Cards - VantaPrism API

Export stolen payment-card records filtered by BIN (issuer prefix), last 4 digits, or cardholder name. Use to identify which of your customers’ or employees’ payment cards have been compromised, or to feed card-monitoring and fraud-detection pipelines.

Request

POST /v1/data/cards · Required scope: view:cards (pro and ultra tiers) At least one of bin, last4, or holder_contains is required.

Parameter	Type	Required	Default	Description
`bin`	string \| null	One of `bin`/`last4`/`holder_contains` required	—	Exact 6-digit card BIN (issuer prefix), e.g. `"411111"`
`last4`	string \| null	See above	—	Exact last 4 digits of the card number, e.g. `"1111"`
`holder_contains`	string \| null	See above	—	Case-insensitive substring match against the cardholder name
`start_date`	string (date-time) \| null	No	—	Inclusive start filter, clamped by `query_window_days`
`end_date`	string (date-time) \| null	No	—	Inclusive end filter
`sort_direction`	`asc` \| `desc`	No	`desc`	Must stay constant across pages
`cursor`	string \| null	No	—	Pagination token
`limit`	integer	No	`25`	1–500, clamped to your tier’s `max_rows`

Example request

curl -X POST https://api.vantaprism.me/v1/data/cards \
  -H "api-key: $VANTAPRISM_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "bin": "411111", "limit": 25 }'

Response

200 OK — array of CardRecord, cursor-paginated.

{
  "data": [
    {
      "victim_id": "a3f1c9e8b2d4567890abcdef1234567890abcdef1234567890abcdef123456",
      "card_number": "411111••••••1111",
      "card_type": "Visa",
      "holder": "JOHN DOE",
      "expiration_year": "2028",
      "expiration_month": "04",
      "has_cvv": true,
      "browser": "Chrome",
      "profile": "Default",
      "inserted_at": "2026-05-02T14:22:31Z"
    }
  ],
  "nextCursor": null,
  "meta": {
    "request_id": "req_01HZXK3Q7N8YV6F3M2P9JABCDE",
    "took_ms": 29.1,
    "tier": "pro",
    "masked_fields": ["card_number"]
  }
}

Field	Description
`victim_id`	SHA-256 victim ID — use with Victim Profiles
`card_number`	Masked via `bin_last_four` on all tiers — first 6 + last 4 digits visible, e.g. `411111••••••1111`
`card_type`	e.g. `"Visa"`, `"Mastercard"`
`holder`	Cardholder name as stored on the victim’s machine
`expiration_year` / `expiration_month`	Card expiration
`has_cvv`	`true` if a CVV was captured for this card. The raw CVV is never returned by the API
`browser`	Browser the card was harvested from
`profile`	Browser profile name
`inserted_at`	When the record was ingested

Pagination

Cursor-paginated — see Pagination.

Errors

Status	`code`	Cause
400	`VALIDATION_ERROR`	None of `bin`, `last4`, `holder_contains` provided, or `bin`/`last4` fail their digit-pattern checks
400	`INVALID_CURSOR`	Tampered or stale `cursor`
403	`FORBIDDEN_SCOPE`	Key lacks `view:cards` (free tier)

See Errors for the full catalog.

Tier notes

This endpoint requires view:cards, which is not included on the free tier — a free-tier key receives 403 FORBIDDEN_SCOPE. card_number is masked to bin_last_four on every tier, including ultra — full card numbers are never returned by this API. cvv is always reduced to the has_cvv boolean flag; see Data Masking.

​Request

​Example request

​Response

​Pagination

​Errors

​Tier notes