> ## Documentation Index > Fetch the complete documentation index at: https://api.docs.flare.io/llms.txt > Use this file to discover all available pages before exploring further. # Search Credentials This endpoint requires access to Account & Session Takeover Prevention (ASTP). Please contact your Customer Success Manager for more details. Flare supports searching in credentials via two endpoints: * The [Global Credentials Search endpoint ](/api-reference/v4/endpoints/credentials-global-search): This endpoint counts towards your global search quota. * The [ASTP Credentials Search Endpoint ](/api-reference/astp/endpoints/post-credentials-search): This endpoint does not count towards your search quota but requires ASTP to be enabled on your account. For more information about ASTP, contact your Customer Success Manager. Returns a list of credentials matching the query provided. ## Guides See the guide for using this endpoint: [Exporting a Domain's Credentials ](/guides/credentials-export-domain). ```json Response Example theme={null} { "items": [ { "auth_domains": ["login.live.com"], "domain": "scatterholt.com", "hash": "B@dPassw0rd", "hash_type": null, "id": 33880703907, "identity_name": "ryan.howard@scatterholt.com", "imported_at": "2024-07-22T19:25:52.893439+00:00", "known_password_id": null, "source": { "breached_at": null, "description_en": "Collection of multiple combo lists (emails and passwords) exchanged on illicit networks.", "description_fr": "Collection de multiples listes \"combos\" (adresses courriel et mots de passe) \u00e9chang\u00e9es sur des r\u00e9seaux illicites.", "id": "combolists", "is_alert_enabled": true, "leaked_at": null, "name": "Combolists" }, "source_id": "combolists" }, { "auth_domains": ["www.facebook.com", "discord.com"], "domain": "scatterholt.com", "hash": "1qaz2wsx", "hash_type": "unknown", "id": 33880703906, "identity_name": "ryan.howard@scatterholt.com", "imported_at": "2024-07-22T19:25:52.893439+00:00", "known_password_id": null, "source": { "breached_at": null, "description_en": "Collection of multiple combo lists (emails and passwords) exchanged on illicit networks.", "description_fr": "Collection de multiples listes \"combos\" (adresses courriel et mots de passe) \u00e9chang\u00e9es sur des r\u00e9seaux illicites.", "id": "combolists", "is_alert_enabled": true, "leaked_at": null, "name": "Combolists" }, "source_id": "combolists" } ], "next": "WyJjb20uc2NhdHRlcmhvbHQiLCAxNjczNjg4ODg4NV0" } ``` ## Paging This endpoint supports the [Flare standard paging pattern ](/concepts/paging). ## Body Parameters Maximum size of the JSON object that will be returned (maximum 10 000) The `next` value from the last response. Additional fields to return. Available options: * `known_password_id`: ID of the credential's password. * `auth_domains`: for each credential, return up to 10 domains where this credential was used. The order in which the results will be returned. (`asc` or `desc`) One of the supported queries. This query will match all credentials that contain the specified domain in the email address. ```json theme={null} { "type": "domain", "fqdn": "" } ``` This query will match the domain of the service that this credential might have been used to log in to. ```json theme={null} { "type": "auth_domain", "fqdn": "" } ``` This query will match all credentials that contain the specified password. ```json theme={null} { "type": "secret", "secret": "" } ``` This query will match all credentials for the exact email address. ```json theme={null} { "type": "email", "email": "" } ``` This query will match with the credential's username, which is the portion of the `identity_name` that preceeds `@`. ```json theme={null} { "type": "keyword", "keyword": "" } ``` This filter only works for Auth Domain Queries. It will be ignored if used with other query types. Matches values greater than or equal to the specified timestamp. Format: ISO-8601 Matches values lesser than or equal to the specified timestamp. Format: ISO-8601