Introduction
SpyCloud's Data Partnership API is a programmatic interface into our vast collection of breach records and surrounding metadata.
See API Guidelines for authentication, configuration, and error handling details. Most API resources support pagination. See Pagination.
API Reference
Additional PCI and PII endpoints
PCI and PII endpoints have been added to the Data Partner API for the following assets:
- Social Security Number
- National ID
- Bank Number
- Passport Number
- Drivers License
- Credit Card Number
Due to the special asset masking requirements, you will be provisioned a second Consumer ATO Protection API key with access to the new endpoints. Your current API key will remain active to make queries to the Breach Catalog, Email, Username, and Phone endpoints. If the existing API key is used against the new endpoints, the API will return a 403 error of: "User is not authorized to access this resource with an explicit deny."
PCI/PII Request
These additional endpoints will take a single query value as input. The query input value can be in plaintext (except for credit card and social security) or as a SHA-1/256/512 hash. Before hashing, you must normalize the query value as described in the API Reference section.
Example Requests
To search for a specific social security number of 123-45-6789, a SHA-1 hash of 123456789 needs to be created which results in 15e2b0d3c33891ebb0f1ef609ec419420c20e320ce94c65fbc8c3312448eb225. The below is the syntax used: https://api.spycloud.io/sp-v2/breach/data/social-security-number/15e2b0d3c33891ebb0f1ef609ec419420c20e320ce94c65fbc8c3312448eb225?since=2020-01-01
Response
The new endpoints will return the same JSON formatted response as the current Consumer ATO Protection endpoints. Due to compliance and security requirements, all assets in the Breach Record will be masked with a fixed length of 8 asterisks "************" except:
- document_id
- source_id
- spycloud_publish_date
- record_modification_date
- record_addition_date
- record_cracked_date