Skip to main content

v1.0.0 — Initial public release

The first public release of the VantaPrism Customer API — programmatic access to VantaPrism’s stealer-log intelligence dataset across free, pro, and ultra tiers.

Domain Intelligence

  • POST /v1/domain/search — search breach records by domain, with subdomains/include_subdomains and type (employees/users/both) filtering.
  • POST /v1/domain/company — company-wide exposure summary.
  • POST /v1/domain/overview — aggregate domain exposure metrics.
  • POST /v1/domain/assets — grouped host/asset view for a domain.
  • POST /v1/domain/third-party-risk — third-party/vendor exposure for a domain.
  • GET /v1/domain/{domain}/timeline — infection-volume timeline for a domain.
  • GET /v1/domain/top-exposed — most-exposed domains overall.

End User Protection

  • POST /v1/search/emails — check exposure for one or more email addresses.
  • POST /v1/search/usernames — check exposure by username or email local-part.
  • POST /v1/search/ip-cidr — find infections by IP address or CIDR range.
  • POST /v1/search/stealer-id — bulk victim lookup by victim_id/log_victim_id.
  • POST /v1/search/pc-name — find infections by computer hostname.

Investigations

  • POST /v1/search/file — search stolen files by filename.
  • POST /v1/search/term — search browser history by term.
  • POST /v1/search/infection-analysis — AI-assisted infection-vector analysis (ultra only).
  • POST /v1/search/categorize-domains — categorize domains co-occurring with a stealer family.
  • POST /v1/search/advanced — multi-field AND-logic cross-filter search (pro/ultra).
  • POST /v1/search/password — find accounts using a known-compromised password (pro/ultra).
  • POST /v1/search/keyword — aggregate keyword hit-counts across harvested URLs (pro/ultra).
  • POST /v1/search/keyword/urls — list individual URLs matching keywords (pro/ultra).

Data Categories

  • POST /v1/data/credentials — bulk export of stolen logins/passwords.
  • POST /v1/data/cookies — bulk export of stolen browser cookies (pro/ultra).
  • POST /v1/data/autofill — bulk export of browser autofill data (pro/ultra).
  • POST /v1/data/cards — bulk export of stolen payment cards (pro/ultra).
  • POST /v1/data/wallets — bulk export of cryptocurrency wallet records (pro/ultra).
  • POST /v1/data/ftp — bulk export of stolen FTP credentials (pro/ultra).
  • POST /v1/data/keychain — bulk export of macOS Keychain entries (ultra).
  • POST /v1/data/commands — bulk export of shell command history (pro/ultra).

Victim Profiles

  • GET /v1/victims/{victim_id} — full infection profile for a victim.
  • GET /v1/victims/{victim_id}/{sub} — a victim’s records for a specific data category.

Account, Statistics & Health

  • GET /v1/account — key identity, tier, scopes, limits, and usage.
  • GET /v1/stats/overview, /v1/stats/families, /v1/stats/countries, /v1/stats/timeline — global dataset statistics.
  • GET /v1/health, GET /v1/health/ready — liveness and readiness probes.

Platform

  • API-key authentication (api-key header or Authorization: Bearer), with vp_live_*/vp_test_* key formats — see Authentication.
  • Three tiers (free/pro/ultra) with per-tier rate limits, row caps, and query-window limits — see Rate Limits & Tiers.
  • HMAC-signed cursor pagination on all list endpoints — see Pagination.
  • Per-tier field masking with a “searched value is never masked” guarantee — see Data Masking.
  • Unified error catalog across all endpoints — see Errors.