"authorType": "full",
"dateAdded": "2026-01-11T16:54:55Z",
"text": "Another post about Bad Guy",
"linkedItems": [
{
"id": "B12345",
"type": "Adversary",
"display": "Bad Guy",
"owner": "Demo Organization"
}
],
"deleteAvailable": true
},
"status": "Success"
}
Create Posts
POST /v3/posts
Create a post and add it to a specific object.
Requirements
To create posts in an Organization, your API user account must have an Organization role of Organization Administrator.
To create posts in a Community or Source, your API user account must have a Community role of Editor or Director for that Community or Source.
Query Parameters
The following table outlines the query parameters that may be used when sending a POST request to the /v3/posts endpoint.
Parameter |
Description |
Data Type |
Default Value |
Required? |
|---|---|---|---|---|
|
Specifies whether to create an activity log for the requested action. |
Boolean |
false |
Optional |
|
Returns additional fields in the API response based on one or more specified values. |
String |
N/A |
Optional |
Example Request
Note
In addition to the required Content-Type header, you must include the required authentication headers for the method you are using to authenticate your API request.
Request
POST /v3/posts
Content-Type: application/json
{
"text": "A third post about Bad Guy",
"objectType": "Group",
"objectId" : 12345
}
Response
{
"data": {
"id": 30,
"owner": "Demo Organization",
"ownerId": 1,
"name": "Indicator-Address-IPv6",
"description": "1 fixed, 1 variable",
"active": true,
"managed": false
},
"message": "Created",
"status": "Success"
}
Create Post Replies
POST /v3/posts/reply
Create a reply to a specific post.
Requirements
To create post replies in an Organization, your API user account must have an Organization role of Organization Administrator.
To create post replies in a Community or Source, your API user account must have a Community role of Editor or Director for that Community or Source.
Query Parameters
The following table outlines the query parameters that may be used when sending a POST request to the /v3/posts/reply endpoint.
Parameter |
Description |
Data Type |
Default Value |
Required? |
|---|---|---|---|---|
|
Specifies whether to create an activity log for the requested action. |
Boolean |
false |
Optional |
Example Request
Note
In addition to the required Content-Type header, you must include the required authentication headers for the method you are using to authenticate your API request.
Request
POST /v3/posts/reply
Content-Type: application/json
{
"id": 1,
"objectType": "Group",
"objectId" : 12345,
"replies": [
{
"text": "Reply to post about Bad Guy"
}
]
}
Response
{
"data": {
"id": 1,
"author": {
"id": 3,
"userName": "11112222333344445555",
"firstName": "John",
"lastName": "Smith",
"pseudonym": "jsmithAPI",
"owner": "Demo Organization"
},
"authorType": "full",
"dateAdded": "2026-01-10T20:56:55Z",
"text": "Post generated using the v3 API",
"linkedItems": [
{
"id": "B12345",
"type": "Adversary",
"display": "Bad Guy",
"owner": "Demo Organization"
}
],
"deleteAvailable": true,
"replies": [
{
"sequenceId": "1.1",
"author": {
"id": 3,
"userName": "11112222333344445555",
"firstName": "John",
"lastName": "Smith",
"pseudonym": "jsmithAPI",
"owner": "Demo Organization"
},
"authorType": "full",
"text": "Reply to post about Bad Guy",
"deleteAvailable": true
}
]
},
"message": "Created",
"status": "Success"
}
Delete Posts
DELETE /v3/posts
Delete a specific post.
Requirements
To delete posts in an Organization, your API user account must have an Organization role of Organization Administrator.
To delete posts in a Community or Source, your API user account must have a Community role of Editor or Director for that Community or Source.
Query Parameters
The following table outlines the query parameters that may be used when sending a DELETE request to the /v3/posts endpoint.
Parameter |
Description |
Data Type |
Default Value |
Required? |
|---|---|---|---|---|
|
Specifies whether to create an activity log for the requested action. |
Boolean |
false |
Optional |
Example Request
Note
In addition to the required Content-Type header, you must include the required authentication headers for the method you are using to authenticate your API request.
Request
DELETE /v3/posts
Content-Type: application/json
{
"id": 3
}
Response
{
"message": "Deleted",
"status": "Success"
}
Delete Post Replies
DELETE /v3/posts/reply
Delete a specific post reply.
Requirements
To delete post replies in an Organization, your API user account must have an Organization role of Organization Administrator.
To delete post replies in a Community or Source, your API user account must have a Community role of Editor or Director for that Community or Source.
Query Parameters
The following table outlines the query parameters that may be used when sending a DELETE request to the /v3/posts/reply endpoint.
Parameter |
Description |
Data Type |
Default Value |
Required? |
|---|---|---|---|---|
|
Specifies whether to create an activity log for the requested action. |
Boolean |
false |
Optional |
Example Request
Note
In addition to the required Content-Type header, you must include the required authentication headers for the method you are using to authenticate your API request.
Request
DELETE /v3/posts/reply
Content-Type: application/json
{
"id": 1,
"replies": [
{
"sequenceId": "1.1"
}
]
}
Response
{
"message": "Deleted",
"status": "Success"
}