API Reference
Programmatic access to DataHound's intelligence engines. Integrate real-time OSINT and aggregated breach datasets directly into your applications using our standardized JSON API.
Authentication
Authenticate requests by setting the X-API-Key
header.
Rate Limits
| Plan | Daily Queries | Results Limit |
|---|---|---|
| Basic | 100 | 1,000 |
| Enterprise | 1000 | 1,000 |
/username
Checks username availability across social networks and queries breach compilations.
Supported Parameters
Possible Response Fields
Dot paths from the JSON root. Every key is optional if its parent block is absent.
| Field | Type | Description |
|---|---|---|
| Root | ||
| status | string | found or not_found. |
| metadata | object | API key info, plan, usage counters — same shape as all endpoints. |
| results.query | string | Normalized username queried. |
| Social Footprint | ||
| results.Social Footprint | object | Keyed by platform name. Present only when at least one platform returned a hit. |
| results.Social Footprint.<platform>.exists | bool | True if the username was found on this platform. |
| results.Social Footprint.<platform>.status | string | FOUND or NOT FOUND. |
| results.Social Footprint.<platform>.url | string | Profile URL when available. |
| results.Social Footprint.<platform>.data | object | Platform-specific enrichment fields (varies by source). |
| Database Leaks | ||
| results.database_leaks | array<object> | Breach records merged from all sources. |
| results.database_leaks[].breach_summary | object | Raw breach record fields (email, password, username, domain, source…). |
| results.database_leaks[].source | string | Origin tag of the breach record. |
Performs deep OSINT on an email address. Checks registrations on major platforms and cross-references breach databases.
Supported Parameters
Possible Response Fields
Dot paths from the JSON root. Every key is optional if its parent block is absent.
| Field | Type | Description |
|---|---|---|
| Root | ||
| status | string | found or not_found. |
| metadata | object | API key info, plan, usage counters — same shape as all endpoints. |
| results.query | string | Normalized email queried. |
| Email OSINT | ||
| results.email_osint.registered_on | array<string> | Platform names where the email is registered (fast heuristic check). |
| results.email_osint.scan_details | array<object> | Deep scan results — one object per service that returned data. |
| results.email_osint.scan_details[].service | string | Service label, e.g. Platform Footprint. |
| results.email_osint.scan_details[].status | string | FOUND or NOT FOUND. |
| results.email_osint.scan_details[].exists | bool | True when at least one registration was found. |
| results.email_osint.scan_details[].data.stats.total_checked | number | Platforms scanned by the footprint engine. |
| results.email_osint.scan_details[].data.stats.registered_count | number | Platforms where email is registered. |
| results.email_osint.scan_details[].data.stats.elapsed | string | Scan duration, e.g. 20.09s. |
| results.email_osint.scan_details[].data.results | array<object> | Per-platform result objects (all platforms checked, not only hits). |
| results.email_osint.scan_details[].data.results[].domain | string | Platform domain, e.g. github.com. |
| results.email_osint.scan_details[].data.results[].taken | bool | True if the email is registered on this platform. |
| results.email_osint.scan_details[].data.results[].type | string | Detection method, e.g. API or HTTP. |
| results.email_osint.scan_details[].data.results[].ExtraData | object | Platform-specific enrichment: Username, ProfileUrl, AvatarUrl, Followers, Has2FA, etc. |
| Database Leaks | ||
| results.database_leaks | array<object> | Breach records merged from all sources. |
| results.database_leaks[].breach_summary | object | Raw breach record fields (email, password, username, domain, source…). |
| results.database_leaks[].source | string | Origin tag of the breach record. |
/phone
Retrieves carrier details, geolocation metadata, social media registrations (WhatsApp/Facebook), and CNAM data.
Supported Parameters
/ip
IPv4 intelligence in one request. Four pipelines run
in parallel: geolocation and network flags (ip-api), breach cross-references (external indexes),
Hudson Rock stealer exposure (infected machines and credential rows), and
Stealer Provider victim search
via OathNet victims/search with ip=address
(same index as /stealer-provider/victims/search).
Root status is
found when any source returns data. Victim hits appear as
results.stealer_provider (normalized, capped by plan limit, max 20 items).
Use each log_id with Stealer Provider manifest / archive routes. Discord IDs on
victim rows may add results.linked_discord(s) (up to 2 profiles).
