Skip to main content
GET
/
scan
/
{scan_id}
Get scan results by UUID
curl --request GET \
  --url https://darkrecon.1337807.xyz/scan/{scan_id} \
  --header 'X-API-Key: <api-key>'
{
  "scan_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "keywords": [
    "user@example.com"
  ],
  "domain": null,
  "total_breaches": 3,
  "status": "success",
  "created_at": "2026-03-30T10:30:00+00:00",
  "results": {
    "AlpineReplay": {
      "InfoLeak": "Description of the breach...",
      "NumOfResults": 1,
      "Data": [
        {
          "Email": "user@example.com",
          "Password(bcrypt)": "$2****************************xC",
          "FirstName": "John",
          "LastName": "Doe"
        }
      ]
    }
  }
}

Get scan results

Returns the full stored result payload for a previous scan.

What comes back

  • Top-level metadata such as scan_id, status, total_breaches, and created_at.
  • The original keywords array or the scanned domain.
  • Optional discovered_emails for domain-driven scans.
  • Optional error_detail when the stored scan ended in an error state.
  • A results object keyed by breach database name.

Result parsing notes

  • Each breach source object contains InfoLeak, NumOfResults, and Data.
  • Data is an array of raw records from that source. Field names vary across breach databases.
  • Password-like values are masked in returned records.
  • total_breaches counts breach sources, not the total number of records across all Data arrays.

Error behavior

  • 404: the supplied scan_id does not exist.
  • 403: the API key could not be validated.
  • 422: request validation failed, such as a missing X-API-Key header or malformed path input.

Authorizations

X-API-Key
string
header
required

API key for authentication. Create keys via the admin dashboard.

Path Parameters

scan_id
string<uuid>
required

The UUID returned from POST /scan

Response

Scan results

Stored scan result returned by GET /scan/{scan_id}.

scan_id
string<uuid>
keywords
string[]

The keywords that were scanned

domain
string | null

Domain that was enumerated (if provided)

total_breaches
integer

Number of breach databases found

status
enum<string>

Final stored scan status

Available options:
success,
no_results,
no_queries,
error
created_at
string<date-time>

When the stored scan record was created

discovered_emails
string[]

Emails discovered from domain enumeration

error_detail
string

Error message if scan failed

results
object

Raw breach data keyed by database name. Each entry contains InfoLeak (description), NumOfResults (count), and Data (array of breach records). Passwords are masked.