A logic app Get-VirusTotalIPReport is not working

Question

A logic app Get-VirusTotalIPReport is not working

Bhupender Singh 0

I am trying to automate IP enrichment using the Virus Total API.

I have set up a logic app and tied it to a respective analytical rule but I am getting the following error.

This is a test instance and we have only few resources running on it.

User's image

SANDEERODRIGUEZ-1625 0 Reputation points

2025-12-29T02:47:29.01+00:00

I GET AN ERROR MESSAGE TO UPDATE VIRUS TOTAL'S API KEY FIRST.
SANDEERODRIGUEZ-1625 0 Reputation points

2025-12-29T02:49:46.75+00:00

I COPIED THE SCRIPT, BUT I DON'T KNOW HOW TO ACCESS THE PROGRAM TO ADD THE SCRIPT.

2 answers

Your answer

SANDEERODRIGUEZ-1625 0 Reputation points

2025-12-29T02:47:29.01+00:00

I GET AN ERROR MESSAGE TO UPDATE VIRUS TOTAL'S API KEY FIRST.
SANDEERODRIGUEZ-1625 0 Reputation points

2025-12-29T02:49:46.75+00:00

I COPIED THE SCRIPT, BUT I DON'T KNOW HOW TO ACCESS THE PROGRAM TO ADD THE SCRIPT.

Answer 1

Deleted

This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Comments have been turned off. Learn more

Answer 2

if you are using Public API

it is limited to 500 requests per day and a rate of 4 requests per minute.

To solve the 4 request per min problem

you can add a delay to ensure requests do not exceed the quota.

{
  "definition": {
    "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
    "actions": {
      "HTTP": {
        "inputs": {
          "method": "GET",
          "uri": "https://www.virustotal.com/api/v3/ip_addresses/@{variables('IPAddress')}",
          "headers": {
            "x-apikey": "@{variables('APIKey')}"
          }
        },
        "runAfter": {},
        "type": "Http"
      },
      "Delay": {
        "type": "Delay",
        "inputs": {
          "interval": {
            "count": 1,
            "unit": "Minute"
          }
        },
        "runAfter": {
          "HTTP": [
            "Succeeded"
          ]
        }
      }
    },
    "triggers": {
      "manual": {
        "type": "Request",
        "inputs": {
          "schema": {}
        }
      }
    },
    "outputs": {},
    "description": ""
  },
  "parameters": {
    "IPAddress": {
      "defaultValue": "8.8.8.8",
      "type": "String"
    },
    "APIKey": {
      "defaultValue": "your_virustotal_api_key",
      "type": "SecureString"
    }
  }
}

Francisco Yeray Gómez Carrión 0 Reputation points

2025-06-18T16:00:54.4466667+00:00

Hello!!

I have been experiencing the same problem, and to confirm that the issue is not due to the API keys reaching their quota limit, it must have another underlying cause. I am attaching some screenshots that show that the APIs have not made any requests, yet they continue to return a status code 429 even when using different hashes and with a fixed time retry of PT30S (30 seconds).
This would be the structure of my Logic App where I am implementing the "get file report" action by sending a hash. (Each "get file report" action has a different assigned API key).

Next, I will show the results of the executions

Finally, I am showing the API ingestion data (This happens in all APIs).

What occurs to me is that it could be blocked due to the IP issue because, while using the Logic Apps, the IPs are "shared" among multiple projects, and it may be more related to the IP addresses than to the quotas of the APIs used.

Best regards.

Share via

A logic app Get-VirusTotalIPReport is not working

2 answers

Your answer