Data Sources (parallel)
stealer_machines, stealer_logs, optional hudsonrock_intel.
device_ips. Block omitted if OathNet is not configured.
Query Parameters
Required. Public IPv4 only. Invalid format → 400.
Possible Response Fields
Dot paths from the JSON root. Optional blocks depend on hits. Stealer Provider items capped at 20.
| Field | Type | Description |
|---|---|---|
| Root | ||
| status | string | found or not_found. |
| metadata | object | API key usage — same as all endpoints. |
| results.ip_address | string | Normalized IPv4 queried. |
| Geolocation | ||
| results.geolocation | object | Present when ip-api returns success. |
| results.geolocation.country | string | Country name. |
| results.geolocation.country_code | string | ISO country code. |
| results.geolocation.region | string | Region / state. |
| results.geolocation.city | string | City. |
| results.geolocation.isp | string | ISP name. |
| results.geolocation.organization | string | Organization label. |
| results.geolocation.is_proxy | bool | Included only when true. |
| results.geolocation.is_hosting | bool | Datacenter / hosting — included only when true. |
| results.geolocation.is_mobile | bool | Mobile network — included only when true. |
| Breaches & Hudson Rock | ||
| results.database_leaks | array | Deduplicated breach rows. |
| results.stealer_machines | array | Hudson Rock infected machines. |
| results.stealer_logs | array | Hudson Rock credential rows. |
| results.hudsonrock_intel | object | Optional summary (infection count, source). |
| Stealer Provider — results.stealer_provider | ||
| results.stealer_provider | object | OathNet victims merged inline; see Victim Item Fields. |
| results.stealer_provider.status | string | found or not_found. |
| results.stealer_provider.total_results | number | Upstream meta.total. |
| results.stealer_provider.items[].log_id | string | Manifest + ZIP via /stealer-provider/victims/{log_id}. |
| results.stealer_provider.items[].device_ips | array | IPs on the infected host (includes query when matched). |
| Linked Discord (optional) | ||
| results.linked_discord | object | One extra Discord profile from victim discord_ids. |
| results.linked_discords | array | Up to two related Discord lookups. |
Equivalent search —
GET /stealer-provider/victims/search?ip=8.8.8.8 returns the same victim index with the full upstream envelope.
Resilience — one source failing does not fail the whole response; missing blocks are simply omitted.
/stealer
Queries our vast repository of Stealer Logs (malware-infected browser credentials) searching by email or domain.
Supported Parameters
Possible Response Fields
Dot paths from the JSON root. Every key is optional if its parent block is absent.
| Field | Type | Description |
|---|---|---|
| Root | ||
| status | string | found or not_found. |
| metadata | object | API key info, plan, usage counters — same shape as all endpoints. |
| Results | ||
| results.query | string | Normalized domain or email queried. |
| results.search_type | string | email or domain — auto-detected from the query. |
| results.total_stealer_logs | number | Total credential records returned. |
| results.stealer_logs | array<object> | Extracted credential records. |
| results.stealer_logs[].url | string | Site/domain the credential was stolen from. |
| results.stealer_logs[].username | string | Username or email used on that site. |
| results.stealer_logs[].password | string | Plaintext or hashed password extracted by the infostealer. |
/hudsonrock
Dedicated Hudson Rock stealer intelligence: compromised
devices, infostealer families, and extracted credentials. Use type to select IP (or CIDR), email, or username search — mapped
to Hudson Rock API v3 (search-by-ip,
search-by-login/emails,
search-by-login/usernames).
Supported Parameters
Possible Response Fields
Dot paths from the JSON root. Machine and credential arrays are capped by your API key limit (max 20 machines; up to 4× credential rows per machine limit).
