Credentials Global Search
curl --request POST \
--url https://api.flare.io/firework/v4/credentials/global/_search \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"query": {
"type": "<string>",
"fqdn": "<string>"
},
"filters": {
"imported_at": {
"gte": "2023-11-07T05:31:56Z",
"lte": "2023-11-07T05:31:56Z"
}
},
"from": "<string>",
"size": 10,
"include": [],
"order": "desc"
}
'import requests
url = "https://api.flare.io/firework/v4/credentials/global/_search"
payload = {
"query": {
"type": "<string>",
"fqdn": "<string>"
},
"filters": { "imported_at": {
"gte": "2023-11-07T05:31:56Z",
"lte": "2023-11-07T05:31:56Z"
} },
"from": "<string>",
"size": 10,
"include": [],
"order": "desc"
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
query: {type: '<string>', fqdn: '<string>'},
filters: {imported_at: {gte: '2023-11-07T05:31:56Z', lte: '2023-11-07T05:31:56Z'}},
from: '<string>',
size: 10,
include: [],
order: 'desc'
})
};
fetch('https://api.flare.io/firework/v4/credentials/global/_search', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.flare.io/firework/v4/credentials/global/_search",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'query' => [
'type' => '<string>',
'fqdn' => '<string>'
],
'filters' => [
'imported_at' => [
'gte' => '2023-11-07T05:31:56Z',
'lte' => '2023-11-07T05:31:56Z'
]
],
'from' => '<string>',
'size' => 10,
'include' => [
],
'order' => 'desc'
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://api.flare.io/firework/v4/credentials/global/_search"
payload := strings.NewReader("{\n \"query\": {\n \"type\": \"<string>\",\n \"fqdn\": \"<string>\"\n },\n \"filters\": {\n \"imported_at\": {\n \"gte\": \"2023-11-07T05:31:56Z\",\n \"lte\": \"2023-11-07T05:31:56Z\"\n }\n },\n \"from\": \"<string>\",\n \"size\": 10,\n \"include\": [],\n \"order\": \"desc\"\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://api.flare.io/firework/v4/credentials/global/_search")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"query\": {\n \"type\": \"<string>\",\n \"fqdn\": \"<string>\"\n },\n \"filters\": {\n \"imported_at\": {\n \"gte\": \"2023-11-07T05:31:56Z\",\n \"lte\": \"2023-11-07T05:31:56Z\"\n }\n },\n \"from\": \"<string>\",\n \"size\": 10,\n \"include\": [],\n \"order\": \"desc\"\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.flare.io/firework/v4/credentials/global/_search")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"query\": {\n \"type\": \"<string>\",\n \"fqdn\": \"<string>\"\n },\n \"filters\": {\n \"imported_at\": {\n \"gte\": \"2023-11-07T05:31:56Z\",\n \"lte\": \"2023-11-07T05:31:56Z\"\n }\n },\n \"from\": \"<string>\",\n \"size\": 10,\n \"include\": [],\n \"order\": \"desc\"\n}"
response = http.request(request)
puts response.read_body{
"items": [
{
"auth_domains": ["login.live.com"],
"domain": "scatterholt.com",
"hash": "B@dPassw0rd",
"hash_type": null,
"id": 33880703907,
"identity_name": "ryan.howard@scatterholt.com",
"imported_at": "2024-07-22T19:25:52.893439+00:00",
"known_password_id": null,
"source": {
"breached_at": null,
"description_en": "Collection of multiple combo lists (emails and passwords) exchanged on illicit networks.",
"description_fr": "Collection de multiples listes \"combos\" (adresses courriel et mots de passe) \u00e9chang\u00e9es sur des r\u00e9seaux illicites.",
"id": "combolists",
"is_alert_enabled": true,
"leaked_at": null,
"name": "Combolists"
},
"source_id": "combolists"
},
{
"auth_domains": ["www.facebook.com", "discord.com"],
"domain": "scatterholt.com",
"hash": "1qaz2wsx",
"hash_type": "unknown",
"id": 33880703906,
"identity_name": "ryan.howard@scatterholt.com",
"imported_at": "2024-07-22T19:25:52.893439+00:00",
"known_password_id": null,
"source": {
"breached_at": null,
"description_en": "Collection of multiple combo lists (emails and passwords) exchanged on illicit networks.",
"description_fr": "Collection de multiples listes \"combos\" (adresses courriel et mots de passe) \u00e9chang\u00e9es sur des r\u00e9seaux illicites.",
"id": "combolists",
"is_alert_enabled": true,
"leaked_at": null,
"name": "Combolists"
},
"source_id": "combolists"
}
],
"next": "WyJjb20uc2NhdHRlcmhvbHQiLCAxNjczNjg4ODg4NV0"
}
Global Search API
Search Credentials
POST
/
firework
/
v4
/
credentials
/
global
/
