> ## Documentation Index > Fetch the complete documentation index at: https://docs.projectdiscovery.io/llms.txt > Use this file to discover all available pages before exploring further. # Export leaked credentials > Export leaked credentials with filtering by type, domain, email, date range, and more. Passwords are unmasked after domain verification. See [Domain Verification](/cloud/credential-monitoring#domain-verification) for setup instructions. ## Overview Export leaked credentials data with filtering by type, domain, email, date range, and more. Supports both JSON and CSV formats for easy integration with external tools and reporting systems. **Password Unmasking**: Passwords are displayed unmasked after [domain verification](/cloud/credential-monitoring#domain-verification). Without verification, passwords appear as `***MASKED***`. ## Export Formats ### JSON Format Returns structured data identical to the GET `/v1/leaks` endpoint response. ### CSV Format Returns comma-separated values with headers, perfect for spreadsheet applications and data analysis tools. ## Request Body The export endpoint accepts the same filtering parameters as the GET `/v1/leaks` endpoint in the request body: ```json theme={null} { "type": "all", "domain": "example.com", "email": "user@example.com", "search": "facebook", "limit": 1000, "page_number": 1, "start_date": "2023-01-01", "end_date": "2023-12-31", "time_range": "last_6_months", "sort_by": "log_date", "sort_order": "desc", "status": "open", "group_by": "url" } ``` ## Response Examples ### JSON Export Response ```json theme={null} { "data": [ { "id": "leak_id_hash", "url": "https://example.com", "username": "user@example.com", "password": "masked_password", "device_ip": "192.168.1.1", "hostname": "DESKTOP-ABC123", "os": "Windows 10", "country": "United States", "log_date": "2023-01-15", "hardware_id": "hw_12345", "domain": "example.com", "email_domain": "example.com", "url_domain": "example.com", "status": "open", "user_type": "employee" } ], "total_leaks": 150, "summary": { "total_leaks": 150, "personal_leaks": 25, "employee_leaks": 100, "customer_leaks": 25 } } ``` ### CSV Export Response ```csv theme={null} id,url,username,password,device_ip,hostname,os,country,log_date,hardware_id,domain,email_domain,url_domain,status,user_type leak_id_hash,https://example.com,user@example.com,masked_password,192.168.1.1,DESKTOP-ABC123,Windows 10,United States,2023-01-15,hw_12345,example.com,example.com,example.com,open,employee ``` ## Usage Examples ### Export all leaks as JSON ```bash theme={null} curl -X POST "https://api.projectdiscovery.io/v1/leaks/export?format=json" \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "type": "all" }' ``` ### Export employee leaks as CSV ```bash theme={null} curl -X POST "https://api.projectdiscovery.io/v1/leaks/export?format=csv" \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "type": "employee", "domain": "mycompany.com" }' ``` ### Export with date filtering ```bash theme={null} curl -X POST "https://api.projectdiscovery.io/v1/leaks/export" \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "time_range": "last_3_months", "status": "open", "sort_by": "log_date", "sort_order": "desc" }' ``` ## Best Practices ### Large Datasets * Use pagination (`limit` and `page_number`) for large exports * Consider filtering by date ranges to reduce response size * CSV format is more efficient for large datasets ### Security Considerations * Exported data may contain sensitive information including unmasked passwords * Ensure secure handling and storage of exported files * Passwords are unmasked after [domain verification](/cloud/credential-monitoring#domain-verification) ### Performance Tips * Use specific filters to reduce export size * CSV exports are generally faster for large datasets * Consider using `group_by` for summary reports instead of full exports ## OpenAPI ````yaml post /v1/leaks/export openapi: 3.1.0 info: title: PDCP API version: '1.0' summary: ProjectDiscovery Cloud Platform description: >- For more details, checkout https://docs.projectdiscovery.io/api-reference/editor/scan servers: - url: https://api.projectdiscovery.io description: Production - url: https://api.dev.projectdiscovery.io description: Development - url: http://localhost:8085 description: Localhost security: - X-API-Key: [] paths: /v1/leaks/export: post: tags: - export summary: Export leaked credentials description: >- Export leaked credentials with filtering by type, domain, email, date range, and more. Passwords are unmasked after domain verification. See [Domain Verification](/cloud/credential-monitoring#domain-verification) for setup instructions. operationId: