Add documentation for credentials global search api

docs/api-reference/astp/endpoints/post-credentials-search.mdx

@@ -5,167 +5,17 @@ authMethod: "bearer"
 ---
 
 import GatedAccessFeatureAstp from '/snippets/gated-access-feature-astp.mdx';
+import CrendentialSearchCommon from '/snippets/credentials/astp-and-global-search-common.mdx';
+import CrendentialSearchDescription from '/snippets/credentials/astp-and-global-search-description.mdx';
+import CrendentialEndpointsNote from '/snippets/credentials/astp-and-global-search-note.mdx';
 
 <GatedAccessFeatureAstp />
-
-Returns a list of credentials matching the query provided.
-
-<ResponseExample>
-
-```json Response Example
-{
-    "items": [
-        {
-            "domain": "scatterholt.com",
-            "hash": "B@dPassw0rd",
-            "hash_type": null,
-            "id": 33880703907,
-            "identity_name": "ryan.howard@scatterholt.com",
-            "imported_at": "2024-07-22T19:25:52.893439+00:00",
-            "known_password_id": null,
-            "source": {
-                "breached_at": null,
-                "description_en": "Collection of multiple combo lists (emails and passwords) exchanged on illicit networks.",
-                "description_fr": "Collection de multiples listes \"combos\" (adresses courriel et mots de passe) \u00e9chang\u00e9es sur des r\u00e9seaux illicites.",
-                "id": "combolists",
-                "is_alert_enabled": true,
-                "leaked_at": null,
-                "name": "Combolists"
-            },
-            "source_id": "combolists"
-        },
-        {
-            "domain": "scatterholt.com",
-            "hash": "1qaz2wsx",
-            "hash_type": "unknown",
-            "id": 33880703906,
-            "identity_name": "ryan.howard@scatterholt.com",
-            "imported_at": "2024-07-22T19:25:52.893439+00:00",
-            "known_password_id": null,
-            "source": {
-                "breached_at": null,
-                "description_en": "Collection of multiple combo lists (emails and passwords) exchanged on illicit networks.",
-                "description_fr": "Collection de multiples listes \"combos\" (adresses courriel et mots de passe) \u00e9chang\u00e9es sur des r\u00e9seaux illicites.",
-                "id": "combolists",
-                "is_alert_enabled": true,
-                "leaked_at": null,
-                "name": "Combolists"
-            },
-            "source_id": "combolists"
-        }
-    ],
-    "next": "WyJjb20uc2NhdHRlcmhvbHQiLCAxNjczNjg4ODg4NV0"
-}
-```
-
-</ResponseExample>
-
-## Paging
-
-This endpoint supports the 
-[Flare standard paging pattern <Icon icon="book" size={16} />](/concepts/paging).
+<CrendentialEndpointsNote />
+<CrendentialSearchDescription/>
 
 ## Guides
 
 See the guide for using this endpoint:
 [Exporting a Domain's Credentials <Icon icon="book" size={16} />](/guides/credentials-export-domain).
 
-## Body Parameters
-
-<ParamField body="size" type="number">
-  Maximum size of the JSON object that will be returned (maximum 10 000) 
-</ParamField>
-
-<ParamField body="from" type="string">
-  The `next` value from the last response.
-</ParamField>
-
-<ParamField body="order" type="string" default="desc">
-  The order in which the results will be returned. (`asc` or `desc`)
-</ParamField>
-
-<ParamField body="query" type="object">
-  One of the supported queries.
-  <Tabs>
-
-    <Tab title="Domain Query">
-    ```json
-    {
-      "type": "domain",
-      "fqdn": "<string>"
-    }
-    ```
-    </Tab>
-
-    <Tab title="Auth Domain Query" >
-    This query will match the domain of the service that this credential might have been used to log in to.
-    ```json
-    {
-      "type": "auth_domain",
-      "fqdn": "<string>"
-    }
-    ```
-    </Tab>
-
-    <Tab title="Password Query">
-    ```json
-    {
-      "type": "secret",
-      "secret": "<string>"
-    }
-    ```
-    </Tab>
-
-    <Tab title="Email Query">
-    ```json
-    {
-      "type": "email",
-      "email": "<string>"
-    }
-    ```
-    </Tab>
-
-    <Tab title="Keyword Query" >
-    This query will match with the credential's username, which is the portion of the `identity_name` that preceeds `@`.
-    ```json
-    {
-      "type": "keyword",
-      "keyword": "<string>"
-    }
-    ```
-    </Tab>
-
-  </Tabs>
-</ParamField>
-
-<ParamField body="filters" type="object">
-  <Expandable defaultOpen>
-    <ParamField body="imported_at" type="object">
-      <Note>
-        This filter only works for Auth Domain Queries. It will be ignored if used with other query types.
-      </Note>
-
-      <Expandable>
-        <ParamField
-          body="gte"
-          type="string"
-          placeholder="Example: 2024-01-01T00:00:00+00:00"
-        >
-          Matches values greater than or equal to the specified timestamp.
-
-          Format: ISO-8601
-        </ParamField>
-
-        <ParamField
-          body="lte"
-          type="string"
-          placeholder="Example: 2024-01-01T00:00:00+00:00"
-        >
-          Matches values lesser than or equal to the specified timestamp.
-
-          Format: ISO-8601
-        </ParamField>
-      </Expandable>
-    </ParamField>
-  </Expandable>
-</ParamField>
+<CrendentialSearchCommon />

