Domain Timeline - VantaPrism API

A weekly histogram of breach-record volume for one domain, split by employee vs. user accounts — useful for spotting spikes (e.g. a new stealer campaign targeting your org) or confirming a downward trend after a remediation effort.

Request

GET /v1/domain/{domain}/timeline · Required scope: search:domain (all tiers) · Aggregation (counts toward agg_per_min) · Not paginated

Parameter	Location	Type	Required	Default	Description
`domain`	path	string	Yes	—	Domain to analyze, e.g. `acme-corp.com`
`weeks`	query	integer	No	`24`	Look-back window, 4–208 weeks

Example request

curl "https://api.vantaprism.me/v1/domain/acme-corp.com/timeline?weeks=24" \
  -H "api-key: $VANTAPRISM_API_KEY"

Response

200 OK — array of DomainTimelineEntry, one per week, oldest first. Not masked (counts only).

{
  "data": [
    { "week": "2026-01-05", "employees": 2, "users": 14 },
    { "week": "2026-01-12", "employees": 1, "users": 9 },
    { "week": "2026-01-19", "employees": 5, "users": 22 }
  ],
  "meta": {
    "request_id": "req_01HZXK3Q7N8YV6F3M2P9JABCDE",
    "took_ms": 29.0,
    "tier": "pro"
  }
}

Field	Description
`week`	ISO date of the Monday starting this week
`employees`	New compromised `@<domain>` accounts that week
`users`	New compromised end-user accounts that week

Errors

Status	`code`	Cause
400	`VALIDATION_ERROR`	`weeks` out of range (4–208)
403	`FORBIDDEN_SCOPE`	Key lacks `search:domain`
429	`RATE_LIMIT_EXCEEDED`	Exceeded `agg_per_min`

See Errors for the full catalog.

Third-Party Risk Top Exposed Domains

⌘I

​Request

​Example request

​Response

​Errors

Request

Example request

Response

Errors