Skip to content

Leaks.ai API (1.0.0)

REST API for Leaks.ai - monitor credential exposures across your organization's domains. Access leaks, infected endpoints, compromised resources, and exposed users. All list endpoints support pagination and filtering. Authentication via API key.

Download OpenAPI description
Languages
Servers
Mock server
https://docs.leaks.ai/_mock/openapi
API base path
https://api.leaks.ai/api/v1

Domains

Monitored domains

Operations

Leaks

Credential leaks

Operations

Endpoints

Infected Endpoints associated with leaks

Operations

Resources

Resources (domains, IPs, APKs) associated with leaks

Operations

Users

Users represent leaks grouped by login (email or username).

Operations

List users

Request

Returns paginated users — leaks grouped by login. Each user represents a unique identity (email or username) with an aggregated risk level across all associated leaks. Scope by domain(s).

Security
ApiKeyAuth
Query
domain_idstring(uuid)

Domain UUID(s) to scope the request. Comma-separated for multiple. If omitted, all non-archived domains of the organization are used.

Example: domain_id=a1b2c3d4-e5f6-7890-abcd-ef1234567890
pageinteger

Page number (1-based).

Default 1
per_pageinteger<= 100

Items per page (max 100).

Default 25
risk_levelstring
loginstring

Search by login (substring)

sortstring

Sort: prefix - for desc. Allowed: first_seen, login, risk_level

curl -i -X GET \
  'https://docs.leaks.ai/_mock/openapi/users?domain_id=a1b2c3d4-e5f6-7890-abcd-ef1234567890&page=1&per_page=25&risk_level=string&login=string&sort=string' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Responses

Success

Bodyapplication/json
dataArray of objects(User)
paginationobject(Pagination)
Response
application/json
{ "data": [ {} ], "pagination": { "page": 1, "per_page": 25, "total_pages": 3, "total_results": 67 } }

Count users

Request

Security
ApiKeyAuth
Query
domain_idstring(uuid)

Domain UUID(s) to scope the request. Comma-separated for multiple. If omitted, all non-archived domains of the organization are used.

Example: domain_id=a1b2c3d4-e5f6-7890-abcd-ef1234567890
risk_levelstring
loginstring
curl -i -X GET \
  'https://docs.leaks.ai/_mock/openapi/users/count?domain_id=a1b2c3d4-e5f6-7890-abcd-ef1234567890&risk_level=string&login=string' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Responses

Success

Bodyapplication/json
dataobject
Response
application/json
{ "data": { "count": 67 } }

Get user by ID

Request

Returns a single user with connections (endpoints and resources).

Security
ApiKeyAuth
Path
user_idstring(uuid)required
Query
domain_idstring(uuid)

Domain UUID(s) to scope the request. Comma-separated for multiple. If omitted, all non-archived domains of the organization are used.

Example: domain_id=a1b2c3d4-e5f6-7890-abcd-ef1234567890
curl -i -X GET \
  'https://docs.leaks.ai/_mock/openapi/users/{user_id}?domain_id=a1b2c3d4-e5f6-7890-abcd-ef1234567890' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Responses

Success

Bodyapplication/json
dataobject(UserWithConnections)
Response
application/json
{ "data": { "id": "c3d4e5f6-a7b8-9012-cdef-345678901234", "login": "user@example.com", "identity_type": "email", "first_seen": "2025-12-01T08:00:00.000Z", "risk_level": 5, "risk_level_name": "medium", "connections": {} } }