Read leaked-credential and dark-web findings for monitored domains, and work domain alerts (acknowledge / resolve). All reads require whmcs_customer_id and return only that customer's domains.
List monitored domains GET /api/v1/domains
Auth: Bearer API key Rate limit: 60 requests / minute per API key
List a customer's monitored domains with their latest leak counts, plus how many domain slots the customer has used. When the customer has no domain-monitoring subscription, the response instead describes the product (subscribed: false).
Query parameters Name Type Required Notes whmcs_customer_idinteger Required The customer whose domains to list.
Example request Copy
curl -X GET 'https://portal.example.com/api/v1/domains?whmcs_customer_id=1042' \
-H 'Authorization: Bearer $AEGIS_API_KEY'Response: 200 Copy
{
"success": true,
"data": {
"subscribed": true,
"domains": [
{
"id": "5e4d3c2b-1a0f-4e9d-8c7b-6a5f4e3d2c1b",
"domain": "example.com",
"status": "active",
"scan_status": "completed",
"last_scan_at": "2026-07-11T22:00:00+00:00",
"employees_compromised": 2,
"customers_compromised": 14,
"third_parties_compromised": 5,
"dark_web_mentions_count": 3,
"portal_detail_path": "/domains/5e4d3c2b-1a0f-4e9d-8c7b-6a5f4e3d2c1b"
}
],
"slots_used": 1,
"slots_total": 5,
"portal_add_path": "/domains"
},
"meta": {
"version": "v1",
"timestamp": "2026-07-12T09:30:00+00:00"
}
}Errors Code Status Meaning TENANT_NOT_FOUND401 The API key did not resolve to an account.
Domain summary GET /api/v1/domains/{id}/summary
Auth: Bearer API key Rate limit: 60 requests / minute per API key
One domain's monitoring status in a single call: scan state, compromised-credential counts per category, dark-web mention count, password-strength summary and slot usage.
› password_strength is null until enough leak data exists to summarize.Query parameters Name Type Required Notes whmcs_customer_idinteger Required The customer who owns the domain.
Example request Copy
curl -X GET 'https://portal.example.com/api/v1/domains/4d3c2b1a-0f9e-4d8c-7b6a-5f4e3d2c1b0a/summary?whmcs_customer_id=1042' \
-H 'Authorization: Bearer $AEGIS_API_KEY'Response: 200 Copy
{
"success": true,
"data": {
"id": "5e4d3c2b-1a0f-4e9d-8c7b-6a5f4e3d2c1b",
"domain": "example.com",
"status": "active",
"scan_status": "completed",
"last_scan_at": "2026-07-11T22:00:00+00:00",
"dark_web_last_scan_at": "2026-07-11T22:05:00+00:00",
"employees_compromised": 2,
"customers_compromised": 14,
"third_parties_compromised": 5,
"dark_web_mentions_count": 3,
"password_strength": null,
"slots_used": 1,
"slots_total": 5,
"portal_detail_path": "/domains/5e4d3c2b-1a0f-4e9d-8c7b-6a5f4e3d2c1b",
"created_at": "2026-06-15T10:00:00+00:00"
},
"meta": {
"version": "v1",
"timestamp": "2026-07-12T09:30:00+00:00"
}
}Errors Code Status Meaning TENANT_NOT_FOUND401 The API key did not resolve to an account. DOMAIN_NOT_FOUND404 No monitored domain with that ID belongs to the customer.
List domain alerts GET /api/v1/domains/{id}/alerts
Auth: Bearer API key Rate limit: 60 requests / minute per API key
Page through a domain's leak alerts. Filter by status, type (credential leak vs dark-web mention), category or severity.
Query parameters Name Type Required Notes whmcs_customer_idinteger Required The customer who owns the domain. statusstring Optional Filter by alert status.one of: open, acknowledged, resolved typestring Optional Filter by finding type.one of: credential_leak, dark_web_mention categorystring Optional Filter by who was compromised.one of: employees, customers, third_parties severitystring Optional Filter by severity.one of: critical, high, medium per_pageinteger Optional Page size (max 50).min:1 · max:50 pageinteger Optional Page number.min:1
Example request Copy
curl -X GET 'https://portal.example.com/api/v1/domains/4d3c2b1a-0f9e-4d8c-7b6a-5f4e3d2c1b0a/alerts?whmcs_customer_id=1042&status=open&type=credential_leak&category=employees&severity=critical&per_page=25&page=1' \
-H 'Authorization: Bearer $AEGIS_API_KEY'Response: 200 Copy
{
"success": true,
"data": {
"alerts": [
{
"id": "6f5e4d3c-2b1a-4f0e-9d8c-7b6a5f4e3d2c",
"monitored_domain_id": "5e4d3c2b-1a0f-4e9d-8c7b-6a5f4e3d2c1b",
"domain": "example.com",
"type": "credential_leak",
"category": "employees",
"severity": "critical",
"new_count": 2,
"previous_count": 0,
"status": "open",
"details": null,
"created_at": "2026-07-11T22:10:00+00:00",
"acknowledged_at": null,
"resolved_at": null
}
],
"total": 1,
"current_page": 1,
"last_page": 1,
"has_more": false
},
"meta": {
"version": "v1",
"timestamp": "2026-07-12T09:30:00+00:00"
}
}Errors Code Status Meaning TENANT_NOT_FOUND401 The API key did not resolve to an account. DOMAIN_NOT_FOUND404 No monitored domain with that ID belongs to the customer.