| Field | Type | Description |
|---|---|---|
| Root | ||
| status | string | found, not_found, or error when Hudson Rock is unavailable. |
| metadata | object | API key info, plan, usage counters — same shape as all endpoints. |
| censored | bool | Present when the query was removed via data removal service. |
| Results | ||
| results.query | string | Normalized IP, CIDR, email, or username queried. |
| results.search_type | string | ip, email, or username — mirrors the type parameter. |
| results.provider | string | Always HudsonRock. |
| results.infection_count | number | Total infected machines returned upstream (before cap). |
| results.credential_pairs_found | number | Total username/password rows extracted from stealer logs. |
| Stealer Machines — results.stealer_machines[] | ||
| machine_id | string | Hudson Rock device identifier. |
| stealer_family | string | Infostealer family (e.g. RedLine, Raccoon). |
| ip | string | Last known IP of the infected host. |
| computer_name | string | Windows hostname. |
| operating_system | string | OS version string. |
| malware_path | string | Path where the stealer binary was found. |
| date_compromised | string | When the machine was first compromised. |
| date_uploaded | string | When the log was indexed by Hudson Rock. |
| antiviruses | array | AV products detected on the host. |
| client_at | array | Domains/sites where credentials were stolen. |
| credentials | array | Full credential objects (url, domain, username, password, type). |
| Stealer Logs — results.stealer_logs[] | ||
| url | string | Site or domain the credential was stolen from. |
| username | string | Login or email used on that site. |
| password | string | Plaintext password extracted by the infostealer. |
| Summary — results.hudsonrock_intel | ||
| source | string | HudsonRock API v3. |
| infection_count | string | Total machines found (stringified count). |
| device_1_* … device_3_* | mixed | Flattened OSINT fields for up to 3 devices (stealer family, IP, credentials…). |
| more_devices | string | Count of additional machines beyond the first three in the summary. |
Same data on /ip —
IP searches also merge Hudson Rock hits inline as
results.stealer_machines,
results.stealer_logs, and
results.hudsonrock_intel (see /ip).
Limits —
type=ip accepts IPv4 or CIDR;
type=email normalizes to lowercase;
type=username allows 2–64 chars (letters, digits, _ . -).
/stealer-provider
Victim-level stealer intelligence: each hit is one
compromised machine indexed as a log_id with a full file tree
(browser data, wallets, tokens, etc.). Search summaries, open the manifest, stream the ZIP, or read
individual files. The same victim summaries are merged automatically into
/discord and
/ip as
results.stealer_provider (normalized field names; capped by your
key limit, max 20 items).
Typical flow: search → pick
log_id → manifest → file or archive. On
/discord, extra Discord IDs from victim items may populate
results.linked_discord /
results.linked_discords (up to 2 related profiles).
Endpoints
status + upstream payload under results.
log_id, optional metadata, and recursive
victim_tree (folders/files with id,
name, size_bytes).
text/plain (not JSON).
file_id comes from the manifest tree.
application/zip (Content-Disposition: attachment). Use
-L / stream=True; do not call .json().
Query Parameters
| Parameter | Endpoints | Description |
|---|---|---|
| discord_id | victims/search | Discord snowflake (17–20 digits). Sent upstream as discord_id[]. |
| victims/search | Email observed on infected devices. | |
| ip | victims/search | Device IP from the log. |
| hwid | victims/search | Hardware identifier. |
| username | victims/search | OS or machine username from the stealer. |
| q | both search routes | Free-text query passed to the upstream index. |
| log_id | both search routes | Direct lookup by victim id (8–128 chars: letters, digits, _, -). |
| page_size | both search routes | Page size for upstream pagination. |
| cursor | both search routes | Cursor from results.data.meta.next_cursor. |
| sort | both search routes | Upstream sort token. |
| total_docs_min | victims/search | Minimum file count inside the archive. |
| total_docs_max | victims/search | Maximum file count inside the archive. |
| wildcard | credentials/search | Enable wildcard matching on credential search. |
Response Envelope
All JSON routes share the standard DataHound wrapper.
Dedicated routes return the upstream body under results;
inline enrichment on /discord /
/ip uses the compact block below.
| Field | Type | Description |
|---|---|---|
| Dedicated routes (victims/search, credentials/search, manifest) | ||
| metadata | object | API key usage — same as other endpoints. |
| status | string | found or not_found (based on whether items / manifest exist). |
| results | object | Upstream payload (noise fields _meta, lookups, performance stripped). |
| results.data.items | array | Victim rows on victims/search. Field names match upstream (device_user_str, hwids_str, … may appear). |
| results.data.meta | object | count, total, has_more, total_pages, next_cursor. |
| results.victim_tree | object | Recursive tree on manifest route; each file node has an id for /files/{file_id}. |
| Inline block (/discord, /ip) — results.stealer_provider | ||
| results.stealer_provider.provider | string | Always stealer_provider. |
| results.stealer_provider.status | string | found or not_found. |
| results.stealer_provider.total_results | number | Upstream total from meta.total. |
| results.stealer_provider.items | array | Normalized summaries (see table below). |
Victim Item Fields
On /discord and
/ip, items are normalized to stable array keys. On dedicated
victims/search, upstream may still use
*_str suffixes — treat both as string arrays.
