Authentication
Where do I find my API key?
Where do I find my API key?
Go to your Dashboard > Account to view your API key.
Why am I getting 401 Unauthorized?
Why am I getting 401 Unauthorized?
What happens if my key is compromised?
What happens if my key is compromised?
Contact us immediately at support@oathnet.org.
Search Sessions
What is a search session?
What is a search session?
A search session allows you to perform multiple searches for the same query while only consuming one lookup from your quota. See Search Sessions Guide for details.
How long does a session last?
How long does a session last?
Sessions are valid for 60 minutes from creation.
When does my quota reset?
When does my quota reset?
Your daily quota resets 24 hours after your first lookup of the day.
What counts as a lookup?
What counts as a lookup?
- Without search session: Each API call counts as 1 lookup
- With search session: Multiple calls for the same query use 1 lookup
- Failed requests do NOT count against quota
Stealer Logs
What is a stealer log?
What is a stealer log?
Stealer logs are data captured by information-stealing malware from infected computers. They typically contain saved passwords, cookies, Discord tokens, and other sensitive data from the infected device.
What is the LOG format?
What is the LOG format?
Credentials in stealer logs are stored as plain text lines with URL, username, and password separated by delimiters like
|, :, or ;:What is a log_id?
What is a log_id?
A
log_id is a unique identifier for a victim’s stealer log. Use it with the Victims Manifest endpoint to get full device information and files.Why do some results not have log_id?
Why do some results not have log_id?
Some results are credential-only records parsed from stealer logs without full victim profile context. These will have a
LOG field with the raw credential data instead.What's the difference between stealer search and victims search?
What's the difference between stealer search and victims search?
- Stealer Search: Searches credentials (URLs, usernames, passwords)
- Victims Search: Searches device profiles (IPs, Discord IDs, emails on device)
Smart Query Detection
How does query detection work?
How does query detection work?
The
q parameter automatically detects your query type:| Query | Detected As |
|---|---|
user@example.com | |
example.com | Domain |
192.168.1.1 | IP address |
123456789012345678 | Discord ID |
johndoe | Username |
Technical
What response format does the API use?
What response format does the API use?
All endpoints return JSON with a standard envelope:
Can I use the API from a browser?
Can I use the API from a browser?
Technically yes, but not recommended. API keys should never be exposed in client-side code. Use a backend proxy instead.