_search
Credentials Global Search
curl --request POST \
--url https://api.flare.io/firework/v4/credentials/global/_search \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"query": {
"type": "<string>",
"fqdn": "<string>"
},
"filters": {
"imported_at": {
"gte": "2023-11-07T05:31:56Z",
"lte": "2023-11-07T05:31:56Z"
}
},
"from": "<string>",
"size": 10,
"include": [],
"order": "desc"
}
'import requests
url = "https://api.flare.io/firework/v4/credentials/global/_search"
payload = {
"query": {
"type": "<string>",
"fqdn": "<string>"
},
"filters": { "imported_at": {
"gte": "2023-11-07T05:31:56Z",
"lte": "2023-11-07T05:31:56Z"
} },
"from": "<string>",
"size": 10,
"include": [],
"order": "desc"
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
query: {type: '<string>', fqdn: '<string>'},
filters: {imported_at: {gte: '2023-11-07T05:31:56Z', lte: '2023-11-07T05:31:56Z'}},
from: '<string>',
size: 10,
include: [],
order: 'desc'
})
};
fetch('https://api.flare.io/firework/v4/credentials/global/_search', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.flare.io/firework/v4/credentials/global/_search",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'query' => [
'type' => '<string>',
'fqdn' => '<string>'
],
'filters' => [
'imported_at' => [
'gte' => '2023-11-07T05:31:56Z',
'lte' => '2023-11-07T05:31:56Z'
]
],
'from' => '<string>',
'size' => 10,
'include' => [
],
'order' => 'desc'
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://api.flare.io/firework/v4/credentials/global/_search"
payload := strings.NewReader("{\n \"query\": {\n \"type\": \"<string>\",\n \"fqdn\": \"<string>\"\n },\n \"filters\": {\n \"imported_at\": {\n \"gte\": \"2023-11-07T05:31:56Z\",\n \"lte\": \"2023-11-07T05:31:56Z\"\n }\n },\n \"from\": \"<string>\",\n \"size\": 10,\n \"include\": [],\n \"order\": \"desc\"\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://api.flare.io/firework/v4/credentials/global/_search")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"query\": {\n \"type\": \"<string>\",\n \"fqdn\": \"<string>\"\n },\n \"filters\": {\n \"imported_at\": {\n \"gte\": \"2023-11-07T05:31:56Z\",\n \"lte\": \"2023-11-07T05:31:56Z\"\n }\n },\n \"from\": \"<string>\",\n \"size\": 10,\n \"include\": [],\n \"order\": \"desc\"\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.flare.io/firework/v4/credentials/global/_search")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"query\": {\n \"type\": \"<string>\",\n \"fqdn\": \"<string>\"\n },\n \"filters\": {\n \"imported_at\": {\n \"gte\": \"2023-11-07T05:31:56Z\",\n \"lte\": \"2023-11-07T05:31:56Z\"\n }\n },\n \"from\": \"<string>\",\n \"size\": 10,\n \"include\": [],\n \"order\": \"desc\"\n}"
response = http.request(request)
puts response.read_body{
"items": [
{
"auth_domains": ["login.live.com"],
"domain": "scatterholt.com",
"hash": "B@dPassw0rd",
"hash_type": null,
"id": 33880703907,
"identity_name": "ryan.howard@scatterholt.com",
"imported_at": "2024-07-22T19:25:52.893439+00:00",
"known_password_id": null,
"source": {
"breached_at": null,
"description_en": "Collection of multiple combo lists (emails and passwords) exchanged on illicit networks.",
"description_fr": "Collection de multiples listes \"combos\" (adresses courriel et mots de passe) \u00e9chang\u00e9es sur des r\u00e9seaux illicites.",
"id": "combolists",
"is_alert_enabled": true,
"leaked_at": null,
"name": "Combolists"
},
"source_id": "combolists"
},
{
"auth_domains": ["www.facebook.com", "discord.com"],
"domain": "scatterholt.com",
"hash": "1qaz2wsx",
"hash_type": "unknown",
"id": 33880703906,
"identity_name": "ryan.howard@scatterholt.com",
"imported_at": "2024-07-22T19:25:52.893439+00:00",
"known_password_id": null,
"source": {
"breached_at": null,
"description_en": "Collection of multiple combo lists (emails and passwords) exchanged on illicit networks.",
"description_fr": "Collection de multiples listes \"combos\" (adresses courriel et mots de passe) \u00e9chang\u00e9es sur des r\u00e9seaux illicites.",
"id": "combolists",
"is_alert_enabled": true,
"leaked_at": null,
"name": "Combolists"
},
"source_id": "combolists"
}
],
"next": "WyJjb20uc2NhdHRlcmhvbHQiLCAxNjczNjg4ODg4NV0"
}
This endpoint is subject to quotas and is subject to the
Search ratelimiting tier.