Get a domain alert GET /api/v1/domains/{id}/alerts/{alertId}
Auth: Bearer API key Rate limit: 60 requests / minute per API key
Fetch one domain alert with a plain-language explanation of what the finding means.
Query parameters Name Type Required Notes whmcs_customer_idinteger Required The customer who owns the domain.
Example request Copy
curl -X GET 'https://portal.example.com/api/v1/domains/4d3c2b1a-0f9e-4d8c-7b6a-5f4e3d2c1b0a/alerts/6f5e4d3c-2b1a-4f0e-9d8c-7b6a5f4e3d2c?whmcs_customer_id=1042' \
-H 'Authorization: Bearer $AEGIS_API_KEY'Response: 200 Copy
{
"success": true,
"data": {
"alert": {
"id": "6f5e4d3c-2b1a-4f0e-9d8c-7b6a5f4e3d2c",
"monitored_domain_id": "5e4d3c2b-1a0f-4e9d-8c7b-6a5f4e3d2c1b",
"domain": "example.com",
"type": "credential_leak",
"category": "employees",
"severity": "critical",
"new_count": 2,
"previous_count": 0,
"status": "open",
"details": null,
"explanation": "Two staff accounts on example.com appeared in a new credential dump…",
"created_at": "2026-07-11T22:10:00+00:00",
"acknowledged_at": null,
"resolved_at": null
}
},
"meta": {
"version": "v1",
"timestamp": "2026-07-12T09:30:00+00:00"
}
}Errors Code Status Meaning TENANT_NOT_FOUND401 The API key did not resolve to an account. DOMAIN_NOT_FOUND404 No monitored domain with that ID belongs to the customer. ALERT_NOT_FOUND404 No alert with that ID on this domain.
List dark-web mentions GET /api/v1/domains/{id}/dark-web-mentions
Auth: Bearer API key Rate limit: 60 requests / minute per API key
Page through dark-web posts and listings that mention the domain. Filter to only new (unseen) mentions with is_new.
Query parameters Name Type Required Notes whmcs_customer_idinteger Required The customer who owns the domain. is_newboolean Optional Only mentions not seen before. per_pageinteger Optional Page size (max 50).min:1 · max:50 pageinteger Optional Page number.min:1
Example request Copy
curl -X GET 'https://portal.example.com/api/v1/domains/4d3c2b1a-0f9e-4d8c-7b6a-5f4e3d2c1b0a/dark-web-mentions?whmcs_customer_id=1042&is_new=true&per_page=25&page=1' \
-H 'Authorization: Bearer $AEGIS_API_KEY'Response: 200 Copy
{
"success": true,
"data": {
"mentions": [
{
"id": "7a6b5c4d-3e2f-4a1b-8c9d-0e1f2a3b4c5e",
"title": "Combo list mentioning example.com",
"content_preview": "…credentials for example.com users…",
"source_name": "forum",
"author": "unknown",
"published_at": "2026-07-10T00:00:00+00:00",
"is_new": true,
"created_at": "2026-07-11T22:05:00+00:00"
}
],
"total": 1,
"current_page": 1,
"last_page": 1,
"has_more": false
},
"meta": {
"version": "v1",
"timestamp": "2026-07-12T09:30:00+00:00"
}
}Errors Code Status Meaning TENANT_NOT_FOUND401 The API key did not resolve to an account. DOMAIN_NOT_FOUND404 No monitored domain with that ID belongs to the customer.
List credential leaks GET /api/v1/domains/{id}/credential-leaks
Auth: Bearer API key Rate limit: 60 requests / minute per API key
Page through the individual leaked-credential records behind a domain's counts, optionally filtered by category. Backed by the upstream breach dataset. Record fields vary by source dump.
› enabled: false means the upstream credential dataset is not configured for this platform.› If the upstream dataset is temporarily unreachable, the endpoint returns HTTP 503 with success: true, empty items and an error message in data. Query parameters Name Type Required Notes whmcs_customer_idinteger Required The customer who owns the domain. categorystring Optional Filter by who was compromised.one of: employees, customers, third_parties pageinteger Optional Page number (50 records per page).min:1
Example request Copy
curl -X GET 'https://portal.example.com/api/v1/domains/4d3c2b1a-0f9e-4d8c-7b6a-5f4e3d2c1b0a/credential-leaks?whmcs_customer_id=1042&category=employees&page=1' \
-H 'Authorization: Bearer $AEGIS_API_KEY'Response: 200 Copy
{
"success": true,
"data": {
"enabled": true,
"items": [],
"total": 0,
"page": 1,
"page_size": 50
},
"meta": {
"version": "v1",
"timestamp": "2026-07-12T09:30:00+00:00"
}
}Errors Code Status Meaning TENANT_NOT_FOUND401 The API key did not resolve to an account. DOMAIN_NOT_FOUND404 No monitored domain with that ID belongs to the customer.
