Documentation Index
Fetch the complete documentation index at: https://docs.oathnet.org/llms.txt
Use this file to discover all available pages before exploring further.
Account & Access
Where do I get my API key?
Where do I get my API key?
Generate it in Dashboard > Account.
Do all endpoints use the same API key auth?
Do all endpoints use the same API key auth?
Yes. Public customer-facing endpoints use the
x-api-key header.Are some endpoints plan-gated?
Are some endpoints plan-gated?
Yes. File search, exports, bulk search, archive downloads, AI filter creation, and scanner quotas depend on your plan.
Search & Results
Should I use legacy or v2 endpoints?
Should I use legacy or v2 endpoints?
Prefer
/service/v2/* for new integrations. Legacy /service/* search endpoints remain available for compatibility and OSINT lookups.What is the difference between stealer search and victims search?
What is the difference between stealer search and victims search?
Stealer search returns credential-style records. Victims search returns compromised-device summaries keyed by
log_id.How do I inspect files from a victim?
How do I inspect files from a victim?
Search for a victim, fetch the victim manifest, then request a specific file or the archive download.
Technical
What response format does the API use?
What response format does the API use?
Successful responses use a few different shapes:Search endpoints and most legacy lookups return the envelope above.Some v2 endpoints return raw JSON instead, including:
- file-search jobs
- export jobs
- bulk-search list and status
- AI filter endpoints
- breach autocomplete endpoints
- scanner CRUD endpoints
Can I use the API from a browser?
Can I use the API from a browser?
Technically yes, but it is not recommended. API keys should stay on a trusted backend.
How does query detection work?
How does query detection work?
The
q parameter automatically detects common types such as email, domain, IP, Discord ID, and username where supported by the endpoint.