| Field | Type | Description |
|---|---|---|
| log_id | string | Required. Pass to manifest, /files/{file_id}, and /archive. |
| device_users | array<string> | OS / machine usernames (from device_users or device_user_str). |
| hwids | array<string> | Hardware IDs (from hwids or hwids_str). |
| device_ips | array<string> | IPs seen on the infected host. |
| device_emails | array<string> | Emails recovered (from device_emails or device_emails_str). |
| discord_ids | array<string> | Discord snowflakes on the device; may drive linked_discord(s) on /discord. |
| total_docs | number | File count in the archive; filter with total_docs_min / total_docs_max. |
| pwned_at | string | When the machine was compromised (ISO timestamp). |
| indexed_at | string | When the log was indexed upstream (ISO timestamp). |
Errors — invalid
log_id / file_id → 400; upstream or download failure on
file/archive routes → 502; integration disabled server-side → 503
(OathNet integration is not configured).
Quota — each call uses one API lookup like other Intelligence routes. Archive downloads can be large; use streaming and reasonable timeouts (server allows up to ~300s for ZIP).
/discord
Comprehensive lookup for Discord IDs. Aggregates data from Medal, guns.lol, Roblox, FiveM server logs, historical username changes, and Stealer Provider victim summaries when the ID appears on a compromised device, plus proprietary scrapes and private databases we maintain and refresh continuously.
Supported Parameters
Possible Response Fields
Parser convention: dot paths from the JSON root; [] is an array index; every key is optional if the block exists.
| Field | Type | Description |
|---|---|---|
| Root & metadata | ||
| status | string | Root; mirrors results.status. |
| metadata.username | string | API key owner username. |
| metadata.uid | string | API key owner id. |
| metadata.plan | string | Plan type slug. |
| metadata.plan_id | string | Plan id. |
| metadata.plan_label | string | Plan label. |
| metadata.subscription_type | string | Subscription type. |
| metadata.key_status | string | Key status. |
| metadata.expires_at | string | Key expiry ISO. |
| metadata.daily_limit | number | Daily result cap. |
| metadata.used_today | number | Requests used today. |
| metadata.remaining_today | number | Requests left today. |
| metadata.reset_at | string | Usage reset time ISO. |
| metadata.query_type | string | Always discord_id for this route. |
| metadata.normalized_query | string | Snowflake queried; if id was a profile URL it is normalized to the numeric id. |
| metadata.region | string | Only if build_response_metadata received a region. |
| Results | ||
| results | object | Lookup payload. |
| results.status | string | found or not_found. |
| Discord profile | ||
| results.discord_profile.id | string | Discord snowflake. |
| results.discord_profile.username | string | Login username when known. |
| results.discord_profile.global_name | string | Display name from live lookup when present. |
| results.discord_profile.account_created_at | string | ISO from live lookup when present. |
| results.discord_profile.avatar_hash | string | Avatar hash from live lookup when present. |
| results.discord_profile.discriminator | string | Legacy #0000 suffix when inferred from leaks only. |
| Database leaks | ||
| results.database_leaks.total_results | number | Total rows found before result_limit cap. |
| results.database_leaks.details | array | Leak rows; each element is an object. |
| results.database_leaks.details[].discordid | string | Target Discord snowflake for the row. |
| results.database_leaks.details[].username | string | Parsed handle or name token. |
| results.database_leaks.details[].email | string | |
| results.database_leaks.details[].ip | string | IPv4 when present. |
| results.database_leaks.details[].date | string | Cleaned date string. |
| results.database_leaks.details[].password_hash | string | |
| results.database_leaks.details[].other | string | Remaining tokens not mapped to a named field, pipe-separated. |
| results.database_leaks.details[].loc | string | Location string when present in source. |
| results.database_leaks.details[].bio | string | |
| results.database_leaks.details[].url | string | |
| results.database_leaks.details[].gender | string | |
| results.database_leaks.details[].social | array | From embedded soc maps in JSON lines. |
| results.database_leaks.details[].social[].platform | string | Lowercase service key. |
| results.database_leaks.details[].social[].handle | string | Handle for that platform. |
| results.database_leaks.details[].source | string | Source database filename without extension. |
| results.database_leaks.details[].raw | string | Truncated original source line (max 8000 chars). |
