Skip to main content
POST
/
v1
/
domain
/
search
Search breach records for one or more domains
curl --request POST \
  --url https://api.vantaprism.me/v1/domain/search \
  --header 'Content-Type: application/json' \
  --header 'api-key: <api-key>' \
  --data '
{
  "domains": [
    "acme-corp.com"
  ],
  "type": "employees",
  "limit": 25
}
'
{
  "data": [
    {
      "stealer_id": "<string>",
      "victim_id": "<string>",
      "domain": "<string>",
      "url": "<string>",
      "username": "<string>",
      "password": "<string>",
      "infection_date": "2023-11-07T05:31:56Z"
    }
  ],
  "meta": {
    "request_id": "req_01HZXK3Q7N8YV6F3M2P9JABCDE",
    "took_ms": 42.7,
    "tier": "pro",
    "masked_fields": [
      "password",
      "ip"
    ],
    "freshness_at": "2023-11-07T05:31:56Z"
  },
  "nextCursor": "<string>"
}

Authorizations

api-key
string
header
required

Static API key, format vp_<env>_<8-hex-prefix>.<40-hex-secret>. Preferred header for server-to-server integrations.

Body

application/json
domains
string[]
required

Domains to search, e.g. ["example.com"].

Minimum array length: 1
Example:
["example.com"]
subdomains
string[]

Narrow to specific subdomain labels, e.g. ["mail","vpn"]. Takes priority over include_subdomains — if both are set, subdomains wins.

include_subdomains
boolean
default:false

When true and subdomains is empty, include all subdomains of the searched domain(s).

type
enum<string>
default:both

employees = corporate emails matching the searched domain(s); users = end-user accounts with the domain in their saved URL; both = no filter. See Domain Intelligence Overview.

Available options:
employees,
users,
both
start_date
string<date-time> | null

ISO-8601 inclusive start date filter on inserted_at. Omit for all history (subject to tier query_window_days).

end_date
string<date-time> | null

ISO-8601 inclusive end date filter.

sort_direction
enum<string>
default:desc

Sort order applied to inserted_at. Must stay constant across paginated requests using the same cursor.

Available options:
asc,
desc
cursor
string | null

Opaque pagination token from a previous response's nextCursor.

limit
integer
default:25

Page size. Clamped to the tier's max_rows.

Required range: 1 <= x <= 500

Response

Matching records

data
object[]
required
meta
object
required

Metadata attached to every successful response.

nextCursor
string | null