Skip to main content

Cursor model

List endpoints that can return more rows than your limit use cursor pagination. The response includes a nextCursor field: 
{
  "data": [ /* ... up to `limit` rows ... */ ],
  "nextCursor": "eyJzaWciOiJhMWIyYzNkNGU1ZjY3Z..."
  ,
  "meta": { "...": "..." }
}
  • nextCursor is a string when more results exist, or null when you’ve reached the end.
  • To get the next page, pass it back as the cursor field in your next request body (for POST endpoints) — keep every other parameter (including sort_direction) identical.
Request — page 2
{
  "domains": ["acme-corp.com"],
  "type": "employees",
  "limit": 25,
  "cursor": "eyJzaWciOiJhMWIyYzNkNGU1ZjY3Z..."
}

What’s inside a cursor

A cursor is a base64-encoded, HMAC-signed keyset token encoding { ts, id, dir } — the timestamp and ID of the last row you saw, and the sort direction the cursor was issued for. You should treat it as an opaque string: don’t decode, construct, or edit it. If a cursor is malformed, expired-format, or tampered with, the API returns:
400 Bad Request
{
  "error": {
    "code": "INVALID_CURSOR",
    "message": "Cursor is invalid or tampered"
  }
}

sort_direction must stay constant

Because the cursor encodes a sort direction, changing sort_direction between pages of the same query invalidates the cursor — you’ll get INVALID_CURSOR or unexpected results. If you need to re-sort, start a new query without a cursor.

Page size

Use limit to control page size. The maximum allowed value depends on your tier’s max_rows (see Rate Limits & Tiers) — requesting a higher limit than your tier allows is clamped, not rejected.

Endpoints that are NOT paginated

The following endpoints return a complete result set (or a single object) in one response and do not accept cursor / return nextCursor:
  • POST /v1/domain/overview
  • POST /v1/domain/assets
  • POST /v1/domain/third-party-risk
  • GET /v1/domain/{domain}/timeline
  • GET /v1/domain/top-exposed
  • POST /v1/search/stealer-id
  • POST /v1/search/infection-analysis
  • POST /v1/search/categorize-domains
  • POST /v1/search/keyword
  • GET /v1/account
  • GET /v1/stats/*
These are either aggregations (already bounded/grouped) or single-object responses — see each endpoint’s reference page for its exact response shape.