> ## Documentation Index
> Fetch the complete documentation index at: https://api.docs.flare.io/llms.txt
> Use this file to discover all available pages before exploring further.
# Search Credentials
This endpoint is subject to quotas and is subject to the `Search` ratelimiting tier.
See
[Rate Limits and Quotas ](/concepts/rate-limits-and-quotas).
Flare supports searching in credentials via two endpoints:
* The [Global Credentials Search endpoint ](/api-reference/v4/endpoints/credentials-global-search): This endpoint counts towards your global search quota.
* The [ASTP Credentials Search Endpoint ](/api-reference/astp/endpoints/post-credentials-search): This endpoint does not count towards your search quota but requires ASTP to be enabled on your account. For more information about ASTP, contact your Customer Success Manager.
Returns a list of credentials matching the query provided.
```json Response Example theme={null}
{
"items": [
{
"auth_domains": ["login.live.com"],
"domain": "scatterholt.com",
"hash": "B@dPassw0rd",
"hash_type": null,
"id": 33880703907,
"identity_name": "ryan.howard@scatterholt.com",
"imported_at": "2024-07-22T19:25:52.893439+00:00",
"known_password_id": null,
"source": {
"breached_at": null,
"description_en": "Collection of multiple combo lists (emails and passwords) exchanged on illicit networks.",
"description_fr": "Collection de multiples listes \"combos\" (adresses courriel et mots de passe) \u00e9chang\u00e9es sur des r\u00e9seaux illicites.",
"id": "combolists",
"is_alert_enabled": true,
"leaked_at": null,
"name": "Combolists"
},
"source_id": "combolists"
},
{
"auth_domains": ["www.facebook.com", "discord.com"],
"domain": "scatterholt.com",
"hash": "1qaz2wsx",
"hash_type": "unknown",
"id": 33880703906,
"identity_name": "ryan.howard@scatterholt.com",
"imported_at": "2024-07-22T19:25:52.893439+00:00",
"known_password_id": null,
"source": {
"breached_at": null,
"description_en": "Collection of multiple combo lists (emails and passwords) exchanged on illicit networks.",
"description_fr": "Collection de multiples listes \"combos\" (adresses courriel et mots de passe) \u00e9chang\u00e9es sur des r\u00e9seaux illicites.",
"id": "combolists",
"is_alert_enabled": true,
"leaked_at": null,
"name": "Combolists"
},
"source_id": "combolists"
}
],
"next": "WyJjb20uc2NhdHRlcmhvbHQiLCAxNjczNjg4ODg4NV0"
}
```
## Paging
This endpoint supports the
[Flare standard paging pattern ](/concepts/paging).
## Body Parameters
Maximum size of the JSON object that will be returned (maximum 10 000)
The `next` value from the last response.
Additional fields to return. Available options:
* `known_password_id`: ID of the credential's password.
* `auth_domains`: for each credential, return up to 10 domains where this credential was used.
The order in which the results will be returned. (`asc` or `desc`)
One of the supported queries.
This query will match all credentials that contain the specified domain in the email address.
```json theme={null}
{
"type": "domain",
"fqdn": ""
}
```
This query will match the domain of the service that this credential might have been used to log in to.
```json theme={null}
{
"type": "auth_domain",
"fqdn": ""
}
```
This query will match all credentials that contain the specified password.
```json theme={null}
{
"type": "secret",
"secret": ""
}
```
This query will match all credentials for the exact email address.
```json theme={null}
{
"type": "email",
"email": ""
}
```
This query will match with the credential's username, which is the portion of the `identity_name` that preceeds `@`.
```json theme={null}
{
"type": "keyword",
"keyword": ""
}
```
This filter only works for Auth Domain Queries. It will be ignored if used with other query types.
Matches values greater than or equal to the specified timestamp.
Format: ISO-8601
Matches values lesser than or equal to the specified timestamp.
