FoxHat
    FoxHat
    • Exposure Management

    Exposure Management

    📊 Exposure Management API Documentation#

    🎯 Overview#

    The Exposure Management API provides comprehensive access to security exposure data, allowing developers to retrieve, filter, and analyze credential exposures across monitored domains. This API requires authentication via API keys and supports advanced filtering, pagination, and sorting capabilities.

    🔑 Authentication#

    All Exposure Management API endpoints require authentication using an API key passed in the request header:
    Important Notes:
    API keys are organization-specific and provide access only to exposures within your organization's scope
    Each API call increments the usage count for the associated API key
    Ensure your API key is kept secure and not exposed in client-side code

    🌐 Base URL#

    https://api.foxhat.org/api

    📋 Content Type#

    All API responses return JSON data with the following content type:
    Content-Type: application/json

    📚 API Endpoints#

    1. 📋 Get All Exposures#

    Retrieve all exposures for your organization with optional filtering and pagination.

    Endpoint#

    Headers#

    Query Parameters#

    ParameterTypeRequiredDefaultDescription
    pageintegerNo0Page number for pagination (0-based)
    sizeintegerNo20Number of items per page (max: 100)
    domainstringNo-Filter by specific domain name
    exposureTypeenumNo-Filter by exposure type
    severityenumNo-Filter by severity level (LOW, MEDIUM, HIGH, CRITICAL)
    statusenumNo-Filter by exposure status (ACTIVE, RESOLVED, INVESTIGATING)
    sourcestringNo-Filter by data source
    subdomainstringNo-Filter by specific subdomain
    startDatestringNo-Filter exposures from this date (ISO 8601 format)
    endDatestringNo-Filter exposures until this date (ISO 8601 format)
    sortBystringNodetectedAtSort field (detectedAt, severity, domain, email)
    sortDirstringNodescSort direction (asc, desc)

    Example Request#

    Example Response#

    {
  "exposures": [
    {
      "id": "exposure_123",
      "email": "user@example.com",
      "password": "password123",
      "domain": "example.com",
      "source": "data_breach",
      "severity": "HIGH",
      "status": "ACTIVE",
      "detectedAt": "2024-01-15T10:30:00Z",
      "exposureType": "CREDENTIAL_LEAK",
      "subdomain": "mail.example.com",
      "breachName": "Example Corp Breach 2024",
      "lastUpdated": "2024-01-15T10:30:00Z"
    }
  ],
  "totalElements": 1,
  "totalPages": 1,
  "currentPage": 0,
  "domainName": "example.com",
  "user_id": "user123",
  "api_key_usage_count": "incremented"
}

    Response Fields#

    FieldTypeDescription
    exposuresarrayArray of exposure objects
    totalElementsintegerTotal number of exposures matching the criteria
    totalPagesintegerTotal number of pages available
    currentPageintegerCurrent page number (0-based)
    domainNamestringDomain name associated with the API key
    user_idstringUser ID associated with the API key
    api_key_usage_countstringIndicates that API key usage was incremented

    Exposure Object Fields#

    FieldTypeDescription
    idstringUnique exposure identifier
    emailstringExposed email address
    passwordstringExposed password (may be hashed)
    domainstringAssociated domain
    sourcestringSource of the exposure (e.g., "data_breach")
    severityenumSeverity level (LOW, MEDIUM, HIGH, CRITICAL)
    statusenumCurrent status (ACTIVE, RESOLVED, INVESTIGATING)
    detectedAtstringISO 8601 timestamp when exposure was detected
    exposureTypeenumType of exposure
    subdomainstringSpecific subdomain if applicable
    breachNamestringName of the breach or source
    lastUpdatedstringISO 8601 timestamp of last update

    2. 🔍 Get Specific Exposure#

    Retrieve detailed information about a specific exposure by its ID.

    Endpoint#

    Headers#

    Path Parameters#

    ParameterTypeRequiredDescription
    exposureIdstringYesUnique identifier of the exposure

    Example Request#

    Example Response#

    {
  "id": "exposure_123",
  "email": "user@example.com",
  "password": "password123",
  "domain": "example.com",
  "source": "data_breach",
  "severity": "HIGH",
  "status": "ACTIVE",
  "detectedAt": "2024-01-15T10:30:00Z",
  "exposureType": "CREDENTIAL_LEAK",
  "subdomain": "mail.example.com",
  "breachName": "Example Corp Breach 2024",
  "lastUpdated": "2024-01-15T10:30:00Z",
  "additionalData": {
    "ipAddress": "192.168.1.1",
    "userAgent": "Mozilla/5.0...",
    "location": "United States"
  },
  "relatedExposures": [
    {
      "id": "exposure_124",
      "email": "user@example.com",
      "domain": "example.com",
      "severity": "MEDIUM"
    }
  ],
  "domainName": "example.com",
  "user_id": "user123",
  "api_key_usage_count": "incremented"
}

    Additional Response Fields for Single Exposure#

    FieldTypeDescription
    additionalDataobjectAdditional metadata about the exposure
    relatedExposuresarrayArray of related exposures for the same email/domain

    3. 📊 Get Exposure Statistics#

    Retrieve statistical information about exposures for your organization.

