# List leaks

Returns paginated leaks. Scope by domain(s) via domain_id. If omitted, returns leaks across all org domains.

Endpoint: GET /leaks
Version: 1.0.0
Security: ApiKeyAuth

## Query parameters:

  - `domain_id` (string)
    Domain UUID(s) to scope the request. Comma-separated for multiple. If omitted, all non-archived domains of the organization are used.
    Example: "a1b2c3d4-e5f6-7890-abcd-ef1234567890"

  - `page` (integer)
    Page number (1-based).

  - `per_page` (integer)
    Items per page (max 100).

  - `status` (string)
    Filter by status (repeatable)
    Enum: "new", "investigating", "resolved", "false_positive"

  - `risk_level` (string)
    Filter by risk level; comma-separated or repeated; case-insensitive (e.g. none,low,medium). To get only actionable leaks, use risk_level=low,medium,high
    Example: "none,medium"

  - `login` (string)
    Search by login (substring)

  - `password` (string)
    Search by password (substring)

  - `url` (string)
    Search by URL (substring)

  - `url_port` (integer)
    Filter by URL port (exact)

  - `url_path` (string)
    Search by URL path (substring)

  - `user_id` (string)
    Filter by user UUID

  - `resource_id` (string)
    Filter by resource UUID

  - `endpoint_id` (string)
    Filter by endpoint UUID

  - `sort` (string)
    Sort: prefix with - for desc. Allowed: risk_level, first_seen, added_at
    Example: "-risk_level,added_at"

## Response 200 fields (application/json):

  - `data` (array)

  - `data.id` (string)
    Example: "f47ac10b-58cc-4372-a567-0e02b2c3d479"

  - `data.risk_level` (integer)
    Example: 5

  - `data.risk_level_name` (string)
    Enum: "none", "low", "medium", "high"

  - `data.status` (string)
    Enum: "new", "investigating", "resolved", "false_positive"

  - `data.url` (string,null)
    Example: "https://example.com/login"

  - `data.login` (string)
    Example: "user@example.com"

  - `data.password` (string)
    Example: "***"

  - `data.first_seen` (string,null)
    ISO 8601 e.g. 2025-12-05T00:00:00.000Z
    Example: "2025-12-05T00:00:00.000Z"

  - `data.added_at` (string,null)
    ISO 8601 e.g. 2025-12-05T01:09:22.879Z
    Example: "2025-12-05T01:09:22.879Z"

  - `pagination` (object)

  - `pagination.page` (integer)
    Example: 1

  - `pagination.per_page` (integer)
    Example: 25

  - `pagination.total_pages` (integer)
    Example: 4

  - `pagination.total_results` (integer)
    Example: 92

## Response 400 fields (application/json):

  - `type` (string)
    Example: "validation_error"

  - `status` (integer)
    Example: 400

  - `detail` (string)
    Example: "Invalid sort field: \"foo\". Valid: [\"risk_level\", \"first_seen\", \"added_at\"]."

## Response 401 fields (application/json):

  - `type` (string)
    Example: "validation_error"

  - `status` (integer)
    Example: 400

  - `detail` (string)
    Example: "Invalid sort field: \"foo\". Valid: [\"risk_level\", \"first_seen\", \"added_at\"]."

## Response 403 fields (application/json):

  - `type` (string)
    Example: "validation_error"

  - `status` (integer)
    Example: 400

  - `detail` (string)
    Example: "Invalid sort field: \"foo\". Valid: [\"risk_level\", \"first_seen\", \"added_at\"]."