Skip to main content
POST
/
v1
/
leaks
/
export
Export leaked credentials
curl --request POST \
  --url https://api.projectdiscovery.io/v1/leaks/export \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <api-key>' \
  --data '{
  "type": "all",
  "domain": "<string>",
  "email": "<string>",
  "search": "<string>",
  "limit": 123,
  "page_number": 123,
  "start_date": "2023-12-25",
  "time_range": "all_time",
  "end_date": "2023-12-25",
  "sort_by": "url",
  "sort_order": "asc",
  "status": "fixed",
  "group_by": "url",
  "url": "<string>",
  "country": "<string>",
  "device_ip": "<string>",
  "hostname": "<string>",
  "hardware_id": "<string>"
}'
{
  "data": [
    {
      "id": "<string>",
      "url": "<string>",
      "username": "<string>",
      "password": "<string>",
      "device_ip": "<string>",
      "hostname": "<string>",
      "os": "<string>",
      "malware_path": "<string>",
      "country": "<string>",
      "log_date": "<string>",
      "hardware_id": "<string>",
      "domain": "<string>",
      "email_domain": "<string>",
      "url_domain": "<string>",
      "fetched_at": "<string>",
      "status": "<string>",
      "user_type": "<string>"
    }
  ],
  "total_leaks": 123,
  "total_pages": 123,
  "total_count": 123,
  "summary": {
    "total_leaks": 123,
    "personal_leaks": 123,
    "employee_leaks": 123,
    "customer_leaks": 123,
    "external_vendor_leaks": 123,
    "organization_leaks": 123
  },
  "group_summary": [
    {}
  ]
}

Overview

Export leaked credentials data with the same filtering capabilities as the main leaks endpoint. Supports both JSON and CSV formats for easy integration with external tools and reporting systems.

Export Formats

JSON Format

Returns structured data identical to the GET /v1/leaks endpoint response.

CSV Format

Returns comma-separated values with headers, perfect for spreadsheet applications and data analysis tools.

Request Body

The export endpoint accepts the same filtering parameters as the GET /v1/leaks endpoint in the request body: 
{
  "type": "all",
  "domain": "example.com", 
  "email": "user@example.com",
  "search": "facebook",
  "limit": 1000,
  "page_number": 1,
  "start_date": "2023-01-01",
  "end_date": "2023-12-31",
  "time_range": "last_6_months",
  "sort_by": "log_date",
  "sort_order": "desc",
  "status": "open",
  "group_by": "url"
}

Response Examples

JSON Export Response

{
  "data": [
    {
      "id": "leak_id_hash",
      "url": "https://example.com",
      "username": "user@example.com", 
      "password": "masked_password",
      "device_ip": "192.168.1.1",
      "hostname": "DESKTOP-ABC123",
      "os": "Windows 10",
      "country": "United States",
      "log_date": "2023-01-15",
      "hardware_id": "hw_12345",
      "domain": "example.com",
      "email_domain": "example.com",
      "url_domain": "example.com",
      "status": "open",
      "user_type": "employee"
    }
  ],
  "total_leaks": 150,
  "summary": {
    "total_leaks": 150,
    "personal_leaks": 25,
    "employee_leaks": 100,
    "customer_leaks": 25
  }
}

CSV Export Response

id,url,username,password,device_ip,hostname,os,country,log_date,hardware_id,domain,email_domain,url_domain,status,user_type
leak_id_hash,https://example.com,user@example.com,masked_password,192.168.1.1,DESKTOP-ABC123,Windows 10,United States,2023-01-15,hw_12345,example.com,example.com,example.com,open,employee

Usage Examples

Export all leaks as JSON

curl -X POST "https://api.projectdiscovery.io/v1/leaks/export?format=json" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "all"
  }'

Export employee leaks as CSV

curl -X POST "https://api.projectdiscovery.io/v1/leaks/export?format=csv" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "employee",
    "domain": "mycompany.com"
  }'

Export with date filtering

curl -X POST "https://api.projectdiscovery.io/v1/leaks/export" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "time_range": "last_3_months",
    "status": "open",
    "sort_by": "log_date",
    "sort_order": "desc"
  }'

Best Practices

Large Datasets

  • Use pagination (limit and page_number) for large exports
  • Consider filtering by date ranges to reduce response size
  • CSV format is more efficient for large datasets

Security Considerations

  • Exported data may contain sensitive information
  • Ensure secure handling and storage of exported files
  • Password unmasking follows the same ACL rules as the main leaks endpoint

Performance Tips

  • Use specific filters to reduce export size
  • CSV exports are generally faster for large datasets
  • Consider using group_by for summary reports instead of full exports

Authorizations

X-API-Key
string
header
required

Headers

X-Team-Id
string

Retrieve the Team ID from: https://cloud.projectdiscovery.io/settings/team

Query Parameters

format
enum<string>
default:json

Export format (json or csv)

Available options:
json,
csv

Body

application/json
type
enum<string>
default:all

Filter by specific leak type (single value only)

Available options:
all,
personal,
employee,
customer,
external_vendor_leaks,
organization_leaks
domain
string

Filter leaks by specific domain (applies to employee/customer leaks)

email
string

Filter leaks by specific email (can be personal, employee, or customer email from user's authorized results)

search
string

Search query to filter results across all fields

limit
number

Number of results per page for pagination

page_number
number

Page number for pagination (starts from 1)

start_date
string<date>

time filter start date

time_range
enum<string>
default:all_time
Available options:
all_time,
current_month,
last_month,
last_3_months,
last_6_months,
last_12_months
end_date
string<date>

time filter end date

sort_by
enum<string>

supported sort fields

Available options:
url,
username,
log_date,
country,
device_ip,
host_username,
hostname,
os,
hardware_id,
malware_path
sort_order
enum<string>

supported sort order (asc or desc)

Available options:
asc,
desc
status
enum<string>

supported status (fixed or open)

Available options:
fixed,
open
group_by
enum<string>

Group results by field - returns group summaries when used without field-specific filtering

Available options:
url,
country,
device_ip,
hostname,
email,
hardware_id
url
string

Filter by specific URL (used with group_by for drill-down)

country
string

Filter by specific country (used with group_by for drill-down)

device_ip
string

Filter by specific device IP (used with group_by for drill-down)

hostname
string

Filter by specific hostname (used with group_by for drill-down)

hardware_id
string

Filter by specific hardware ID (used with group_by for drill-down)

Response

Export data returned successfully

data
object[]
total_leaks
number
total_pages
number
total_count
number
summary
object
group_summary
object[]

Group summary data when group_by parameter is used

Dynamic group summary with field name as key and count