Docs
Webz.io HomeSign In
Start typing to search…

FAQ

What is the default time frame if not defined by the GET parameters?

  • If no time frame is specified, the query retrieves data from the entire Breaches API pool (covering about 1.5 years of compromised PII data).
  • You can control the time frame using the following parameters:
    • crawled_from & crawled_to - filter based on the data collection (crawl) time.
    • breach_from & breach_to - filter based on the breach occurrence time.

How is the API data sorted?

  • By default, results are sorted from oldest to newest based on the crawled_date field. This enables continuous pagination using the next URL for incremental data retrieval.
  • Sorting behavior can be customized using the following parameters:
    • sort_by - choose between sorting by crawled_date or breach_date / exfiltration_date.
    • order_by - define the order direction: asc (ascending) or desc (descending).

what are the mandatory GET parameters in the request URL?

  • To execute a valid query, the request URL must include at least one of the following parameters: email_domain, login_domain, email.

Does a login domain search include subdomains?

  • When searching for a top-level domain (TLD) (e.g., example.com), results will also include all its subdomains (e.g., mail.example.com, admin.example.com).
  • When searching for a specific subdomain, results will be limited to that subdomain only.
  • Currently, there is no option to perform an exact search limited strictly to a TLD.

Can I use both email domain and login domain in my search?

  • Yes, you can combine both parameters in a single query.
  • However, each request can include only one value per parameter - meaning you cannot search multiple email_domain or login_domain values in the same request.

Is there a way to retrieve results from a specific leak?

  • Yes. Use the breach_uuid parameter to query records associated with a specific data breach.
  • The uuid value can be obtained from the breach_info.uuid field in the API response.
  • Please note that searches using breach_uuid must still include either a login_domain or email_domain parameter.

Do API calls count when no results are returned?

Yes. Even if a query returns 0 results, it is still counted as an API call.

How is PII access controlled?

  • To comply with privacy regulations, access to leaked credentials is restricted to assets under pre-approved domains for applicable asset types (email, email_login, login_domain).
    • You can use the Authorized Domains API to view, add, or remove approved domains at any time.
    • If a top-level domain (TLD) is authorized, all its subdomains are automatically included.
  • Passwords may be masked or exposed depending on your account configuration.