diff --git a/docs/api-reference/astp/endpoints/post-credentials-search.mdx b/docs/api-reference/astp/endpoints/post-credentials-search.mdx
index a5c0c3c..cb31f9c 100644
--- a/docs/api-reference/astp/endpoints/post-credentials-search.mdx
+++ b/docs/api-reference/astp/endpoints/post-credentials-search.mdx
@@ -5,167 +5,17 @@ authMethod: "bearer"
---
import GatedAccessFeatureAstp from '/snippets/gated-access-feature-astp.mdx';
+import CrendentialSearchCommon from '/snippets/credentials/astp-and-global-search-common.mdx';
+import CrendentialSearchDescription from '/snippets/credentials/astp-and-global-search-description.mdx';
+import CrendentialEndpointsNote from '/snippets/credentials/astp-and-global-search-note.mdx';
-
-Returns a list of credentials matching the query provided.
-
-
-
-```json Response Example
-{
- "items": [
- {
- "domain": "scatterholt.com",
- "hash": "B@dPassw0rd",
- "hash_type": null,
- "id": 33880703907,
- "identity_name": "ryan.howard@scatterholt.com",
- "imported_at": "2024-07-22T19:25:52.893439+00:00",
- "known_password_id": null,
- "source": {
- "breached_at": null,
- "description_en": "Collection of multiple combo lists (emails and passwords) exchanged on illicit networks.",
- "description_fr": "Collection de multiples listes \"combos\" (adresses courriel et mots de passe) \u00e9chang\u00e9es sur des r\u00e9seaux illicites.",
- "id": "combolists",
- "is_alert_enabled": true,
- "leaked_at": null,
- "name": "Combolists"
- },
- "source_id": "combolists"
- },
- {
- "domain": "scatterholt.com",
- "hash": "1qaz2wsx",
- "hash_type": "unknown",
- "id": 33880703906,
- "identity_name": "ryan.howard@scatterholt.com",
- "imported_at": "2024-07-22T19:25:52.893439+00:00",
- "known_password_id": null,
- "source": {
- "breached_at": null,
- "description_en": "Collection of multiple combo lists (emails and passwords) exchanged on illicit networks.",
- "description_fr": "Collection de multiples listes \"combos\" (adresses courriel et mots de passe) \u00e9chang\u00e9es sur des r\u00e9seaux illicites.",
- "id": "combolists",
- "is_alert_enabled": true,
- "leaked_at": null,
- "name": "Combolists"
- },
- "source_id": "combolists"
- }
- ],
- "next": "WyJjb20uc2NhdHRlcmhvbHQiLCAxNjczNjg4ODg4NV0"
-}
-```
-
-
-
-## Paging
-
-This endpoint supports the
-[Flare standard paging pattern ](/concepts/paging).
+
+
## Guides
See the guide for using this endpoint:
[Exporting a Domain's Credentials ](/guides/credentials-export-domain).
-## Body Parameters
-
-
- Maximum size of the JSON object that will be returned (maximum 10 000)
-
-
-
- The `next` value from the last response.
-
-
-
- The order in which the results will be returned. (`asc` or `desc`)
-
-
-
- One of the supported queries.
-
-
-
- ```json
- {
- "type": "domain",
- "fqdn": ""
- }
- ```
-
-
-
- This query will match the domain of the service that this credential might have been used to log in to.
- ```json
- {
- "type": "auth_domain",
- "fqdn": ""
- }
- ```
-
-
-
- ```json
- {
- "type": "secret",
- "secret": ""
- }
- ```
-
-
-
- ```json
- {
- "type": "email",
- "email": ""
- }
- ```
-
-
-
- This query will match with the credential's username, which is the portion of the `identity_name` that preceeds `@`.
- ```json
- {
- "type": "keyword",
- "keyword": ""
- }
- ```
-
-
-
-
-
-
-
-
-
- This filter only works for Auth Domain Queries. It will be ignored if used with other query types.
-
-
-
-
- Matches values greater than or equal to the specified timestamp.
