🧭 Consumer IDLink API — Overview

Correlate multiple identifiers to a single consumer exposure view. Consumer IDLink API helps you understand a holistic risk picture by linking identity artifacts (e.g., email, phone, username, IP) across breach, malware, and phished sources—so your policies can make better decisions with fewer false positives.

💡 Why Use It

• Go beyond single-identifier lookups to see the full exposure footprint of a consumer.
• Prioritize action (reset, step-up, monitor) using correlated context like exposure source, recency, and frequency.
• Improve precision and reduce unnecessary friction by making decisions on a more complete identity view.

✅ What It Can Do

• Correlate identifiers (email, username, phone, IP) to assemble a unified exposure profile per consumer.
• Return aggregated exposure signals by source (breach/malware/phished), including counts and severity indicators.
• Provide reference keys (e.g., source_id) that align to the Breach Catalog for downstream analysis and reporting.
• Support batch hygiene and on-demand checks to fit real-time and offline workflows.

⚙️ How It Works

Your application submits one or more consumer identifiers (e.g., email, username, phone, IP). Consumer IDLink API correlates these artifacts across SpyCloud’s datasets and returns an aggregated exposure view for that consumer.

Note: If you use the Breach Catalog, you can enrich/report on results by joining on source_id.

🧭 When to Use It

• Background hygiene sweeps – Periodically evaluate your consumer base to find high-risk identities that single-identifier checks might miss.
• High-value transactions – Run a deeper risk check before allowing sensitive actions (e.g., major purchases, profile changes).
• Synthetic identity screening – Correlate fragmented artifacts to spot risky sign-ups with inconsistent or overexposed identities.
• Tiered policy decisions – Use correlated context to decide reset vs. step-up vs. monitor with better precision.