docs/api-reference/v4/endpoints/credentials-global-search.mdx

@@ -0,0 +1,14 @@
+---
+title: "Search Credentials"
+api: "POST https://api.flare.io/firework/v4/credentials/global/_search"
+---
+
+import CrendentialEndpointsNote from '/snippets/credentials/astp-and-global-search-note.mdx';
+import CrendentialSearchCommon from '/snippets/credentials/astp-and-global-search-common.mdx';
+import GlobalSearchApiQuotaNote from '/snippets/global-search-api-quota-note.mdx';
+import CrendentialSearchDescription from '/snippets/credentials/astp-and-global-search-description.mdx';
+
+<GlobalSearchApiQuotaNote />
+<CrendentialEndpointsNote />
+<CrendentialSearchDescription />
+<CrendentialSearchCommon />

docs/api-reference/v4/endpoints/global-search.mdx

@@ -1,5 +1,5 @@
 ---
-title: "Search"
+title: "Search Events"
 api: "POST https://api.flare.io/firework/v4/events/global/_search"
 authMethod: "bearer"
 ---

docs/changelog/overview.mdx

@@ -12,6 +12,12 @@ This page lists changes to Flare's API.
 Release notes for the Flare Platform can be found on the [product documentation website](https://docs.flare.io/releases).
 </Note>
 
+<Update label="2025-11" description="API - November 2025">
+  Added a [Global Search Credentials Endpoint <Icon icon="code" size={16} />](/api-reference/v4/endpoints/credentials-global-search).
+  This new endpoint allows for searching in all of Flare's credentials and counts towards the Global Search quota.
+  This is useful for customers that don't have ASTP access.
+</Update>
+
 <Update label="2025-10" description="API - October 2025">
   Added documentation for
   [Flare API Event Types <Icon icon="book" size={16} />](/event-types/overview).

docs/docs.json

@@ -91,15 +91,16 @@
                   "api-reference/v4/endpoints/identifier-feed",
                   "api-reference/v4/endpoints/identifier-group-feed"
                 ]
-              },
-              {
-                "group": "Global Search",
-                "pages": [
-                  "api-reference/v4/endpoints/global-search"
-                ]
               }
             ]
           },
+          {
+            "group": "Global Search API",
+            "pages": [
+              "api-reference/v4/endpoints/global-search",
+              "api-reference/v4/endpoints/credentials-global-search"
+            ]
+          },
           {
             "group": "Account and Session Takeover Prevention (ASTP) API",
             "pages": [

