Search Credentials

curl --request POST \
  --url https://api.flare.io/firework/v4/credentials/_search \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "size": 123,
  "from": "<string>",
  "order": "<string>",
  "query": {},
  "filters": {
    "imported_at": {
      "gte": "<string>",
      "lte": "<string>"
    }
  }
}'

{
    "items": [
        {
            "domain": "scatterholt.com",
            "hash": "B@dPassw0rd",
            "hash_type": null,
            "id": 33880703907,
            "identity_name": "ryan.howard@scatterholt.com",
            "imported_at": "2024-07-22T19:25:52.893439+00:00",
            "known_password_id": null,
            "source": {
                "breached_at": null,
                "description_en": "Collection of multiple combo lists (emails and passwords) exchanged on illicit networks.",
                "description_fr": "Collection de multiples listes \"combos\" (adresses courriel et mots de passe) \u00e9chang\u00e9es sur des r\u00e9seaux illicites.",
                "id": "combolists",
                "is_alert_enabled": true,
                "leaked_at": null,
                "name": "Combolists"
            },
            "source_id": "combolists"
        },
        {
            "domain": "scatterholt.com",
            "hash": "1qaz2wsx",
            "hash_type": "unknown",
            "id": 33880703906,
            "identity_name": "ryan.howard@scatterholt.com",
            "imported_at": "2024-07-22T19:25:52.893439+00:00",
            "known_password_id": null,
            "source": {
                "breached_at": null,
                "description_en": "Collection of multiple combo lists (emails and passwords) exchanged on illicit networks.",
                "description_fr": "Collection de multiples listes \"combos\" (adresses courriel et mots de passe) \u00e9chang\u00e9es sur des r\u00e9seaux illicites.",
                "id": "combolists",
                "is_alert_enabled": true,
                "leaked_at": null,
                "name": "Combolists"
            },
            "source_id": "combolists"
        }
    ],
    "next": "WyJjb20uc2NhdHRlcmhvbHQiLCAxNjczNjg4ODg4NV0"
}

POST

firework

credentials

_search

Search Credentials

curl --request POST \
  --url https://api.flare.io/firework/v4/credentials/_search \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "size": 123,
  "from": "<string>",
  "order": "<string>",
  "query": {},
  "filters": {
    "imported_at": {
      "gte": "<string>",
      "lte": "<string>"
    }
  }
}'

{
    "items": [
        {
            "domain": "scatterholt.com",
            "hash": "B@dPassw0rd",
            "hash_type": null,
            "id": 33880703907,
            "identity_name": "ryan.howard@scatterholt.com",
            "imported_at": "2024-07-22T19:25:52.893439+00:00",
            "known_password_id": null,
            "source": {
                "breached_at": null,
                "description_en": "Collection of multiple combo lists (emails and passwords) exchanged on illicit networks.",
                "description_fr": "Collection de multiples listes \"combos\" (adresses courriel et mots de passe) \u00e9chang\u00e9es sur des r\u00e9seaux illicites.",
                "id": "combolists",
                "is_alert_enabled": true,
                "leaked_at": null,
                "name": "Combolists"
            },
            "source_id": "combolists"
        },
        {
            "domain": "scatterholt.com",
            "hash": "1qaz2wsx",
            "hash_type": "unknown",
            "id": 33880703906,
            "identity_name": "ryan.howard@scatterholt.com",
            "imported_at": "2024-07-22T19:25:52.893439+00:00",
            "known_password_id": null,
            "source": {
                "breached_at": null,
                "description_en": "Collection of multiple combo lists (emails and passwords) exchanged on illicit networks.",
                "description_fr": "Collection de multiples listes \"combos\" (adresses courriel et mots de passe) \u00e9chang\u00e9es sur des r\u00e9seaux illicites.",
                "id": "combolists",
                "is_alert_enabled": true,
                "leaked_at": null,
                "name": "Combolists"
            },
            "source_id": "combolists"
        }
    ],
    "next": "WyJjb20uc2NhdHRlcmhvbHQiLCAxNjczNjg4ODg4NV0"
}

This endpoint is subject to quotas and is subject to the Search ratelimiting tier. See Rate Limits and Quotas .

Flare supports searching in credentials via two endpoints:

The Global Credentials Search endpoint : This endpoint counts towards your global search quota.
The ASTP Credentials Search Endpoint : This endpoint does not count towards your search quota but requires ASTP to be enabled on your account. For more information about ASTP, contact your Customer Success Manager.

Returns a list of credentials matching the query provided.

{
    "items": [
        {
            "domain": "scatterholt.com",
            "hash": "B@dPassw0rd",
            "hash_type": null,
            "id": 33880703907,
            "identity_name": "ryan.howard@scatterholt.com",
            "imported_at": "2024-07-22T19:25:52.893439+00:00",
            "known_password_id": null,
            "source": {
                "breached_at": null,
                "description_en": "Collection of multiple combo lists (emails and passwords) exchanged on illicit networks.",
                "description_fr": "Collection de multiples listes \"combos\" (adresses courriel et mots de passe) \u00e9chang\u00e9es sur des r\u00e9seaux illicites.",
                "id": "combolists",
                "is_alert_enabled": true,
                "leaked_at": null,
                "name": "Combolists"
            },
            "source_id": "combolists"
        },
        {
            "domain": "scatterholt.com",
            "hash": "1qaz2wsx",
            "hash_type": "unknown",
            "id": 33880703906,
            "identity_name": "ryan.howard@scatterholt.com",
            "imported_at": "2024-07-22T19:25:52.893439+00:00",
            "known_password_id": null,
            "source": {
                "breached_at": null,
                "description_en": "Collection of multiple combo lists (emails and passwords) exchanged on illicit networks.",
                "description_fr": "Collection de multiples listes \"combos\" (adresses courriel et mots de passe) \u00e9chang\u00e9es sur des r\u00e9seaux illicites.",
                "id": "combolists",
                "is_alert_enabled": true,
                "leaked_at": null,
                "name": "Combolists"
            },
            "source_id": "combolists"
        }
    ],
    "next": "WyJjb20uc2NhdHRlcmhvbHQiLCAxNjczNjg4ODg4NV0"
}

Paging

This endpoint supports the Flare standard paging pattern .

Body Parameters

size

number

Maximum size of the JSON object that will be returned (maximum 10 000)

from

string

The next value from the last response.

order

string

default:"desc"

The order in which the results will be returned. (asc or desc)

query

object

One of the supported queries.

Domain Query
Auth Domain Query
Password Query
Email Query
Keyword Query

{
  "type": "domain",
  "fqdn": "<string>"
}

filters

object

Hide child attributes

imported_at

object

This filter only works for Auth Domain Queries. It will be ignored if used with other query types.

Show child attributes

gte

string

Matches values greater than or equal to the specified timestamp.Format: ISO-8601

lte

string

Matches values lesser than or equal to the specified timestamp.Format: ISO-8601

Search Events

Search Credentials

⌘I

Authentication API

Events API

Global Search API

Account and Session Takeover Prevention (ASTP) API

Management API

Threat-Flow API

Deprecated APIs

Search Credentials

Paging

Body Parameters

Authentication API

Events API

Global Search API

Account and Session Takeover Prevention (ASTP) API

Management API

Threat-Flow API

Deprecated APIs

​Paging

​Body Parameters

Paging

Body Parameters