{"id":6788,"library":"pycti","title":"Python API Client for OpenCTI","description":"pycti is the official Python API client for the OpenCTI platform, a free and open-source platform for threat intelligence. It provides an interface to interact with OpenCTI's GraphQL API, enabling users to programmatically manage and query cyber threat intelligence data. The library's versioning (e.g., 7.YYYYMMDD.P) closely mirrors the OpenCTI platform's releases, indicating a rapid development and release cadence.","status":"active","version":"7.260409.0","language":"en","source_language":"en","source_url":"https://github.com/OpenCTI-Platform/opencti/tree/master/client-python","tags":["OpenCTI","threat intelligence","API client","cybersecurity","GraphQL"],"install":[{"cmd":"pip install pycti","lang":"bash","label":"Install latest version"}],"dependencies":[],"imports":[{"symbol":"OpenCTIClient","correct":"from pycti import OpenCTIClient"}],"quickstart":{"code":"import os\nfrom pycti import OpenCTIClient\n\n# Initialize the OpenCTI client using environment variables\n# Ensure OPENCTI_URL and OPENCTI_TOKEN environment variables are set\nopencti_url = os.environ.get(\"OPENCTI_URL\", \"https://localhost:8080\")\nopencti_token = os.environ.get(\"OPENCTI_TOKEN\", \"YOUR_OPENCTI_TOKEN\")\n\nif not opencti_token or opencti_token == \"YOUR_OPENCTI_TOKEN\":\n    print(\"Error: OPENCTI_TOKEN environment variable or direct token is not set.\")\n    print(\"Please set OPENCTI_URL and OPENCTI_TOKEN or pass them directly.\")\n    exit(1)\n\ntry:\n    # Connect to the OpenCTI platform\n    # log_level can be 'debug', 'info', 'warning', 'error'\n    client = OpenCTIClient(opencti_url, opencti_token, log_level=\"info\")\n    print(f\"Successfully connected to OpenCTI at {opencti_url}\")\n\n    # Example: Fetch the first 5 indicators\n    print(\"Fetching first 5 indicators...\")\n    indicators = client.indicator.list(first=5)\n\n    if indicators:\n        print(f\"Found {len(indicators)} indicators:\")\n        for indicator in indicators:\n            print(f\"- ID: {indicator.get('id')}, Pattern: {indicator.get('pattern')}\")\n    else:\n        print(\"No indicators found or unable to fetch any.\")\n\nexcept Exception as e:\n    print(f\"An error occurred: {e}\")\n    print(\"Please ensure the OpenCTI platform is running, accessible, and authentication credentials are correct.\")\n","lang":"python","description":"This quickstart demonstrates how to initialize the `OpenCTIClient` using environment variables and fetch a list of indicators. It highlights the use of `OPENCTI_URL` and `OPENCTI_TOKEN` for authentication and includes basic error handling and logging."},"warnings":[{"fix":"Always ensure your `pycti` client version is compatible with your OpenCTI platform version. The `pycti` version numbers (e.g., 7.YYYYMMDD.P) directly reflect the target OpenCTI platform version.","message":"Major version updates of the OpenCTI platform (e.g., from v6 to v7) often involve significant changes to the underlying GraphQL API schema. Using a `pycti` client version intended for an older or newer platform version can lead to `KeyError`s or `AttributeError`s due to API method or data structure mismatches.","severity":"breaking","affected_versions":"<7.x.x with 7.x.x platform, or >7.x.x with <7.x.x platform"},{"fix":"Refer to the OpenCTI platform's official documentation and release notes for compatibility details. Assume that the `pycti` client with a `MAJOR` version `X` is designed for OpenCTI Platform `X`.","message":"The versioning scheme for `pycti` (e.g., 7.260409.0) is tied directly to the OpenCTI platform's version and release date (YYMMDD), rather than typical semantic versioning for an independent library. This can be confusing when trying to understand compatibility or client-side breaking changes.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Always consider pagination when listing entities. Use the `first` argument to specify the number of results per page and `after` for subsequent pages, typically within a loop until no more results are returned. Example: `client.indicator.list(first=50, after=cursor)`.","message":"When fetching large datasets, OpenCTI's GraphQL API is paginated. Failing to implement proper pagination logic (using `first` and `after` arguments) will result in retrieving only the first default set of results, potentially missing most of the data.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-15T00:00:00.000Z","next_check":"2026-07-14T00:00:00.000Z","problems":[]}