Docs
Webz.io HomeSign In
Start typing to search…

FAQ

What is the default time frame, if not defined by the GET parameter mentioned above?

If not defined, the query will retrieve content from the entire DBD pool (up to 5 years of compromised PII data).

How is API data sorted?

  • Sort Order: Results are sorted from newest to oldest based on the crawled date.
  • Data Appearance Order:
    • Stealer logs data always appears first.
    • Data breaches data follows, also ordered by crawled date.

Is there a way to retrieve results from the latest crawled leaks?

using the &since HTTP GET parameter and setting it to the desired Unix timestamp in milliseconds, the retrieved data will match the queried time frame - From the defined since GET parameter, until now.

How are objects ordered within the response?

If both stealer logs and data breach records appear on the same JSON page:

  • The data breach object (docs) is displayed first.
  • The stealer logs object (stealerLogs) follows.

How does pagination work?

  • Use the next string at the bottom of the JSON response to retrieve the next set of results.
  • Once all available data is consumed and you reach a page with zero results, the next URL becomes null.
  • At this point, you must issue a new query (i.e., create a new request URL with an updated timestamp) to fetch fresh data.

Do API calls count when no results are returned?

Yes. Even if a query returns 0 results, it is still counted as an API call.

How is PII access controlled?

  • To comply with privacy regulations, access to leaked credentials is restricted to assets under pre-approved domains for applicable asset types (email, email_login, login_domain).
    • You can use the Authorized Domains API to view, add, or remove approved domains at any time.
    • If a top-level domain (TLD) is authorized, all its subdomains are automatically included.
  • Passwords, credit card numbers. SSN and passport numbers may be masked or exposed depending on your account configuration.
  • Stealer logs: Passwords may be partially masked or fully visible. Access level is controlled by Webz per your account settings.
  • Data breaches: Passwords are always partially masked (e.g., Si*********25).
    • Because masking is applied by default, authorized domains restrictions do not apply to data breaches.