Introduction

SpyCloud's Employee ATO Prevention (EAP) API is a programmatic interface into your watchlist items found in our vast collection of breach data and surrounding metadata.

See API Guidelines for authentication, configuration, and error handling details. Most API resources support pagination. See Pagination.

Limitations

You can only use this API to search for watchlist items that are ACTIVE and VERIFIED as shown in your portal account.
Retrieving https://docs.spycloud.com/public-sc/update/reference/eap-get-all-records-in-watchlist#/ with 300+ identifiers might result in a timeout. If you have a large watchlist we recommend implementing retry logic and querying each identifier one at a time.

Domain Verification

We offer a number of ways to authenticate your domain with SpyCloud:

Add DNS TXT record
Create a TXT record for example.com with the following value:
```
spycloud-domain-verification=b4f5ad7d-185a-43dc-955d-d13f4398c5fa
```
Please note that once you've made the required DNS changes it may take 24-48 hours for the changes to propagate.
Add meta tag to your homepage header
Add the following meta tag to the HEAD part of your domain's home page:
```
<meta name="spycloud-domain-verification" content="b4f5ad7d-185a-43dc-955d-d13f4398c5fa">
```
Add HTML file to root of your website
Add an HTML file named b4f5ad7d-185a-43dc-955d-d13f4398c5fa.html to your domain root containing the following:
```
spycloud-domain-verification=b4f5ad7d-185a-43dc-955d-d13f4398c5fa
```
Reach out to SpyCloud support via the Support widget in the Enterprise Portal.