    Endpoint#

    Headers#

    Query Parameters#

    ParameterTypeRequiredDefaultDescription
    domainstringNo-Filter statistics by specific domain
    startDatestringNo-Start date for statistics (ISO 8601 format)
    endDatestringNo-End date for statistics (ISO 8601 format)

    Example Request#

    Example Response#

    {
  "totalExposures": 1247,
  "activeExposures": 892,
  "resolvedExposures": 355,
  "severityBreakdown": {
    "CRITICAL": 45,
    "HIGH": 234,
    "MEDIUM": 567,
    "LOW": 401
  },
  "statusBreakdown": {
    "ACTIVE": 892,
    "RESOLVED": 355,
    "INVESTIGATING": 0
  },
  "domainBreakdown": [
    {
      "domain": "example.com",
      "count": 1000,
      "percentage": 80.2
    },
    {
      "domain": "subdomain.example.com",
      "count": 247,
      "percentage": 19.8
    }
  ],
  "trendsData": {
    "last30Days": 156,
    "last7Days": 23,
    "last24Hours": 5
  },
  "topSources": [
    {
      "source": "data_breach_2024",
      "count": 456,
      "percentage": 36.6
    },
    {
      "source": "credential_dump",
      "count": 234,
      "percentage": 18.8
    }
  ],
  "domainName": "example.com",
  "user_id": "user123",
  "api_key_usage_count": "incremented"
}

    Statistics Response Fields#

    FieldTypeDescription
    totalExposuresintegerTotal number of exposures
    activeExposuresintegerNumber of active exposures
    resolvedExposuresintegerNumber of resolved exposures
    severityBreakdownobjectCount of exposures by severity level
    statusBreakdownobjectCount of exposures by status
    domainBreakdownarrayBreakdown of exposures by domain
    trendsDataobjectExposure trends over different time periods
    topSourcesarrayMost common sources of exposures

    4. 🔧 Advanced Filtering Examples#

    The Get All Exposures endpoint supports complex filtering combinations. Here are practical examples:

    Filter by Domain and Severity#

    Filter by Date Range#

    Filter by Multiple Criteria#

    Filter by Subdomain#

    📝 Enumeration Values#

    Severity Levels#

    LOW - Low risk exposures
    MEDIUM - Medium risk exposures
    HIGH - High risk exposures requiring attention
    CRITICAL - Critical exposures requiring immediate action

    Exposure Status#

    ACTIVE - Exposure is currently active and unresolved
    RESOLVED - Exposure has been addressed and resolved
    INVESTIGATING - Exposure is under investigation

    Exposure Types#

    CREDENTIAL_LEAK - Username/password combinations
    EMAIL_EXPOSURE - Email addresses in data breaches
    PERSONAL_INFO - Personal information exposure
    FINANCIAL_DATA - Financial information exposure
    CORPORATE_DATA - Corporate data exposure

    Sort Fields#

    detectedAt - Sort by detection timestamp
    severity - Sort by severity level
    domain - Sort by domain name
    email - Sort by email address
    lastUpdated - Sort by last update timestamp

    Sort Directions#

    asc - Ascending order
    desc - Descending order

    ⚠️ Error Handling#

    Common HTTP Status Codes#

    Status CodeDescriptionExample Response
    200SuccessData returned successfully
    400Bad RequestInvalid parameters or malformed request
    401UnauthorizedInvalid or missing API key
    403ForbiddenAPI key doesn't have access to requested resource
    404Not FoundExposure ID not found
    429Too Many RequestsRate limit exceeded
    500Internal Server ErrorServer error occurred

    Error Response Format#

    {
  "error": {
    "code": "INVALID_API_KEY",
    "message": "The provided API key is invalid or expired",
    "timestamp": "2024-01-15T10:30:00Z",
    "requestId": "req_123456789"
  }
}

    Common Error Codes#

    Error CodeDescriptionResolution
    INVALID_API_KEYAPI key is invalid or expiredCheck your API key and ensure it's active
    INSUFFICIENT_PERMISSIONSAPI key lacks required permissionsContact support to upgrade permissions
    RATE_LIMIT_EXCEEDEDToo many requests in time windowImplement rate limiting in your application
    INVALID_PARAMETERSRequest parameters are invalidCheck parameter format and values
    EXPOSURE_NOT_FOUNDSpecified exposure ID doesn't existVerify the exposure ID is correct

    🚀 Rate Limiting#

    Rate Limits#

    Standard Plan: 1,000 requests per hour
    Professional Plan: 5,000 requests per hour
    Enterprise Plan: 25,000 requests per hour

    Rate Limit Headers#

    Best Practices#

    Implement exponential backoff for rate limit errors
    Cache responses when appropriate to reduce API calls
    Use pagination efficiently to avoid large data transfers
    Monitor your usage through the API key dashboard

    💻 SDK Examples#

    JavaScript/Node.js Example#

    Python Example#

    Modified at 2025-08-16 01:56:55
    Built with