post-v1-leaks-export parameters: - schema: type: string enum: - json - csv default: json in: query name: format description: Export format (json or csv) - schema: type: string in: header description: >- Retrieve the Team ID from: https://cloud.projectdiscovery.io/settings/team name: X-Team-Id requestBody: required: true content: application/json: schema: type: object properties: type: type: string enum: - all - personal - employee - customer - external_vendor_leaks - organization_leaks default: all description: Filter by specific leak type (single value only) domain: type: string description: >- Filter leaks by specific domain (applies to employee/customer leaks) email: type: string description: >- Filter leaks by specific email (can be personal, employee, or customer email from user's authorized results) search: type: string description: Search query to filter results across all fields limit: type: number description: Number of results per page for pagination page_number: type: number description: Page number for pagination (starts from 1) start_date: type: string format: date description: time filter start date time_range: type: string enum: - all_time - current_month - last_month - last_3_months - last_6_months - last_12_months default: all_time end_date: type: string format: date description: time filter end date sort_by: type: string enum: - url - username - log_date - country - device_ip - host_username - hostname - os - hardware_id - malware_path description: supported sort fields sort_order: type: string enum: - asc - desc description: supported sort order (asc or desc) status: type: string enum: - fixed - open description: supported status (fixed or open) group_by: type: string enum: - url - country - device_ip - hostname - email - hardware_id description: >- Group results by field - returns group summaries when used without field-specific filtering url: type: string description: Filter by specific URL (used with group_by for drill-down) country: type: string description: >- Filter by specific country (used with group_by for drill-down) device_ip: type: string description: >- Filter by specific device IP (used with group_by for drill-down) hostname: type: string description: >- Filter by specific hostname (used with group_by for drill-down) hardware_id: type: string description: >- Filter by specific hardware ID (used with group_by for drill-down) responses: '200': description: Export data returned successfully content: application/json: schema: type: object properties: data: type: array items: type: object properties: id: type: string url: type: string username: type: string password: type: string device_ip: type: string hostname: type: string os: type: string malware_path: type: string country: type: string log_date: type: string hardware_id: type: string domain: type: string email_domain: type: string url_domain: type: string fetched_at: type: string status: type: string user_type: type: string description: >- Classification of leak type (personal, employee, customer, external_vendor_leaks, organization_leaks) total_leaks: type: number total_pages: type: number total_count: type: number summary: type: object properties: total_leaks: type: number personal_leaks: type: number employee_leaks: type: number customer_leaks: type: number external_vendor_leaks: type: number description: >- Employee leaks on external vendor systems (login URL domain != email domain) organization_leaks: type: number description: >- Employee leaks on organization systems (login URL domain == email domain) group_summary: type: array description: Group summary data when group_by parameter is used items: type: object additionalProperties: true description: Dynamic group summary with field name as key and count text/csv: schema: type: string description: CSV formatted export data '400': $ref: '#/components/responses/MessageResponse' '401': $ref: '#/components/responses/MessageResponse' '403': $ref: '#/components/responses/MessageResponse' '404': $ref: '#/components/responses/MessageResponse' '500': $ref: '#/components/responses/MessageResponse' default: $ref: '#/components/responses/ErrorResponse' components: responses: MessageResponse: description: Example response content: application/json: schema: type: object properties: message: type: string required: - message ErrorResponse: description: Example response content: application/json: schema: type: object required: - message properties: message: type: string kind: type: string code: type: string error: type: string error_id: type: string param: type: string status: type: integer securitySchemes: X-API-Key: name: X-API-Key type: apiKey in: header ````