---
title: Anomalies REST API
description: The Anomalies application programming interface (API) is used to fetch the list of anomalies.
component: pingintelligence
version: 5.2
page_id: pingintelligence:pingintelligence_reference_guide:pingintelligence_anomalies_rest_api
canonical_url: https://docs.pingidentity.com/pingintelligence/5.2/pingintelligence_reference_guide/pingintelligence_anomalies_rest_api.html
revdate: April 3, 2024
---

# Anomalies REST API

The Anomalies application programming interface (API) *(tooltip: \<div class="paragraph">
\<p>A specification of interactions available for building software to access an application or service.\</p>
\</div>)* is used to fetch the list of anomalies.

The response contains anomalies count for the API, request success or failure count, and so on.

`Method: GET`

`URL: /v4/abs/anomalies?later_date=<>earlier_date=<>&api=<api_name>`

|            | Header     | Value       |
| ---------- | ---------- | ----------- |
| Access Key | `x-abs-ak` | *\<string>* |
| Secret Key | `x-abs-sk` | *\<string>* |

Sample Response:

```json
{
 "company": "ping identity",
 "name": "api_anomalies",
 "description": "This report contains information on anomalous activity
  on the specified API.",
 "earlier_date": "Sun Jan 12 18:00:00:000 2018",
 "later_date": "Tue Jan 14 18:00:00:000 2018",
 "api_name": "shop",
 "anomalies_summary": {
 "api_url": "shopapi",
 "total_anomalies": 14,
 "most_suspicious_ips": [],
 "most_suspicious_anomalies_urls": []
 },
 "anomalies_details": {
 "url_anomalies": {
 "suspicious_sessions": [],
 "suspicious_requests": []
 },
 "ioc_anomalies": [
 {
 "anomaly_type": "API Memory Attack Type 2",
 "cookies": [
 {
 "cookie": "AMAT_2_H",
 "access_time": [
 "Mon Jan 13 01:01:33:589 2018"
 ]
 },
 {
 "cookie": "AMAT_2_H",
 "access_time": [
 "Mon Jan 13 01:01:33:589 2018"
 ]
 }
 ]
 },
 {
 "anomaly_type": "Data Exfiltration Attack",
 "cookies": [
 {
 "cookie": "data_exfilteration_VH",
 "access_time": [
 "Mon Jan 13 04:54:49:222 2018"
 ]
 },
 {
 "cookie": "data_exfilteration_H",
 "access_time": [
 "Mon Jan 13 05:26:53:981 2018"
 ]
 }
 ]
 },
 {
 "anomaly_type": "Cookie DoS Attack",
 "cookies": [
 {
 "cookie": "data_exfilteration_VH",
 "access_time": [
 "Mon Jan 13 04:54:49:222 2018"
 ]
 },
 {
 "cookie": "AMAT_1_freq_VH",
 "access_time": [
 "Sun Jan 12 23:17:55:931 2018"
 ]
 },
 {
 "cookie": "data_exfilterationHH",
 "access_time": [
 "Mon Jan 13 05:39:18:515 2018"
 ]
 },
 {
 "cookie": "AMAT_2_VH",
 "access_time": [
 "Sun Jan 12 23:59:39:483 2018"
 ]
 }
 ]
 },
 {
 "anomaly_type": "Extreme Client Activity Attack",
 "cookies": [
 {
 "cookie": "data_exfilteration_VH",
 "access_time": [
 "Mon Jan 13 04:54:49:222 2018"
 ]
 },
 {
 "cookie": "AMAT_1_VH",
 "access_time": [
 "Sun Jan 12 23:17:55:931 2018"
 ]
 },
 {
 "cookie": "data_exfilteration_H_H",
 "access_time": [
 "Mon Jan 13 05:39:18:515 2018"
 ]
 },
 {
 "cookie": "AMAT_2_VH",
 "access_time": [
 "Sun Jan 12 23:59:39:483 2018"
 ]
 }
 ]
 }
 ]
 }
}
```