-
- Format: ISO-8601
-
-
-
- Matches values lesser than or equal to the specified timestamp.
-
- Format: ISO-8601
-
-
-
-
-
+
diff --git a/docs/api-reference/v4/endpoints/credentials-global-search.mdx b/docs/api-reference/v4/endpoints/credentials-global-search.mdx
new file mode 100644
index 0000000..42d516d
--- /dev/null
+++ b/docs/api-reference/v4/endpoints/credentials-global-search.mdx
@@ -0,0 +1,14 @@
+---
+title: "Search Credentials"
+api: "POST https://api.flare.io/firework/v4/credentials/global/_search"
+---
+
+import CrendentialEndpointsNote from '/snippets/credentials/astp-and-global-search-note.mdx';
+import CrendentialSearchCommon from '/snippets/credentials/astp-and-global-search-common.mdx';
+import GlobalSearchApiQuotaNote from '/snippets/global-search-api-quota-note.mdx';
+import CrendentialSearchDescription from '/snippets/credentials/astp-and-global-search-description.mdx';
+
+
+
+
+
diff --git a/docs/api-reference/v4/endpoints/global-search.mdx b/docs/api-reference/v4/endpoints/global-search.mdx
index d3fd9b3..6251fd1 100644
--- a/docs/api-reference/v4/endpoints/global-search.mdx
+++ b/docs/api-reference/v4/endpoints/global-search.mdx
@@ -1,5 +1,5 @@
---
-title: "Search"
+title: "Search Events"
api: "POST https://api.flare.io/firework/v4/events/global/_search"
authMethod: "bearer"
---
diff --git a/docs/changelog/overview.mdx b/docs/changelog/overview.mdx
index 55d9866..b54cc42 100644
--- a/docs/changelog/overview.mdx
+++ b/docs/changelog/overview.mdx
@@ -12,6 +12,12 @@ This page lists changes to Flare's API.
Release notes for the Flare Platform can be found on the [product documentation website](https://docs.flare.io/releases).
+
+ Added a [Global Search Credentials Endpoint ](/api-reference/v4/endpoints/credentials-global-search).
+ This new endpoint allows for searching in all of Flare's credentials and counts towards the Global Search quota.
+ This is useful for customers that don't have ASTP access.
+
+
Added documentation for
[Flare API Event Types ](/event-types/overview).
diff --git a/docs/docs.json b/docs/docs.json
index b35292d..77d7f45 100644
--- a/docs/docs.json
+++ b/docs/docs.json
@@ -91,15 +91,16 @@
"api-reference/v4/endpoints/identifier-feed",
"api-reference/v4/endpoints/identifier-group-feed"
]
- },
- {
- "group": "Global Search",
- "pages": [
- "api-reference/v4/endpoints/global-search"
- ]
}
]
},
+ {
+ "group": "Global Search API",
+ "pages": [
+ "api-reference/v4/endpoints/global-search",
+ "api-reference/v4/endpoints/credentials-global-search"
+ ]
+ },
{
"group": "Account and Session Takeover Prevention (ASTP) API",
"pages": [
diff --git a/docs/snippets/credentials/astp-and-global-search-common.mdx b/docs/snippets/credentials/astp-and-global-search-common.mdx
new file mode 100644
index 0000000..ad4eb6a
--- /dev/null
+++ b/docs/snippets/credentials/astp-and-global-search-common.mdx
@@ -0,0 +1,154 @@
+
+
+```json Response Example
+{
+ "items": [
+ {
+ "domain": "scatterholt.com",
+ "hash": "B@dPassw0rd",
+ "hash_type": null,
+ "id": 33880703907,
+ "identity_name": "ryan.howard@scatterholt.com",
+ "imported_at": "2024-07-22T19:25:52.893439+00:00",
+ "known_password_id": null,
+ "source": {
+ "breached_at": null,
+ "description_en": "Collection of multiple combo lists (emails and passwords) exchanged on illicit networks.",