docs/snippets/credentials/astp-and-global-search-common.mdx

@@ -0,0 +1,154 @@
+<ResponseExample>
+
+```json Response Example
+{
+    "items": [
+        {
+            "domain": "scatterholt.com",
+            "hash": "B@dPassw0rd",
+            "hash_type": null,
+            "id": 33880703907,
+            "identity_name": "ryan.howard@scatterholt.com",
+            "imported_at": "2024-07-22T19:25:52.893439+00:00",
+            "known_password_id": null,
+            "source": {
+                "breached_at": null,
+                "description_en": "Collection of multiple combo lists (emails and passwords) exchanged on illicit networks.",
+                "description_fr": "Collection de multiples listes \"combos\" (adresses courriel et mots de passe) \u00e9chang\u00e9es sur des r\u00e9seaux illicites.",
+                "id": "combolists",
+                "is_alert_enabled": true,
+                "leaked_at": null,
+                "name": "Combolists"
+            },
+            "source_id": "combolists"
+        },
+        {
+            "domain": "scatterholt.com",
+            "hash": "1qaz2wsx",
+            "hash_type": "unknown",
+            "id": 33880703906,
+            "identity_name": "ryan.howard@scatterholt.com",
+            "imported_at": "2024-07-22T19:25:52.893439+00:00",
+            "known_password_id": null,
+            "source": {
+                "breached_at": null,
+                "description_en": "Collection of multiple combo lists (emails and passwords) exchanged on illicit networks.",
+                "description_fr": "Collection de multiples listes \"combos\" (adresses courriel et mots de passe) \u00e9chang\u00e9es sur des r\u00e9seaux illicites.",
+                "id": "combolists",
+                "is_alert_enabled": true,
+                "leaked_at": null,
+                "name": "Combolists"
+            },
+            "source_id": "combolists"
+        }
+    ],
+    "next": "WyJjb20uc2NhdHRlcmhvbHQiLCAxNjczNjg4ODg4NV0"
+}
+```
+
+</ResponseExample>
+
+## Paging
+
+This endpoint supports the
+[Flare standard paging pattern <Icon icon="book" size={16} />](/concepts/paging).
+
+## Body Parameters
+
+<ParamField body="size" type="number">
+  Maximum size of the JSON object that will be returned (maximum 10 000)
+</ParamField>
+
+<ParamField body="from" type="string">
+  The `next` value from the last response.
+</ParamField>
+
+<ParamField body="order" type="string" default="desc">
+  The order in which the results will be returned. (`asc` or `desc`)
+</ParamField>
+
+<ParamField body="query" type="object">
+  One of the supported queries.
+  <Tabs>
+
+    <Tab title="Domain Query">
+    ```json
+    {
+      "type": "domain",
+      "fqdn": "<string>"
+    }
+    ```
+    </Tab>
+
+    <Tab title="Auth Domain Query" >
+    This query will match the domain of the service that this credential might have been used to log in to.
+    ```json
+    {
+      "type": "auth_domain",
+      "fqdn": "<string>"
+    }
+    ```
+    </Tab>
+
+    <Tab title="Password Query">
+    ```json
+    {
+      "type": "secret",
+      "secret": "<string>"
+    }
+    ```
+    </Tab>
+
+    <Tab title="Email Query">
+    ```json
+    {
+      "type": "email",
+      "email": "<string>"
+    }
+    ```
+    </Tab>
+
+    <Tab title="Keyword Query" >
+    This query will match with the credential's username, which is the portion of the `identity_name` that preceeds `@`.
+    ```json
+    {
+      "type": "keyword",
+      "keyword": "<string>"
+    }
+    ```
+    </Tab>
+
+  </Tabs>
+</ParamField>
+
+<ParamField body="filters" type="object">
+  <Expandable defaultOpen>
+    <ParamField body="imported_at" type="object">
+      <Note>
+        This filter only works for Auth Domain Queries. It will be ignored if used with other query types.
+      </Note>
+
+      <Expandable>
+        <ParamField
+          body="gte"
+          type="string"
+          placeholder="Example: 2024-01-01T00:00:00+00:00"
+        >
+          Matches values greater than or equal to the specified timestamp.
+
+          Format: ISO-8601
+        </ParamField>
+
+        <ParamField
+          body="lte"
+          type="string"
+          placeholder="Example: 2024-01-01T00:00:00+00:00"
+        >
+          Matches values lesser than or equal to the specified timestamp.
+
+          Format: ISO-8601
+        </ParamField>
+      </Expandable>
+    </ParamField>
+  </Expandable>
+</ParamField>

docs/snippets/credentials/astp-and-global-search-description.mdx

@@ -0,0 +1 @@
+Returns a list of credentials matching the query provided.

docs/snippets/credentials/astp-and-global-search-note.mdx

@@ -0,0 +1,5 @@
+<Note>
+Flare supports searching in credentials via two endpoints:
+- The [Global Credentials Search endpoint <Icon icon="code" size={16} />](/api-reference/v4/endpoints/credentials-global-search): This endpoint counts towards your global search quota.
+- The [ASTP Credentials Search Endpoint <Icon icon="code" size={16} />](/api-reference/astp/endpoints/post-credentials-search): This endpoint does <b>not</b> count towards your search quota but requires ASTP to be enabled on your account. For more information about ASTP, contact your Customer Success Manager.
+</Note>