| Activity history | ||
| results.activity_history.known_guilds | array | Discord servers seen in history logs. |
| results.activity_history.known_guilds[].guild_name | string | |
| results.activity_history.known_guilds[].timestamp | string | |
| results.activity_history.known_guilds[].username_seen | string | |
| results.activity_history.known_guilds[].displayname_seen | string | |
| results.activity_history.known_guilds[].user_id | string | |
| Medal | ||
| results.medal.medal_id | string | |
| results.medal.username | string | |
| results.medal.display_name | string | |
| results.medal.slogan | string | |
| Social footprint | ||
| results.medal.social_footprint | array | |
| results.medal.social_footprint[].service | string | Uppercase provider id. |
| results.medal.social_footprint[].identifier | string | Handle or display value; may be a URL for some providers. |
| results.medal.social_footprint[].full_id | string | May be null in CSV-derived rows. |
| guns.lol | ||
| results['guns/lol'] | object | guns.lol profile when a match exists in discord/guns data; literal JSON key guns/lol. |
| results['guns/lol'].profile_id | string | Numeric guns.lol uid. |
| results['guns/lol'].medal_id | string | Same as profile_id (legacy alias). |
| results['guns/lol'].username | string | guns.lol slug. |
| results['guns/lol'].display_name | string | Display name from profile config. |
| results['guns/lol'].slogan | string | Description line; may be null. |
| results['guns/lol'].avatar_url | string | Avatar URL when present. |
| results['guns/lol'].profile_url | string | Public page https://guns.lol/<username>. |
| results['guns/lol'].account_created | number | Unix seconds when provided by source. |
| results['guns/lol'].account_created_at | string | UTC ISO derived from account_created. |
| Social footprint | ||
| results['guns/lol'].social_footprint | array | From config.socials, top-level socials, and linked discord; entries with hidden: true omitted. |
| results['guns/lol'].social_footprint[].service | string | Uppercase social key from each link row (GITHUB, STEAM, CUSTOM_URL, DISCORD, etc.). |
| results['guns/lol'].social_footprint[].identifier | string | Handle, slug, or full HTTP URL (query string stripped) for link-type socials; kept in the API even when id is present. |
| results['guns/lol'].social_footprint[].full_id | string | Discord snowflake only for user profile URLs (discord.com/users/<id> or discord.com/<id>); otherwise null. |
| results['guns/lol'].social_footprint[].id | string | UUID from config.socials[].id when the row was built from profile config (e.g. 12de3434-3220-4593-a258-e8133b20cad4); omitted for Discord-from-profile and flat socials rows without an id. |
| FiveM | ||
| results.fivem.found | boolean | |
| results.fivem.servers_found | number | |
| results.fivem.details | array | |
| results.fivem.details[].server_name | string | Source leak basename (no extension). |
| results.fivem.details[].player_name | string|null | In-game or parsed display name when present. |
| results.fivem.details[].identifiers | array | Includes optional entries with type detail (parsed field values). |
| results.fivem.details[].identifiers[].type | string | discord, license, license2, live, steam, ip, detail, Identifier. |
| results.fivem.details[].identifiers[].value | string | Without type prefix. |
| results.fivem.details[].identifiers[].url | string|null | Only when type is steam. |
| IP geolocation | ||
| results.ip_geolocation | array | One object per leaked IP geocoded. |
| results.ip_geolocation[].status | string | success when lookup worked. |
| results.ip_geolocation[].message | string | ip-api error message when status is not success. |
| results.ip_geolocation[].query | string | IPv4 echoed by provider. |
| results.ip_geolocation[].country | string | |
| results.ip_geolocation[].countryCode | string | |
| results.ip_geolocation[].regionName | string | |
| results.ip_geolocation[].city | string | |
| results.ip_geolocation[].zip | string | |
| results.ip_geolocation[].isp | string | |
| results.ip_geolocation[].org | string | |
| results.ip_geolocation[].mobile | boolean | |
| results.ip_geolocation[].proxy | boolean | |
| results.ip_geolocation[].hosting | boolean | |
| Roblox profile | ||
| results.roblox.profile_data.username | string | |
| results.roblox.profile_data.display_name | string | |
| results.roblox.profile_data.id | number | Roblox user id. |
| results.roblox.profile_data.created | string | ISO from Roblox API. |
| results.roblox.profile_data.description | string | |
| results.roblox.profile_data.is_banned | boolean | |
| results.roblox.profile_data.has_verified_badge | boolean | |
| results.roblox.profile_data.avatar_url | string|null | |
| RobUsername history | ||