+ "description_fr": "Collection de multiples listes \"combos\" (adresses courriel et mots de passe) \u00e9chang\u00e9es sur des r\u00e9seaux illicites.",
+ "id": "combolists",
+ "is_alert_enabled": true,
+ "leaked_at": null,
+ "name": "Combolists"
+ },
+ "source_id": "combolists"
+ },
+ {
+ "domain": "scatterholt.com",
+ "hash": "1qaz2wsx",
+ "hash_type": "unknown",
+ "id": 33880703906,
+ "identity_name": "ryan.howard@scatterholt.com",
+ "imported_at": "2024-07-22T19:25:52.893439+00:00",
+ "known_password_id": null,
+ "source": {
+ "breached_at": null,
+ "description_en": "Collection of multiple combo lists (emails and passwords) exchanged on illicit networks.",
+ "description_fr": "Collection de multiples listes \"combos\" (adresses courriel et mots de passe) \u00e9chang\u00e9es sur des r\u00e9seaux illicites.",
+ "id": "combolists",
+ "is_alert_enabled": true,
+ "leaked_at": null,
+ "name": "Combolists"
+ },
+ "source_id": "combolists"
+ }
+ ],
+ "next": "WyJjb20uc2NhdHRlcmhvbHQiLCAxNjczNjg4ODg4NV0"
+}
+```
+
+
+
+## Paging
+
+This endpoint supports the
+[Flare standard paging pattern ](/concepts/paging).
+
+## Body Parameters
+
+
+ Maximum size of the JSON object that will be returned (maximum 10 000)
+
+
+
+ The `next` value from the last response.
+
+
+
+ The order in which the results will be returned. (`asc` or `desc`)
+
+
+
+ One of the supported queries.
+
+
+
+ ```json
+ {
+ "type": "domain",
+ "fqdn": ""
+ }
+ ```
+
+
+
+ This query will match the domain of the service that this credential might have been used to log in to.
+ ```json
+ {
+ "type": "auth_domain",
+ "fqdn": ""
+ }
+ ```
+
+
+
+ ```json
+ {
+ "type": "secret",
+ "secret": ""
+ }
+ ```
+
+
+
+ ```json
+ {
+ "type": "email",
+ "email": ""
+ }
+ ```
+
+
+
+ This query will match with the credential's username, which is the portion of the `identity_name` that preceeds `@`.
+ ```json
+ {
+ "type": "keyword",
+ "keyword": ""
+ }
+ ```
+
+
+
+
+
+
+
+
+
+ This filter only works for Auth Domain Queries. It will be ignored if used with other query types.
+
+
+
+
+ Matches values greater than or equal to the specified timestamp.
+
+ Format: ISO-8601
+
+
+
+ Matches values lesser than or equal to the specified timestamp.
+
+ Format: ISO-8601
+
+
+
+
+
diff --git a/docs/snippets/credentials/astp-and-global-search-description.mdx b/docs/snippets/credentials/astp-and-global-search-description.mdx
new file mode 100644
index 0000000..35c7f25
--- /dev/null
+++ b/docs/snippets/credentials/astp-and-global-search-description.mdx
@@ -0,0 +1 @@
+Returns a list of credentials matching the query provided.
diff --git a/docs/snippets/credentials/astp-and-global-search-note.mdx b/docs/snippets/credentials/astp-and-global-search-note.mdx
new file mode 100644
index 0000000..d1a4e6d
--- /dev/null
+++ b/docs/snippets/credentials/astp-and-global-search-note.mdx
@@ -0,0 +1,5 @@
+
+Flare supports searching in credentials via two endpoints:
+- The [Global Credentials Search endpoint ](/api-reference/v4/endpoints/credentials-global-search): This endpoint counts towards your global search quota.
+- The [ASTP Credentials Search Endpoint ](/api-reference/astp/endpoints/post-credentials-search): This endpoint does not count towards your search quota but requires ASTP to be enabled on your account. For more information about ASTP, contact your Customer Success Manager.
+