See
Rate Limits and Quotas .Flare supports searching in credentials via two endpoints:
- The Global Credentials Search endpoint : This endpoint counts towards your global search quota.
- The ASTP Credentials Search Endpoint : This endpoint does not count towards your search quota but requires ASTP to be enabled on your account. For more information about ASTP, contact your Customer Success Manager.
{
"items": [
{
"auth_domains": ["login.live.com"],
"domain": "scatterholt.com",
"hash": "B@dPassw0rd",
"hash_type": null,
"id": 33880703907,
"identity_name": "ryan.howard@scatterholt.com",
"imported_at": "2024-07-22T19:25:52.893439+00:00",
"known_password_id": null,
"source": {
"breached_at": null,
"description_en": "Collection of multiple combo lists (emails and passwords) exchanged on illicit networks.",
"description_fr": "Collection de multiples listes \"combos\" (adresses courriel et mots de passe) \u00e9chang\u00e9es sur des r\u00e9seaux illicites.",
"id": "combolists",
"is_alert_enabled": true,
"leaked_at": null,
"name": "Combolists"
},
"source_id": "combolists"
},
{
"auth_domains": ["www.facebook.com", "discord.com"],
"domain": "scatterholt.com",
"hash": "1qaz2wsx",
"hash_type": "unknown",
"id": 33880703906,
"identity_name": "ryan.howard@scatterholt.com",
"imported_at": "2024-07-22T19:25:52.893439+00:00",
"known_password_id": null,
"source": {
"breached_at": null,
"description_en": "Collection of multiple combo lists (emails and passwords) exchanged on illicit networks.",
"description_fr": "Collection de multiples listes \"combos\" (adresses courriel et mots de passe) \u00e9chang\u00e9es sur des r\u00e9seaux illicites.",
"id": "combolists",
"is_alert_enabled": true,
"leaked_at": null,
"name": "Combolists"
},
"source_id": "combolists"
}
],
"next": "WyJjb20uc2NhdHRlcmhvbHQiLCAxNjczNjg4ODg4NV0"
}
Paging
This endpoint supports the Flare standard paging pattern .Body Parameters
Maximum size of the JSON object that will be returned (maximum 10 000)
The
next value from the last response.The order in which the results will be returned. (
asc or desc)Additional fields to return. Available options:
known_password_id: ID of the credential’s password.auth_domains: for each credential, up to 100 hosts (domain only, e.g.login.example.com) where the credential was seen being used.
One of the supported queries.
- Domain Query
- Auth Domain Query
- Password Query
- Email Query
- Keyword Query
This query will match all credentials that contain the specified domain in the email address.
{
"type": "domain",
"fqdn": "<string>"
}
This query will match the domain of the service that this credential might have been used to log in to.
{
"type": "auth_domain",
"fqdn": "<string>"
}
This query will match all credentials that contain the specified password.
{
"type": "secret",
"secret": "<string>"
}
This query will match all credentials for the exact email address.
{
"type": "email",
"email": "<string>"
}
This query will match with the credential’s username, which is the portion of the
identity_name that preceeds @.{
"type": "keyword",
"keyword": "<string>"
}
Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
Body
application/json
- DomainQuery
- EmailQuery
- KeywordQuery
- SecretQuery
- AuthDomainQuery
Show child attributes
Show child attributes
Show child attributes
Show child attributes
Required range:
1 <= x <= 10000Available options:
known_password_id, auth_domains, urls Available options:
asc, desc Was this page helpful?
⌘I