Domain Overview - VantaPrism API

A fast, aggregated risk summary for one or many domains — no raw credential rows, just counts and timestamps. Ideal for portfolio-wide risk scoring (e.g. scanning a list of vendors or subsidiaries) without the row-level detail (and rate-limit cost) of Search Domains.

Request

POST /v1/domain/overview · Required scope: search:domain (all tiers) · Aggregation (counts toward agg_per_min) · Not paginated

Parameter	Type	Required	Default	Description
`domains`	string[]	Yes	—	Domains to summarize, 1–500 items
`start_date`	string (date-time) \| null	No	—	Inclusive start filter, clamped by `query_window_days`
`end_date`	string (date-time) \| null	No	—	Inclusive end filter

Example request

curl -X POST https://api.vantaprism.me/v1/domain/overview \
  -H "api-key: $VANTAPRISM_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "domains": ["acme-corp.com", "globex.net"] }'

Response

200 OK — array of DomainOverviewResult, one entry per requested domain. Not masked (no PII rows are returned).

{
  "data": [
    {
      "domain": "acme-corp.com",
      "compromised_employees": 142,
      "compromised_users": 893,
      "last_employee_uploaded": "2026-06-10T03:14:00Z",
      "last_user_uploaded": "2026-06-14T19:02:00Z",
      "first_employee_uploaded": "2023-02-11T08:30:00Z"
    },
    {
      "domain": "globex.net",
      "compromised_employees": 0,
      "compromised_users": 12,
      "last_employee_uploaded": null,
      "last_user_uploaded": "2026-05-28T11:45:00Z",
      "first_employee_uploaded": null
    }
  ],
  "meta": {
    "request_id": "req_01HZXK3Q7N8YV6F3M2P9JABCDE",
    "took_ms": 56.3,
    "tier": "pro",
    "freshness_at": "2026-06-15T09:45:00Z"
  }
}

Field	Description
`domain`	Echoes the requested domain
`compromised_employees`	Distinct compromised `@<domain>` accounts
`compromised_users`	Distinct compromised end-user accounts on this domain’s services
`last_employee_uploaded` / `last_user_uploaded`	Most recent infection date in each bucket, or `null` if none
`first_employee_uploaded`	Earliest employee-account infection date on record, or `null`

Caching

Responses are cached for roughly 15 minutes (stale-while-revalidate) — meta.freshness_at reflects when the underlying data was last computed.

Errors

Status	`code`	Cause
400	`VALIDATION_ERROR`	`domains` is empty or exceeds 500 items
403	`FORBIDDEN_SCOPE`	Key lacks `search:domain`
429	`RATE_LIMIT_EXCEEDED`	Exceeded `agg_per_min` (5 / 60 / 240 per tier)

See Errors for the full catalog.

​Request

​Example request

​Response

​Caching

​Errors

Request

Example request

Response

Caching

Errors