TCAP Submissions API

The Submissions API provides two endpoints for tech platforms to query our database and find out what contents our OSINT team have found on their platforms as well what alerts we have issued to them. Platforms can refine their queries to specify dates and specific terrorist groups.

Two endpoints

The Submissions API consists of two endpoints for tech platform TCAP users.

Content endpoint

The first returns a list of urls marked as terrorist content by Tech Against Terrorism:


Alerts endpoint

The second returns a list of alerts we have sent as well as information about the url associated with each alert:



In order to hit either endpoint you will need to be an on-boarded TCAP user associated with a tech platform. These endpoints sit inside the main TCAP backend so you will be able to access both with a standard TCAP JWT token.

To obtain a token make a request to the TCAP authentication endpoint with your username and password.


Your platform's content

When you send an authenticated request to either of these endpoints, the service will filter content or content alerts based on the tech platform associated with your email address. If your email address happens to be associated with more than one tech platform, it will return data associated with each platform. However, if you wish to refine the search, you can include a query parameter specifying the tech platform, for example:

?tech_platform=Platform C


?tech_platform=Platform C

Refining your request

You can further refine your requests to either endpoint by including the following query paramaters:

  • created_on : the date the URL was submitted to the TCAP.
  • terrorist_group: the terrorist group that is associated to the content.

Here are some example urls:


?terrorist_group=Terrorist Group A

Our Responses

Content API response

The content endpoint returns the following data on each url that satisfies your query:

  • created_on : Timestamp at which the URL was approved for submission to the TCAP

  • terrorist_group : Terrorist group associated with the content submitted to the TCAP

  • tech_platform : Platform where the content was collected from

  • tier : Tier of alert submitted for this URL (Threat To Life, Crisis, Designation, Promotional, Recommended)

  • md5_hash : MD5 hash encryption of the URL where the content was found

  • url_status : Online status of the URL (online or offline)

  • extreme_content : Whether the URL contains graphic and/or extreme content

  • pii : Whether the URL contains personally identifiable information (PII)

  • content_alert : Time/date when the tech platform was alerted for this URL

What is the md5 hash?

The MD5 hash is a cryptographic hash of the url associated with the content. In essence it is the unique identifier of that piece of content. We are sending it in this format for security purposes.

Content Alert API response

The content alert endpoint returns the following data on each successfully sent alert that satisfies your query:

  • content_item : all of the information from the Content API response above, nested

  • to : the email address the alert was sent to

  • alerted_date : the date the alert was sent