Leaks.ai API (1.0.0)
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude
Connect to Cursor
Install MCP server on Cursor
Connect to VS Code
Install MCP server on VS Code

REST API for Leaks.ai - monitor credential exposures across your organization's domains. Access leaks, infected endpoints, compromised resources, and exposed users. All list endpoints support pagination and filtering. Authentication via API key.

Download OpenAPI description

openapi.json

openapi.yaml

Servers

Mock server

https://docs.leaks.ai/_mock/openapi

API base path

https://api.leaks.ai/api/v1

Domains

Monitored domains

Operations

Leaks

Credential leaks

Operations

Endpoints

Infected Endpoints associated with leaks

Operations

List endpoints

Request

Returns paginated endpoints (infected machines / stealer logs). Scope by domain(s).

Security

ApiKeyAuth

Query

domain_idstring(uuid)

Domain UUID(s) to scope the request. Comma-separated for multiple. If omitted, all non-archived domains of the organization are used.

Example: domain_id=a1b2c3d4-e5f6-7890-abcd-ef1234567890

pageinteger

Page number (1-based).

Default 1

per_pageinteger<= 100

Items per page (max 100).

Default 25

statusstring

Filter by status (repeatable)

Enum"new""investigating""resolved""false_positive"

risk_levelstring

Filter by risk level; comma-separated

sortstring

Sort: prefix - for desc. Allowed: risk_level, date

Example: sort=-risk_level

curl -i -X GET \
  'https://docs.leaks.ai/_mock/openapi/endpoints?domain_id=a1b2c3d4-e5f6-7890-abcd-ef1234567890&page=1&per_page=25&status=new&risk_level=string&sort=-risk_level' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Responses

Success

Bodyapplication/json

dataArray of objects(Endpoint)

paginationobject(Pagination)

Response

application/json

{
  "data": [
    { … }
  ],
  "pagination": {
    "page": 1,
    "per_page": 25,
    "total_pages": 2,
    "total_results": 41
  }
}

Count endpoints

Request

Security

ApiKeyAuth

Query

domain_idstring(uuid)

Domain UUID(s) to scope the request. Comma-separated for multiple. If omitted, all non-archived domains of the organization are used.

Example: domain_id=a1b2c3d4-e5f6-7890-abcd-ef1234567890

statusstring

Enum"new""investigating""resolved""false_positive"

risk_levelstring

curl -i -X GET \
  'https://docs.leaks.ai/_mock/openapi/endpoints/count?domain_id=a1b2c3d4-e5f6-7890-abcd-ef1234567890&status=new&risk_level=string' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Responses

Success

Bodyapplication/json

dataobject

Response

application/json

{
  "data": {
    "count": 41
  }
}

Get endpoint by ID

Request

Returns a single endpoint with connections (users and resources). Users in connections have risk_level not None.

Security

ApiKeyAuth

Path

endpoint_idstring(uuid)required

Query

domain_idstring(uuid)

Domain UUID(s) to scope the request. Comma-separated for multiple. If omitted, all non-archived domains of the organization are used.

Example: domain_id=a1b2c3d4-e5f6-7890-abcd-ef1234567890

curl -i -X GET \
  'https://docs.leaks.ai/_mock/openapi/endpoints/{endpoint_id}?domain_id=a1b2c3d4-e5f6-7890-abcd-ef1234567890' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Responses

Success

Bodyapplication/json

dataobject(EndpointDetail)

Response

application/json

{
  "data": {
    "id": "d4e5f6a7-b8c9-0123-def0-456789012345",
    "date": "2025-12-04T14:30:00.000Z",
    "added_at": "2025-12-05T01:09:22.879Z",
    "metadata": { … },
    "risk_level": 4,
    "risk_level_name": "medium",
    "status": "new",
    "filename": "[US]93.101.28.33.rar",
    "tree": [ … ],
    "connections": { … }
  }
}

Download endpoint archive

Request

Returns a temporary pre-signed URL to download the stealer log archive. The URL expires in 1 hour.

Security

ApiKeyAuth

Path

endpoint_idstring(uuid)required

curl -i -X GET \
  'https://docs.leaks.ai/_mock/openapi/endpoints/{endpoint_id}/download' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Responses

Success

Bodyapplication/json

dataobject

Response

application/json

{
  "data": {
    "url": "https://storage.leaks.ai/archives/abc123.zip?token=...",
    "expires_in": 3600
  }
}

Resources

Resources (domains, IPs, APKs) associated with leaks

Operations

Users

Users represent leaks grouped by login (email or username).

Operations

Leaks.ai API (1.0.0)
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude
Connect to Cursor
Install MCP server on Cursor
Connect to VS Code
Install MCP server on VS Code

Domains

Leaks

Endpoints

List endpoints

Request

Responses

Was this helpful?

Count endpoints

Request

Responses

Was this helpful?

Get endpoint by ID

Request

Responses

Was this helpful?

Download endpoint archive

Request

Responses

Was this helpful?

Resources

Users

Leaks.ai API (1.0.0)CopyCopy for LLMCopy page as Markdown for LLMsView as MarkdownOpen this page as MarkdownOpen in ChatGPTGet insights from ChatGPTOpen in ClaudeGet insights from ClaudeConnect to CursorInstall MCP server on CursorConnect to VS CodeInstall MCP server on VS Code

Domains

Leaks

Endpoints

List endpoints

Request

Responses

Was this helpful?

Count endpoints

Request

Responses

Was this helpful?

Get endpoint by ID

Request

Responses

Was this helpful?

Download endpoint archive

Request

Responses

Was this helpful?

Resources

Users

Leaks.ai API (1.0.0)
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude
Connect to Cursor
Install MCP server on Cursor
Connect to VS Code
Install MCP server on VS Code