Company-wide employee exposure search

curl --request POST \ --url https://api.vantaprism.me/v1/domain/company \ --header 'Content-Type: application/json' \ --header 'api-key: <api-key>' \ --data ' { "domains": [ "acme-corp.com" ], "external_domains": [ "acme-corp.okta.com" ], "limit": 25 } '

{ "data": [ { "stealer_id": "<string>", "victim_id": "<string>", "domain": "<string>", "url": "<string>", "username": "<string>", "password": "<string>", "infection_date": "2023-11-07T05:31:56Z" } ], "meta": { "request_id": "req_01HZXK3Q7N8YV6F3M2P9JABCDE", "took_ms": 42.7, "tier": "pro", "masked_fields": [ "password", "ip" ], "freshness_at": "2023-11-07T05:31:56Z" }, "nextCursor": "<string>" }

Authorizations

api-key

string

header

required

Static API key, format vp_<env>_<8-hex-prefix>.<40-hex-secret>. Preferred header for server-to-server integrations.

Body

application/json

domains

string[]

required

Primary company domains, e.g. ["example.com"].

Minimum array length: 1

external_domains

string[]

SSO / IdP / third-party app domains, e.g. ["example.okta.com"].

type

enum<string>

default:both

employees = corporate emails matching the searched domain(s); users = end-user accounts with the domain in their saved URL; both = no filter. See Domain Intelligence Overview.

Available options:

employees,

users,

both

start_date

string<date-time> | null

end_date

string<date-time> | null

sort_direction

enum<string>

default:desc

Sort order applied to inserted_at. Must stay constant across paginated requests using the same cursor.

Available options:

asc,

desc

cursor

string | null

limit

integer

default:25

Required range: 1 <= x <= 500

Response

Employee exposure records

data

object[]

required

Show child attributes