Search Breach Database

GET

service

search-breach

curl --request GET \
  --url https://oathnet.org/api/service/search-breach \
  --header 'x-api-key: <api-key>'

{
  "success": true,
  "message": "Request completed successfully",
  "data": {
    "results": [
      {
        "dbname": "deezer.com",
        "country": [
          "US"
        ],
        "date_birth": [
          "2004-01-01 00:00:00.0000000"
        ],
        "email": "user@gmail.com",
        "gender": "F",
        "language": "us",
        "created_at": "2017-04-16 00:00:00.0000000",
        "username": [
          "WinterFox"
        ],
        "id": "09c1df9ddb7b657fa7f2d6778e40ac0a",
        "_version_": 1845592909587415000
      },
      {
        "dbname": "myfitnesspal.com",
        "username": [
          "winterfox"
        ],
        "email": "user@yahoo.com",
        "password": "secretpass",
        "ip": "50.55.69.203",
        "id": "35bbbad520e113b431e470e5407d3041",
        "_version_": 1845387329024295000
      }
    ],
    "results_found": 150,
    "results_shown": 25,
    "nextCursorMark": "AoE..."
  }
}

Legacy breach search remains available, but new integrations should prefer V2 Breach Search.

This legacy endpoint returns the older breach shape with data.results and cursor-mark pagination. The v2 endpoint returns data.items, data.meta, and next_cursor, and it is the actively evolving search surface.

Use the legacy endpoint only if you need compatibility with an existing client that already consumes the older response format.

Authorizations

x-api-key

string

header

required

API key for authentication (lowercase header name)

Query Parameters

string

required

Search query (email, username, domain, etc.)

cursor

string

Pagination cursor from previous response

search_id

string

Search session ID from /service/search/init

dbnames

Filter to specific breach databases (comma-separated or single)

Response

200 - application/json

Breach search results

success

boolean

message

string

data

object

Show child attributes

Search Stealer Logs (Legacy)Searches stealer log databases for credential entries. **Response format:** Returns `LOG` field with raw credential string, plus parsed fields.

Search Breach Database

curl --request GET \
  --url https://oathnet.org/api/service/search-breach \
  --header 'x-api-key: <api-key>'

{
  "success": true,
  "message": "Request completed successfully",
  "data": {
    "results": [
      {
        "dbname": "deezer.com",
        "country": [
          "US"
        ],
        "date_birth": [
          "2004-01-01 00:00:00.0000000"
        ],
        "email": "user@gmail.com",
        "gender": "F",
        "language": "us",
        "created_at": "2017-04-16 00:00:00.0000000",
        "username": [
          "WinterFox"
        ],
        "id": "09c1df9ddb7b657fa7f2d6778e40ac0a",
        "_version_": 1845592909587415000
      },
      {
        "dbname": "myfitnesspal.com",
        "username": [
          "winterfox"
        ],
        "email": "user@yahoo.com",
        "password": "secretpass",
        "ip": "50.55.69.203",
        "id": "35bbbad520e113b431e470e5407d3041",
        "_version_": 1845387329024295000
      }
    ],
    "results_found": 150,
    "results_shown": 25,
    "nextCursorMark": "AoE..."
  }
}