# Leaks.ai API REST API for Leaks.ai - monitor credential exposures across your organization's domains. Access leaks, infected endpoints, compromised resources, and exposed users. All list endpoints support pagination and filtering. Authentication via API key. Version: 1.0.0 ## Servers API base path ``` https://api.leaks.ai/api/v1 ``` ## Security ### ApiKeyAuth API key. Example: Api-Key YOUR_API_KEY Type: apiKey In: header Name: Authorization ## Download OpenAPI description [Leaks.ai API](https://docs.leaks.ai/_bundle/openapi.yaml) ## Domains Monitored domains ### List domains - [GET /domains](https://docs.leaks.ai/openapi/domains/listdomains.md): Returns all non-archived domains for the organization associated with the API key. ## Leaks Credential leaks ### List leaks - [GET /leaks](https://docs.leaks.ai/openapi/leaks/listleaks.md): Returns paginated leaks. Scope by domain(s) via domain_id. If omitted, returns leaks across all org domains. ### Count leaks - [GET /leaks/count](https://docs.leaks.ai/openapi/leaks/countleaks.md): Returns total count of leaks matching filters. Same query parameters as list (except page, per_page, sort). ### Get leak by ID - [GET /leaks/{leak_id}](https://docs.leaks.ai/openapi/leaks/getleak.md): Returns a single leak with connections (resources, users, endpoints). ## Endpoints Infected Endpoints associated with leaks ### List endpoints - [GET /endpoints](https://docs.leaks.ai/openapi/endpoints/listendpoints.md): Returns paginated endpoints (infected machines / stealer logs). Scope by domain(s). ### Count endpoints - [GET /endpoints/count](https://docs.leaks.ai/openapi/endpoints/countendpoints.md) ### Get endpoint by ID - [GET /endpoints/{endpoint_id}](https://docs.leaks.ai/openapi/endpoints/getendpoint.md): Returns a single endpoint with connections (users and resources). Users in connections have risk_level not None. ### Download endpoint archive - [GET /endpoints/{endpoint_id}/download](https://docs.leaks.ai/openapi/endpoints/downloadendpoint.md): Returns a temporary pre-signed URL to download the stealer log archive. The URL expires in 1 hour. ## Resources Resources (domains, IPs, APKs) associated with leaks ### List resources - [GET /resources](https://docs.leaks.ai/openapi/resources/listresources.md): Returns paginated resources (domains, IPs, APKs) associated with leaks. Includes owned and third-party; Scope by domain(s). ### Count resources - [GET /resources/count](https://docs.leaks.ai/openapi/resources/countresources.md) ### Get resource by ID - [GET /resources/{resource_id}](https://docs.leaks.ai/openapi/resources/getresource.md): Returns a single resource with connections (endpoints and users). Users in connections have risk_level not None. ## Users Users represent leaks grouped by login (email or username). ### List users - [GET /users](https://docs.leaks.ai/openapi/users/listusers.md): Returns paginated users — leaks grouped by login. Each user represents a unique identity (email or username) with an aggregated risk level across all associated leaks. Scope by domain(s). ### Count users - [GET /users/count](https://docs.leaks.ai/openapi/users/countusers.md) ### Get user by ID - [GET /users/{user_id}](https://docs.leaks.ai/openapi/users/getuser.md): Returns a single user with connections (endpoints and resources).