Add a section on how to obtain API keys

README.md

@@ -16,6 +16,26 @@ widely-used reputation systems.
 | abuse.ch URLhaus      | HTTPS lookup    | optional Auth-Key (admin) | user (default on) |
 | VirusTotal v3         | HTTPS lookup    | yes (admin)    | admin |
 
+### Obtaining API keys
+
+**Google Safe Browsing** (option: `google_safe_browsing_api_key`)
+1. Go to the [Google Cloud Console](https://console.cloud.google.com/) and create or select a project.
+2. Enable the *Safe Browsing API* under *APIs & Services → Library*.
+3. Create an API key under *APIs & Services → Credentials*.
+4. The free tier allows up to 10 000 queries/day with no billing required.
+
+**abuse.ch** (option: `urlhaus_auth_key` / `threatfox_auth_key` / `malwarebazaar_auth_key`)
+1. Register a free account at [abuse.ch](https://abuse.ch/).
+2. After login, retrieve your Auth-Key from your account profile page.
+3. The same account and key works for URLhaus, ThreatFox, and MalwareBazaar — set it in each source option independently.
+4. Free, no rate-limit tiers documented; the APIs are community-funded.
+
+**VirusTotal** (option: `virustotal_api_key`)
+1. Create a free account at [virustotal.com](https://www.virustotal.com/).
+2. Go to your profile and copy the API key.
+3. Free tier: 4 requests/minute, 500 requests/day. No billing required.
+4. The public API key is sufficient; premium keys unlock higher quotas.
+
 DNS-based blocklists are queried in parallel. The OpenPhish feed is
 downloaded once per hour by the provider and cached in memory.