My goal is to validate the safety of URLs using the Google Safe Browsing API.

However, I've been facing an issue with the API returning an empty response {} for the URL http://testsafebrowsing.appspot.com/. As per Google's documentation, this URL should always be marked unsafe and return a match.

I haven't set any restrictions on my API key, and I've made sure that I have proper permissions and the set-up done in IAM (Identity and Access Management) of Google Cloud isn't causing any issue.

I receive the {} response when I make a POST request to https://safebrowsing.googleapis.com/v4/threatMatches:find?key=MY_API_KEY with the following payload:

{
"client": {
"clientId": "MY_CLIENT_ID",
"clientVersion": "1.0"
},
"threatInfo": {
"threatTypes": ["MALWARE", "SOCIAL_ENGINEERING"],
"platformTypes": ["ANY_PLATFORM"],
"threatEntryTypes": ["URL"],
"threatEntries": [
{
"url": "http://testsafebrowsing.appspot.com/"
}
]
}
}
I've tried debugging this using multiple methods including Postman and making requests directly from the browser's console using fetch - all of them consistently return {}. However, when I check in my Google Console, I can see these requests logged, which indicates that the endpoint communication is working.

I'm looking for assistance in figuring out why I'm encountering this unexpected behavior. Any insights or suggestions would be greatly appreciated!
@Google-cloud-platform, @Google-cloud-storage, @Google-safe-browsing-api
@