Get scan results by UUID

curl --request GET \
  --url https://darkrecon.1337807.xyz/scan/{scan_id} \
  --header 'X-API-Key: <api-key>'

{
  "scan_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "keywords": [
    "user@example.com"
  ],
  "domain": null,
  "total_breaches": 3,
  "status": "success",
  "created_at": "2026-03-30T10:30:00+00:00",
  "results": {
    "AlpineReplay": {
      "InfoLeak": "Description of the breach...",
      "NumOfResults": 1,
      "Data": [
        {
          "Email": "user@example.com",
          "Password(bcrypt)": "$2****************************xC",
          "FirstName": "John",
          "LastName": "Doe"
        }
      ]
    }
  }
}

GET

scan

{scan_id}

Get scan results by UUID

curl --request GET \
  --url https://darkrecon.1337807.xyz/scan/{scan_id} \
  --header 'X-API-Key: <api-key>'

{
  "scan_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "keywords": [
    "user@example.com"
  ],
  "domain": null,
  "total_breaches": 3,
  "status": "success",
  "created_at": "2026-03-30T10:30:00+00:00",
  "results": {
    "AlpineReplay": {
      "InfoLeak": "Description of the breach...",
      "NumOfResults": 1,
      "Data": [
        {
          "Email": "user@example.com",
          "Password(bcrypt)": "$2****************************xC",
          "FirstName": "John",
          "LastName": "Doe"
        }
      ]
    }
  }
}

Get scan results

Returns the full stored result payload for a previous scan.

What comes back

Top-level metadata such as scan_id, status, total_breaches, and created_at.
The original keywords array or the scanned domain.
Optional discovered_emails for domain-driven scans.
Optional error_detail when the stored scan ended in an error state.
A results object keyed by breach database name.

Result parsing notes

Each breach source object contains InfoLeak, NumOfResults, and Data.
Data is an array of raw records from that source. Field names vary across breach databases.
Password-like values are masked in returned records.
total_breaches counts breach sources, not the total number of records across all Data arrays.

Error behavior

404: the supplied scan_id does not exist.
403: the API key could not be validated.
422: request validation failed, such as a missing X-API-Key header or malformed path input.

Authorizations

X-API-Key

string

header

required

API key for authentication. Create keys via the admin dashboard.

Path Parameters

scan_id

string<uuid>

required

The UUID returned from POST /scan

Response

Scan results

Stored scan result returned by GET /scan/{scan_id}.

scan_id

string<uuid>

keywords

string[]

The keywords that were scanned

domain

string | null

Domain that was enumerated (if provided)

total_breaches

integer

Number of breach databases found

status

enum<string>

Final stored scan status

Available options:

success,

no_results,

no_queries,

error

created_at

string<date-time>

When the stored scan record was created

discovered_emails

string[]

Emails discovered from domain enumeration

error_detail

string

Error message if scan failed

results

object

Raw breach data keyed by database name. Each entry contains InfoLeak (description), NumOfResults (count), and Data (array of breach records). Passwords are masked.

Show child attributes

Start scan ScanRequest

​Get scan results

​What comes back

​Result parsing notes

​Error behavior