I am building a small phishing-reporting workflow to identify credential-harvesting pages and submit confirmed malicious URLs quickly.
The goal is to reduce the lifespan of phishing pages and disrupt the attackers’ ability to profit from stolen credentials. The workflow reviews suspicious links, records the relevant indicators, and submits only URLs that appear to be genuine phishing or credential-harvesting pages.
I am interested in using the Web Risk Submission API, but I have not found a self-service enrollment path. I have setup the oauth and generally have it working but the documentation mentions “Contact sales or your customer engineer to obtain access to this feature.” which has been a vortex of disappointment.
Can an individual developer or small security-focused project request access? If so, what is the correct process? If not, is there another supported way to submit confirmed phishing URLs programmatically?
Thank you.
