🔐 Permissions
API Permissions
The following permissions define what data, endpoints, and fields a user may access within the Hudson Rock API. Each permission must be explicitly granted to enable the corresponding functionality.
Data Access Permissions
- employees - Allows access to employee/corporate compromised credentials.
- users - Grants access to general user compromised credentials.
- apks - Enables retrieval of APK-related compromised credentials.
Search Endpoint Permissions
- search-by-domain - Enables searches filtered by domain names.
- search-by-stealer - Allows searching by stealer IDs.
- search-by-ip - Grants the ability to search by IPv4/IPv6 address or CIDR range.
- search-by-pc - Allows lookup by machine or computer identifier.
- search-by-login - Enables searching by login name (username/email).
- search-by-password - Allows matching records based on password values.
- search-by-keyword - Enables keyword-based searches across datasets.
- search-by-file - Allows searching by file names associated with compromised data.
- advanced-search - Perform an advanced search to identify potential compromises with multiple filters (domains, employees, users, last compromised, last uploaded, company size, industry, country).
- infection-analysis - Enables access to AI infection-level analysis and enrichment.
Field Visibility Permissions
- domain - Displays domain fields in returned results.
- url - Shows URL fields in search results.
- usernames -Exposes usernames in the response.
- passwords - Allows plaintext passwords to be shown when available.
- employee_passwords - Shows all employee password data (primarily for stealer-based searches).
- cookie_values - Determines whether raw cookie values are returned or censored.
Filtering & Scope Controls
- limited_domains - Restricts results to the user's assigned domain list.
- unfiltered - Removes domain-based filtering, showing all matches.
Updated about 11 hours ago