| results.roblox.profile_data.username_history | array | Array of past usernames (strings). |
| results.roblox.profile_data.username_history[] | string | Past name string. |
| Stealer Provider | ||
| results.stealer_provider | object | Compromised-device summaries for the Discord ID, keyed by log_id. Each item references a stealer-log archive that can be downloaded via the Stealer Provider endpoints. |
| results.stealer_provider.provider | string | Always stealer_provider. |
| results.stealer_provider.total_results | number | Total matching victim summaries available upstream. |
| results.stealer_provider.status | string | found or not_found. |
| results.stealer_provider.items | array<object> | Victim summaries (capped at the key's result limit, max 20). |
| results.stealer_provider.items[].log_id | string | Stable identifier for the compromised device. Use with /stealer-provider/victims/{log_id}, /files/{file_id}, and /archive. |
| results.stealer_provider.items[].device_users | array<string> | OS-level usernames on the infected device (normalized from upstream device_user_str). |
| results.stealer_provider.items[].hwids | array<string> | Hardware identifiers (normalized from hwids_str). |
| results.stealer_provider.items[].device_ips | array<string> | IP addresses observed on the device. |
| results.stealer_provider.items[].device_emails | array<string> | Emails from the log (normalized from device_emails_str). |
| results.stealer_provider.items[].discord_ids | array<string> | Discord snowflakes recovered from the device (will include the queried ID). |
| results.stealer_provider.items[].total_docs | number | Number of files inside the victim archive. |
| results.stealer_provider.items[].pwned_at | string | ISO timestamp of when the device was compromised. |
| results.stealer_provider.items[].indexed_at | string | ISO timestamp of when the log was indexed. |
| results.linked_discord | object | Optional: full /discord payload for one related ID from victim discord_ids (excluding the queried ID). |
| results.linked_discords | array<object> | Optional: up to two related Discord lookups when multiple IDs are present on the same stealer hit. |
/roblox
Resolves Roblox users via the live Roblox API and returns profile data plus social footprint signals, including Discord identifiers when they can be tied to the same person. When linked_discord is present it mirrors the GET /discord payload (Medal, guns.lol, FiveM, leaks, etc.). We are the only OSINT suite that maps Roblox to Discord—linking a Roblox user to Discord IDs from our own datasets and enrichment pipeline, not generic public username search.
Supported Parameters
/fivem
Searches FiveM & Steam server dumps for player identifiers.
This
endpoint requires specific prefixes to function correctly.
Supported Query Formats
Possible Response Fields
| Field | Type | Description |
|---|---|---|
| metadata | object | Plan, endpoint and query metadata. |
| status | string | found, not_found or error. |
| searched_identities | array | Input and linked identities searched. |
| results.found | boolean | True when FiveM server matches were found. |
| results.servers_found | number | Number of unique FiveM servers returned. |
| results.details[] | array | FiveM server match objects. |
| results.details[].server_name | string | Source leak basename (no extension). |
| results.details[].player_name | string|null | Parsed or CSV player display name. |
| results.details[].identifiers[] | array | Structured identifiers; extra parsed fields use type detail. |
| results.details[].identifiers[].type | string | discord, license, license2, live, steam, ip, detail or Identifier. |
| results.details[].identifiers[].value | string | Identifier value without the prefix; for type detail the parsed field value only. |
| results.details[].identifiers[].url | string | Steam profile URL when the identifier type is steam. |
| results.medal_profiles[].medal_id | string | Linked Medal profile ID. |
| results.medal_profiles[].username | string | Medal username. |
| results.medal_profiles[].display_name | string | Medal display name. |
| results.medal_profiles[].slogan | string | Medal profile slogan. |
| results.medal_profiles[].social_footprint[] | array | Connected accounts from Medal. |
| results.medal_profiles[].social_footprint[].service | string | Connected service name. |
| results.medal_profiles[].social_footprint[].identifier | string | Connected account username/display value. |
| results.medal_profiles[].social_footprint[].full_id | string | Connected account ID. |
/minecraft
Resolves Username to UUID and searches local server logs for player history.
Supported Parameters
Send one of username, uid, or ip per call; if more than one is present, username is used first, then uid, then ip.