User Intel API Reference

The User Intel service allows you to check a large repository of breach data to see if a user’s Personally Identifiable Data (PII) or credentials have been compromised.

Base URL

user-intel.<csp>.<region>.pangea.cloud

• User Intel Documentation
• OpenAPI Specification

post/v2/user/breached

cURL

Code Snippet Language

curl -sSLX POST 'https://user-intel.aws.us.pangea.cloud/v2/user/breached' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

200

Code Snippet Language

---

Look up breached users

POST

https://user-intel.aws.us.pangea.cloud/v2/user/breached

Determine if an email address, username, phone number, or IP address was exposed in a security breach. When requesting breach data for multiple values, the response will be asynchronous. See API Reference/Asynchronous Responses

Schema

Email

Schema

required parameters

emails

array<string>

A list of email addresses to search for

• minItems: 1

• maxItems: 100

​

optional parameters

start

string

Earliest date for search

​

end

string

Latest date for search

​

verbose

boolean

(default: false)

Echo the API parameters in the response

verbose

​

verbose

raw

boolean

(default: false)

Include raw data from this provider

raw

​

raw

provider

string

Use this provider

provider

​

provider

Response Fields

Response Schema

object

Pangea standard response schema

result

object

data

object

High-level normalized results sent by the Pangea service

found_in_breach

boolean

A flag indicating if there was any match to the hash prefix

breach_count

integer

Total number of instances of the prefix found in breach data. Prefix may be found multiple times in a single breach incident.

parameter

object

The parameters, which were passed in the request, echoed back

raw_data

object

The raw data from the provider. Each provider's data will have its own format

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v2/password/breached

cURL

Code Snippet Language

curl -sSLX POST 'https://user-intel.aws.us.pangea.cloud/v2/password/breached' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

200

Code Snippet Language

---

Look up breached passwords

POST

https://user-intel.aws.us.pangea.cloud/v2/password/breached

Determine if a password has been exposed in a security breach using a 5 character prefix of the password hash. When requesting breach data for multiple hash prefixes, the response will be asynchronous. See API Reference/Asynchronous Responses

required parameters

hash_type

string

The hash type used for the hash prefix.

hash_type

​

hash_type

hash_prefixes

array<string>

The prefix of the hash to be looked up.

• minItems: 1

• maxItems: 100

​

optional parameters

verbose

boolean

(default: false)

Echo the API parameters in the response.

verbose

​

verbose

raw

boolean

(default: false)

Include raw data from this provider.

raw

​

raw

provider

string

Use reputation data from this provider.

provider

​

provider

Response Fields

Response Schema

object

Pangea standard response schema

result

object

data

object

High-level normalized results sent by the Pangea service

found_in_breach

boolean

A flag indicating if there was any match to the hash prefix

breach_count

integer

Total number of instances of the prefix found in breach data. Prefix may be found multiple times in a single breach incident.

parameter

object

The parameters, which were passed in the request, echoed back

raw_data

object

The raw data from the provider. Each provider's data will have its own format

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1/user/breached

cURL

Code Snippet Language

curl -sSLX POST 'https://user-intel.aws.us.pangea.cloud/v1/user/breached' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

200

Code Snippet Language

---

Look up breached users

POST

https://user-intel.aws.us.pangea.cloud/v1/user/breached

Determine if an email address, username, phone number, or IP address was exposed in a security breach.

Schema

Email

Schema

required parameters

email

string (email)

An email address to search for

​

optional parameters

start

Earliest date for search

• maxLength: 128

​

end

Latest date for search

• maxLength: 128

​

verbose

boolean

(default: false)

Echo the API parameters in the response

verbose

​

verbose

raw

boolean

(default: false)

Include raw data from this provider

raw

​

raw

provider

string

Use this provider

provider

​

provider

cursor

string

A token given in the raw response from SpyCloud. Post this back to paginate results

​

Response Fields

Response Schema

object

Pangea standard response schema

result

object

data

object

High-level normalized results sent by the Pangea service

found_in_breach

boolean

A flag indicating if there was any match to the hash prefix

breach_count

integer

Total number of instances of the prefix found in breach data. Prefix may be found multiple times in a single breach incident.

parameter

object

The parameters, which were passed in the request, echoed back

raw_data

object

The raw data from the provider. Each provider's data will have its own format

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1/breach

cURL

Code Snippet Language

curl -sSLX POST 'https://user-intel.aws.us.pangea.cloud/v1/breach' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

200

Code Snippet Language

---

Look up information about a specific breach

POST

https://user-intel.aws.us.pangea.cloud/v1/breach

Given a provider specific breach ID, find details about the breach.

required parameters

breach_id

string

The ID of a breach returned by a provider.

​

optional parameters

verbose

boolean

(default: false)

Echo the API parameters in the response.

verbose

​

verbose

provider

string

Get breach data from this provider.

provider

​

provider

Response Fields

Response Schema

object

Pangea standard response schema

result

object

found

boolean

A flag indicating if the lookup was successful

data

object

Breach details given by the provider

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1/password/breached

cURL

Code Snippet Language

curl -sSLX POST 'https://user-intel.aws.us.pangea.cloud/v1/password/breached' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

200

Code Snippet Language

---

Look up breached passwords (deprecated)

POST

https://user-intel.aws.us.pangea.cloud/v1/password/breached

Determine if a password has been exposed in a security breach using a 5 character prefix of the password hash.

required parameters

hash_type

string

The hash type used for the hash prefix.

hash_type

​

hash_type

hash_prefix

string

The prefix of the hash to be looked up.

• minLength: 5

• maxLength: 5

​

optional parameters

verbose

boolean

(default: false)

Echo the API parameters in the response.

verbose

​

verbose

raw

boolean

(default: false)

Include raw data from this provider.

raw

​

raw

provider

string

Use reputation data from this provider.

provider

​

provider

Response Fields

Response Schema

object

Pangea standard response schema

result

object

data

object

High-level normalized results sent by the Pangea service

found_in_breach

boolean

A flag indicating if there was any match to the hash prefix

breach_count

integer

Total number of instances of the prefix found in breach data. Prefix may be found multiple times in a single breach incident.

parameter

object

The parameters, which were passed in the request, echoed back

raw_data

object

The raw data from the provider. Each provider's data will have its own format

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

Was this article helpful?

Contact us