Overview
The Breach House API is a read-mostly JSON API rooted at /api/v1.
All responses are application/json. Requests must be authenticated with a bearer token
obtained from the customer panel
or via POST /api/v1/auth/token.
Base URL: https://breach.house/api/v1
Authentication
Send your API token on every request using one of the following:
Authorization: Bearer <your_token> X-API-Key: <your_token> ?token=<your_token> (query string, less recommended)
Example:
curl -H "Authorization: Bearer $TOKEN" \ "https://breach.house/api/v1/me"
Rate Limits
Each token is rate-limited by its plan's daily query budget. Current usage is visible in your
customer panel (queries today / daily limit).
When the budget is exhausted, requests return 429 Too Many Requests.
Errors
Errors are returned as a JSON object with an error key:
{
"error": "invalid_token",
"message": "Optional human-readable description"
}
| Status | Error code | Meaning |
|---|---|---|
| 400 | invalid_type | Bad query parameter value. |
| 400 | missing_q | The q parameter is required. |
| 401 | missing_token | No token supplied. |
| 401 | invalid_token | Token unknown or revoked. |
| 401 | expired_token | Token expired. |
| 401 | invalid_credentials | Email or password incorrect on /auth/token. |
| 404 | not_found | Resource ID does not exist. |
Common Filters
The list endpoints (/ransomware, /breaches, /leads, /stealers, /latest) share these query parameters:
| Parameter | Type | Description |
|---|---|---|
| country | string | ISO country code, case-insensitive (e.g. US). |
| group | string | Exact group name, case-insensitive. |
| q | string | Free-text search across title, description, website, country, name. |
| since | YYYY-MM-DD | Only items discovered on or after this date. |
| until | YYYY-MM-DD | Only items discovered on or before this date. |
| limit | int | Page size, default 50, max 500. |
| offset | int | Pagination offset, default 0. |
Endpoint Reference
Exchange credentials for a token
Issues a new API token. Use the same username/password as your account.
curl -X POST https://breach.house/api/v1/auth/token \
-H "Content-Type: application/json" \
-d '{"username":"alice","password":"...","name":"my-laptop","expires_in_days":30}'
Returns { "token": "...", "name": "...", "created_at": "...", "expires_at": "..." }.
Current user info
curl -H "Authorization: Bearer $TOKEN" https://breach.house/api/v1/me
List ransomware victims
Accepts common filters.
curl -H "Authorization: Bearer $TOKEN" \ "https://breach.house/api/v1/ransomware?country=US&limit=20"
Get a single ransomware victim
curl -H "Authorization: Bearer $TOKEN" \ https://breach.house/api/v1/ransomware/12345
List data breaches
Accepts common filters.
curl -H "Authorization: Bearer $TOKEN" \ "https://breach.house/api/v1/breaches?since=2026-01-01&limit=50"
Get a single breach
curl -H "Authorization: Bearer $TOKEN" \ https://breach.house/api/v1/breaches/789
List leads
Accepts common filters.
curl -H "Authorization: Bearer $TOKEN" \ "https://breach.house/api/v1/leads?q=acme"
Get a single lead
curl -H "Authorization: Bearer $TOKEN" \ https://breach.house/api/v1/leads/456
List infostealer logs
Accepts common filters.
curl -H "Authorization: Bearer $TOKEN" \ "https://breach.house/api/v1/stealers?country=ES"
Get a single stealer log
curl -H "Authorization: Bearer $TOKEN" \ https://breach.house/api/v1/stealers/321
List threat-actor groups
| Parameter | Values | Description |
|---|---|---|
| type | all, breaches, stealers, leads | Group source. Default all. |
| q | string | Substring match on group name. |
| limit | int | Page size, default 100, max 500. |
| offset | int | Pagination offset. |
curl -H "Authorization: Bearer $TOKEN" \ "https://breach.house/api/v1/groups?type=breaches&q=lock"
Get a single group
{name} accepts either the slug or the raw name.
curl -H "Authorization: Bearer $TOKEN" \ https://breach.house/api/v1/groups/lockbit
Latest activity (mixed)
Most recent items across sources. Accepts common filters.
curl -H "Authorization: Bearer $TOKEN" \ "https://breach.house/api/v1/latest?limit=10"
Country metadata
curl -H "Authorization: Bearer $TOKEN" \ https://breach.house/api/v1/countries
Cross-source text search
| Parameter | Type | Description |
|---|---|---|
| q | string | Required. Search text. |
| limit | int | Max results per source. Default 25, max 200. |
curl -H "Authorization: Bearer $TOKEN" \ "https://breach.house/api/v1/search?q=acme&limit=10"
Returns an object keyed by source: ransomware, breaches, leads, stealers.
Need a token? Head to your panel.
Open Customer Panel