Format: ISO-8601
## OpenAPI
````yaml firework-v4-openapi post /firework/v4/credentials/global/_search
openapi: 3.1.0
info:
title: Firework API
version: v4
servers:
- url: https://api.flare.io
security:
- BearerAuth: []
paths:
/firework/v4/credentials/global/_search:
post:
tags:
- public
summary: Credentials Global Search
operationId: credentials_global_search_credentials_global__search_post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CredentialsQueryPayload'
required: true
responses:
'200':
description: Successful Response
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedResults_Credential_str_'
'422':
description: Validation Error
content:
application/json:
schema:
$ref: '#/components/schemas/HTTPValidationError'
components:
schemas:
CredentialsQueryPayload:
properties:
query:
oneOf:
- $ref: '#/components/schemas/DomainQuery'
- $ref: '#/components/schemas/EmailQuery'
- $ref: '#/components/schemas/KeywordQuery'
- $ref: '#/components/schemas/SecretQuery'
- $ref: '#/components/schemas/AuthDomainQuery'
title: Query
discriminator:
propertyName: type
mapping:
auth_domain:
$ref: '#/components/schemas/AuthDomainQuery'
domain:
$ref: '#/components/schemas/DomainQuery'
email:
$ref: '#/components/schemas/EmailQuery'
keyword:
$ref: '#/components/schemas/KeywordQuery'
secret:
$ref: '#/components/schemas/SecretQuery'
filters:
$ref: '#/components/schemas/CredentialsQueryFilters'
from:
anyOf:
- type: string
- type: 'null'
title: From
size:
type: integer
maximum: 10000
minimum: 1
title: Size
default: 10
include:
items:
$ref: '#/components/schemas/IncludeOptions'
type: array
title: Include
order:
$ref: '#/components/schemas/OrderType'
default: desc
type: object
required:
- query
title: CredentialsQueryPayload
PaginatedResults_Credential_str_:
properties:
items:
items:
$ref: '#/components/schemas/Credential'
type: array
title: Items
next:
anyOf:
- type: string
- type: 'null'
title: Next
type: object
required:
- items
- next
title: PaginatedResults[Credential, str]
HTTPValidationError:
properties:
detail:
items:
$ref: '#/components/schemas/ValidationError'
type: array
title: Detail
type: object
title: HTTPValidationError
DomainQuery:
properties:
type:
type: string
const: domain
title: Type
fqdn:
type: string
title: Fqdn
type: object
required:
- type
- fqdn
title: DomainQuery
EmailQuery:
properties:
type:
type: string
const: email
title: Type
email:
type: string
title: Email
type: object
required:
- type
- email
title: EmailQuery
KeywordQuery:
properties:
type:
type: string
const: keyword
title: Type
keyword:
type: string
title: Keyword
type: object
required:
- type
- keyword
title: KeywordQuery
SecretQuery:
properties:
type:
type: string
const: secret
title: Type
secret:
type: string
title: Secret
type: object
required:
- type
- secret
title: SecretQuery
AuthDomainQuery:
properties:
type:
type: string
const: auth_domain
title: Type
fqdn:
type: string
title: Fqdn
type: object
required:
- type
- fqdn
title: AuthDomainQuery
CredentialsQueryFilters:
properties:
imported_at:
$ref: '#/components/schemas/CredentialsDateFilter'
type: object
title: CredentialsQueryFilters
IncludeOptions:
type: string
enum:
- known_password_id
- auth_domains
title: IncludeOptions
OrderType:
type: string
enum:
- asc
- desc
title: OrderType
Credential:
properties:
id:
type: integer
title: Id
identity_name:
type: string
title: Identity Name
domain:
anyOf:
- type: string
- type: 'null'
title: Domain
source_id:
type: string
title: Source Id
imported_at:
type: string
title: Imported At
hash:
anyOf:
- type: string
- type: 'null'
title: Hash
hash_type:
anyOf:
- type: string
- type: 'null'
title: Hash Type
source:
anyOf:
- $ref: '#/components/schemas/SourceV2'
- type: 'null'
known_password_id:
anyOf:
- type: integer
- type: 'null'
title: Known Password Id
credential_hash:
anyOf:
- type: string
- type: 'null'
title: Credential Hash
event_uid:
anyOf:
- type: string
- type: 'null'
title: Event Uid
auth_domains:
items:
type: string
type: array
title: Auth Domains
type: object
required:
- id
- identity_name
- domain
- source_id
- imported_at
- hash
- hash_type
- source
- known_password_id
- credential_hash
- event_uid
title: Credential
ValidationError:
properties:
loc:
items:
anyOf:
- type: string
- type: integer
type: array
title: Location
msg:
type: string
title: Message
type:
type: string
title: Error Type
input:
title: Input
ctx:
type: object
title: Context
type: object
required:
- loc
- msg
- type
title: ValidationError
CredentialsDateFilter:
properties:
gte:
anyOf:
- type: string
format: date-time
- type: 'null'
title: Gte
lte:
anyOf:
- type: string
format: date-time
- type: 'null'
title: Lte
type: object
title: CredentialsDateFilter
SourceV2:
properties:
id:
type: string
title: Id
name:
anyOf:
- type: string
- type: 'null'
title: Name
description_en:
anyOf:
- type: string
- type: 'null'
title: Description En
description_fr:
anyOf:
- type: string
- type: 'null'
title: Description Fr
breached_at:
anyOf:
- type: string
- type: 'null'
title: Breached At
leaked_at:
anyOf:
- type: string
- type: 'null'
title: Leaked At
is_alert_enabled:
type: boolean
title: Is Alert Enabled
pii_tags:
anyOf:
- items:
type: string
type: array
- type: 'null'
title: Pii Tags
url:
anyOf:
- type: string
- type: 'null'
title: Url
type: object
required:
- id
- name
- description_en
- description_fr
- breached_at
- leaked_at
- is_alert_enabled
- pii_tags
- url
title: SourceV2
securitySchemes:
BearerAuth:
type: http
scheme: bearer
````