Introduction

SpyCloud's Data Partnership API is a programmatic interface into our vast collection of breach records and surrounding metadata.

See API Guidelines for authentication, configuration, and error handling details. Most API resources support pagination. See Pagination.

API Reference

API Reference

Additional PCI and PII endpoints

PCI and PII endpoints have been added to the Data Partner API for the following assets:

Social Security Number
National ID
Bank Number
Passport Number
Drivers License
Credit Card Number

Due to the special asset masking requirements, you will be provisioned a second Consumer ATO Protection API key with access to the new endpoints. Your current API key will remain active to make queries to the Breach Catalog, Email, Username, and Phone endpoints. If the existing API key is used against the new endpoints, the API will return a 403 error of: "User is not authorized to access this resource with an explicit deny."

PCI/PII Request

These additional endpoints will take a single query value as input. The query input value can be in plaintext (except for credit card and social security) or as a SHA-1/256/512 hash. Before hashing, you must normalize the query value as described in the API Reference section.

Example Requests

To search for a specific social security number of 123-45-6789, a SHA-1 hash of 123456789 needs to be created which results in 15e2b0d3c33891ebb0f1ef609ec419420c20e320ce94c65fbc8c3312448eb225. The below is the syntax used: https://api.spycloud.io/sp-v2/breach/data/social-security-number/15e2b0d3c33891ebb0f1ef609ec419420c20e320ce94c65fbc8c3312448eb225?since=2020-01-01

Response

The new endpoints will return the same JSON formatted response as the current Consumer ATO Protection endpoints. Due to compliance and security requirements, all assets in the Breach Record will be masked with a fixed length of 8 asterisks "************" except:

document_id
source_id
spycloud_publish_date
record_modification_date
record_addition_date
record_cracked_date