Web Risk API

Web Risk API

Using the Google Web Risk API in JavaScript

If you are looking for a way to protect your website or application from various security threats, you might want to consider using the Google Web Risk API. This API allows you to check URLs against various threat databases and receive threat information in real-time. In this article, we will guide you through the process of using the Google Web Risk API in JavaScript.


Before you start using the Google Web Risk API, you must have a valid Google Cloud Platform (GCP) project and billing account. You will also need to enable the Web Risk API in your project and obtain an API key. More details on these steps can be found here.

Getting started

To start using the Google Web Risk API in JavaScript, you will need to install the Node.js client library. You can install this library using npm:

npm install --save @google-cloud/web-risk

Once you have installed the library, you can start using the API. Here’s an example code snippet that demonstrates how to check a URL against the Google Web Risk API:

const { WebRiskServiceClient } = require('@google-cloud/web-risk');

async function checkUrl(url) {
    const client = new WebRiskServiceClient();

    const [response] = await client.computeThreatListDiff({
        threatType: 'MALWARE',
        versionToken: '',
        constraints: {
            supportedCompressions: ['COMPRESSION_TYPE_UNSPECIFIED'],
        additions: [
                rawHashes: {
                    sha256: 'hash_of_url',

    if (response.matches.length > 0) {
        console.log('URL is malicious');
    } else {
        console.log('URL is safe');

In this code snippet, we first import the WebRiskServiceClient from the @google-cloud/web-risk package. We then define an asynchronous function called checkUrl that takes a URL as an argument.

Inside the function, we create a new instance of the WebRiskServiceClient using the default options. We then call the computeThreatListDiff method of the client and pass in the necessary parameters. In this case, we are checking for malware threats and providing a hash of the URL we want to check.

The computeThreatListDiff method returns a response object that contains a matches field. This field is an array that contains information about any threats that were detected for the URL.

We then check the length of the matches array to determine whether the URL is safe or malicious.


In this article, we have shown you how to use the Google Web Risk API in JavaScript. We hope that this article will help you to better protect your website or application from various security threats. If you have any questions or comments, please feel free to leave them below.