Choosing the Right CAP API
Stop consumer account takeovers before they start.
Empower fraud and security teams with timely identity intelligence so you can detect compromised users and intervene with resets or step-up authentication before unauthorized access, fraud, or brand damage occurs.
What CAP does: Operationalizes SpyCloud’s recaptured identity data from breaches, malware, and phishing to surface exposed credentials and support automated, low-friction controls at registration and login.
✅ Outcomes at a glance
- Reduce ATO and fraud (fewer successful logins with exposed credentials).
- Increase operational efficiency with automated password resets or step-up for only the risky users.
- Preserve customer trust while keeping friction low for legitimate users.
🧩 API options (choose what fits your workflow)
1) User Exposure API
Identify exact-match identity exposures tied to a user (email/username/phone/IP).
Good for: inline checks at account creation or login, background hygiene sweeps, malware/phish exposure checks.
2) Password Exposure API
Check whether a password has appeared in SpyCloud’s corpus (k-anonymity supported).
Good for: NIST-aligned password policy, registration/login checks, background hygiene.
3) Consumer IDLink API
Reveal holistic exposure signals for a consumer by correlating identity artifacts across breach/malware/phish for deeper risk decisions.
Good for: Background hygiene, high-value transactions, synthetic identity reviews.
🔎 Where CAP fits in your app
Account creation – block risky sign-ups
Evaluate new registrations for known exposure and weak/reused passwords; prevent synthetic and recycled-credential abuse.
Login – stop stuffing & replay
Detect reused or previously exposed credentials; enforce forced reset or step-up authentication before granting access.
🛠️ When to use which API
| Use Case | API | Match Type | Data Returned | Ideal For | Notes |
|---|---|---|---|---|---|
| Inline password check (login/registration) | User Exposure | Exact match on email/username/phone | Exposed credentials + PII metadata | Low-latency inline checks | Exact-match context. |
| Background password hygiene (batch) | User Exposure | Periodic checks by identifier | Exposed credentials + PII metadata | Low-friction hygiene at scale | Exact-match context. |
| Deeper background hygiene (correlated) | Consumer IDLink | Holistic identity correlation | Aggregated exposures (credentials + PII) | Comprehensive hygiene & risk | Higher latency; batch-friendly. |
| Transaction risk check (high value) | User Exposure → IDLink | Exact → Holistic (as needed) | Exposed identity context | Inline verify; escalate to deeper check | Use IDLink for richer context. |
| Synthetic identity screening (registration) | IDLink → User Exposure | Holistic → Exact (as needed) | Correlated exposure view | Thorough verification at signup | Use exact match to confirm. |
Why ID correlation matters: Turning fragmented, account-centric signals into a risk-ranked, holistic identity enables earlier, more accurate interventions and scalable automation.
🚀 Getting started
- Pick control points – registration and login.
- Select API(s) – start with User Exposure and/or Password Exposure; add Consumer IDLink for deeper correlation.
- Define policies – drive forced reset or step-up auth based on source (breach/malware/phished), severity, and credential risk.
- Automate – integrate via your preferred tools to reduce manual triage.
- Measure & tune – ATO prevented, password resets, step-up success, and user friction.
🧠 Why SpyCloud Consumer ATO Prevention?
- Fresh, actionable data from breaches, malware, and phishing – not stale surface collections.
- Identity correlation to move beyond basic credential matching and inform smarter decisions.
- Automation-ready responses with high-volume REST APIs and structured outputs.
- Password hygiene support for policy enforcement at scale.
Updated 2 months ago