Skip to main content
GET
/
v1
/
leaks
Get all leaked credentials
curl --request GET \
  --url https://api.projectdiscovery.io/v1/leaks \
  --header 'X-API-Key: <api-key>'
{
  "data": [
    {
      "id": "<string>",
      "url": "<string>",
      "username": "<string>",
      "password": "<string>",
      "device_ip": "<string>",
      "hostname": "<string>",
      "os": "<string>",
      "malware_path": "<string>",
      "country": "<string>",
      "log_date": "<string>",
      "hardware_id": "<string>",
      "domain": "<string>",
      "email_domain": "<string>",
      "url_domain": "<string>",
      "fetched_at": "<string>",
      "status": "<string>",
      "user_type": "<string>"
    }
  ],
  "total_leaks": 123,
  "total_pages": 123,
  "total_count": 123,
  "summary": {
    "total_leaks": 123,
    "personal_leaks": 123,
    "employee_leaks": 123,
    "customer_leaks": 123,
    "external_vendor_leaks": 123,
    "organization_leaks": 123
  },
  "group_summary": [
    {}
  ]
}
This is the new consolidated leaks endpoint that replaces the deprecated individual endpoints (/v1/leaks/domain, /v1/leaks/email, /v1/leaks/domain/customers).It returns all types of leaks (personal, employee, customer) with optional filtering by type.

Overview

The consolidated leaks endpoint provides access to all leaked credentials associated with your account:
  • Personal leaks: Leaks associated with your personal email address
  • Employee leaks: Leaks from employees of your verified domains, classified as:
    • organization_leaks: Leaks on organization systems (login URL domain matches email domain)
    • external_vendor_leaks: Leaks on external vendor systems (login URL domain differs from email domain)
  • Customer leaks: Leaks from customers using your verified domains

Key Features

Advanced Filtering

  • Filter by leak type (personal, employee, customer, external_vendor_leaks, organization_leaks)
  • Search across all fields
  • Filter by domain, email, status, and date ranges
  • Sort by various fields (URL, username, log_date, country, etc.)

Grouping & Analytics

Use the group_by parameter to get aggregated data:
  • Group by URL, country, device_ip, hostname, email, or hardware_id
  • Returns group summaries instead of individual leak records
  • Perfect for analytics and reporting

Pagination

  • Standard pagination with limit and page_number parameters
  • Default limit: 20 results per page

Response Structure

Individual Leaks Response

{
  "data": [
    {
      "id": "leak_id_hash",
      "url": "https://example.com",
      "username": "user@example.com",
      "password": "masked_or_unmasked",
      "device_ip": "192.168.1.1",
      "hostname": "DESKTOP-ABC123",
      "os": "Windows 10",
      "country": "United States",
      "log_date": "2023-01-15",
      "hardware_id": "hw_12345",
      "domain": "example.com",
      "email_domain": "example.com",
      "url_domain": "example.com",
      "status": "open",
      "user_type": "employee"
    }
  ],
  "total_leaks": 150,
  "total_pages": 8,
  "total_count": 150,
  "summary": {
    "total_leaks": 150,
    "personal_leaks": 25,
    "employee_leaks": 100,
    "customer_leaks": 25,
    "external_vendor_leaks": 60,
    "organization_leaks": 40
  }
}

Grouped Response (when using group_by)

{
  "group_summary": [
    {
      "url": "https://facebook.com",
      "count": 45
    },
    {
      "url": "https://linkedin.com", 
      "count": 32
    }
  ],
  "total_leaks": 150
}

Privacy & Security

Access Control

  • Personal leaks: Always accessible to the authenticated user
  • Employee/Customer leaks: Requires domain verification
  • Password unmasking: Requires domain verification

Data Classification

The API automatically classifies employee leaks:
  • Organization leaks: Login URL domain matches or is a subdomain of the email domain
  • External vendor leaks: Login URL domain is completely different from email domain

Migration from Deprecated Endpoints

If you’re currently using the deprecated endpoints, here’s how to migrate:
Deprecated EndpointNew Equivalent
GET /v1/leaks/emailGET /v1/leaks?type=personal
GET /v1/leaks/domainGET /v1/leaks?type=employee
GET /v1/leaks/domain/customersGET /v1/leaks?type=customer

Examples

Get all leaks

curl -X GET "https://api.projectdiscovery.io/v1/leaks" \
  -H "Authorization: Bearer YOUR_API_KEY"

Get only employee leaks

curl -X GET "https://api.projectdiscovery.io/v1/leaks?type=employee" \
  -H "Authorization: Bearer YOUR_API_KEY"

Get leaks grouped by URL

curl -X GET "https://api.projectdiscovery.io/v1/leaks?group_by=url" \
  -H "Authorization: Bearer YOUR_API_KEY"

Search for specific domain

curl -X GET "https://api.projectdiscovery.io/v1/leaks?domain=example.com" \
  -H "Authorization: Bearer YOUR_API_KEY"

Authorizations

X-API-Key
string
header
required

Query Parameters

type
enum<string>
default:all

Filter by specific leak type (single value only)

Available options:
all,
personal,
employee,
customer,
external_vendor_leaks,
organization_leaks
domain
string

Filter leaks by specific domain (applies to employee/customer leaks)

email
string

Filter leaks by specific email (can be personal, employee, or customer email from user's authorized results)

search
string

Search query to filter results across all fields

limit
number

Number of results per page for pagination

page_number
number

Page number for pagination (starts from 1)

start_date
string<date>

time filter start date

time_range
enum<string>
default:all_time
Available options:
all_time,
current_month,
last_month,
last_3_months,
last_6_months,
last_12_months
end_date
string<date>

time filter end date

sort_by
enum<string>

supported sort fields

Available options:
url,
username,
log_date,
country,
device_ip,
host_username,
hostname,
os,
hardware_id,
malware_path
sort_order
enum<string>

supported sort order (asc or desc)

Available options:
asc,
desc
status
enum<string>

supported status (fixed or open)

Available options:
fixed,
open
group_by
enum<string>

Group results by field - returns group summaries when used without field-specific filtering

Available options:
url,
country,
device_ip,
hostname,
email,
hardware_id
url
string

Filter by specific URL (used with group_by for drill-down)

country
string

Filter by specific country (used with group_by for drill-down)

device_ip
string

Filter by specific device IP (used with group_by for drill-down)

hostname
string

Filter by specific hostname (used with group_by for drill-down)

hardware_id
string

Filter by specific hardware ID (used with group_by for drill-down)

Response

OK

data
object[]
total_leaks
number
total_pages
number
total_count
number
summary
object
group_summary
object[]

Group summary data when group_by parameter is used

Dynamic group summary with field name as key and count