Introduction

SpyCloud's Employee ATO Prevention (EAP) API is a programmatic interface into your watchlist items found in our vast collection of breach data and surrounding metadata.

See API Guidelines for authentication, configuration, and error handling details. Most API resources support pagination. See Pagination.

Limitations

• You can only use this API to search for watchlist items that are ACTIVE and VERIFIED as shown in your portal account.
• Retrieving https://docs.spycloud.com/public-sc/update/reference/eap-get-all-records-in-watchlist#/ with 300+ identifiers might result in a timeout. If you have a large watchlist we recommend implementing retry logic and querying each identifier one at a time.

Domain Verification

We offer a number of ways to authenticate your domain with SpyCloud:

1. Add DNS TXT record

   Create a TXT record for example.com with the following value:

   spycloud-domain-verification=b4f5ad7d-185a-43dc-955d-d13f4398c5fa

   Please note that once you've made the required DNS changes it may take 24-48 hours for the changes to propagate.

2. Add meta tag to your homepage header

   Add the following meta tag to the HEAD part of your domain's home page:

   <meta name="spycloud-domain-verification" content="b4f5ad7d-185a-43dc-955d-d13f4398c5fa">

3. Add HTML file to root of your website

   Add an HTML file named b4f5ad7d-185a-43dc-955d-d13f4398c5fa.html to your domain root containing the following:

   spycloud-domain-verification=b4f5ad7d-185a-43dc-955d-d13f4398c5fa

4. Reach out to SpyCloud support via the Support widget in the Enterprise Portal.