Domain scan history GET /api/v1/domains/{id}/scan-history
Auth: Bearer API key Rate limit: 60 requests / minute per API key
The domain's last 25 leak scans, newest first, with compromised-credential counts per category at each scan.
Query parameters Name Type Required Notes whmcs_customer_idinteger Required The customer who owns the domain.
Example request Copy
curl -X GET 'https://portal.example.com/api/v1/domains/4d3c2b1a-0f9e-4d8c-7b6a-5f4e3d2c1b0a/scan-history?whmcs_customer_id=1042' \
-H 'Authorization: Bearer $AEGIS_API_KEY'Response: 200 Copy
{
"success": true,
"data": {
"scans": [
{
"id": "8b7a6c5d-4e3f-4a2b-9c8d-7e6f5a4b3c2e",
"status": "completed",
"employees_compromised": 2,
"customers_compromised": 14,
"third_parties_compromised": 5,
"created_at": "2026-07-11T22:00:00+00:00"
}
]
},
"meta": {
"version": "v1",
"timestamp": "2026-07-12T09:30:00+00:00"
}
}Errors Code Status Meaning TENANT_NOT_FOUND401 The API key did not resolve to an account. DOMAIN_NOT_FOUND404 No monitored domain with that ID belongs to the customer.
Acknowledge a domain alert POST /api/v1/domains/{id}/alerts/{alertId}/acknowledge
Auth: Bearer API key Rate limit: 60 requests / minute per API key
Mark a domain alert as seen. Acknowledging is required before the alert can be resolved.
Body parameters Name Type Required Notes whmcs_customer_idinteger Required The customer acknowledging the alert.
Example request Copy
curl -X POST 'https://portal.example.com/api/v1/domains/4d3c2b1a-0f9e-4d8c-7b6a-5f4e3d2c1b0a/alerts/6f5e4d3c-2b1a-4f0e-9d8c-7b6a5f4e3d2c/acknowledge' \
-H 'Authorization: Bearer $AEGIS_API_KEY' \
-H 'Content-Type: application/json' \
-d '{
"whmcs_customer_id": 1042
}'Response: 200 Copy
{
"success": true,
"data": {
"message": "Alert acknowledged.",
"alert": {
"id": "6f5e4d3c-2b1a-4f0e-9d8c-7b6a5f4e3d2c",
"status": "acknowledged",
"acknowledged_at": "2026-07-12T09:30:00+00:00"
}
},
"meta": {
"version": "v1",
"timestamp": "2026-07-12T09:30:00+00:00"
}
}Errors Code Status Meaning TENANT_NOT_FOUND401 The API key did not resolve to an account. DOMAIN_NOT_FOUND404 No monitored domain with that ID belongs to the customer. ALERT_NOT_FOUND404 No alert with that ID on this domain. ALERT_ALREADY_RESOLVED422 The alert is already resolved. USER_NOT_FOUND500 The customer has no portal account yet. Provision one first.
Resolve a domain alert POST /api/v1/domains/{id}/alerts/{alertId}/resolve
Auth: Bearer API key Rate limit: 60 requests / minute per API key
Mark an acknowledged domain alert as resolved, typically after forcing password resets for the affected accounts.
Body parameters Name Type Required Notes whmcs_customer_idinteger Required The customer resolving the alert.
Example request Copy
curl -X POST 'https://portal.example.com/api/v1/domains/4d3c2b1a-0f9e-4d8c-7b6a-5f4e3d2c1b0a/alerts/6f5e4d3c-2b1a-4f0e-9d8c-7b6a5f4e3d2c/resolve' \
-H 'Authorization: Bearer $AEGIS_API_KEY' \
-H 'Content-Type: application/json' \
-d '{
"whmcs_customer_id": 1042
}'Response: 200 Copy
{
"success": true,
"data": {
"message": "Alert resolved.",
"alert": {
"id": "6f5e4d3c-2b1a-4f0e-9d8c-7b6a5f4e3d2c",
"status": "resolved",
"resolved_at": "2026-07-12T09:30:00+00:00"
}
},
"meta": {
"version": "v1",
"timestamp": "2026-07-12T09:30:00+00:00"
}
}Errors Code Status Meaning TENANT_NOT_FOUND401 The API key did not resolve to an account. DOMAIN_NOT_FOUND404 No monitored domain with that ID belongs to the customer. ALERT_NOT_FOUND404 No alert with that ID on this domain. ALERT_NOT_ACKNOWLEDGED422 The alert must be acknowledged before it can be resolved. USER_NOT_FOUND500 The customer has no portal account yet. Provision one first.