Alerts & Changes Search API
The OEM Alerts Search API allows partners to retrieve platform alerts and change events for a specific host or domain. Results are sorted by most recent first.
warning
OEM API requires special partner access. Contact FullHunt sales to enable OEM capabilities on your account.
Search Alerts
Search for platform-generated alerts and change events for a host or domain.
HTTP Request
POST https://fullhunt.io/api/v1/oem/alerts/search
Request Body Parameters
| Parameter | Required | Type | Description |
|---|---|---|---|
| type | Yes | string | Type of query. Supported values: host, domain |
| query | Yes | string | The host, IP address, or domain to search for |
| query_tags | No | object | Key-value pairs for client-specific tracking |
Example Request — By Domain
curl -X POST "https://fullhunt.io/api/v1/oem/alerts/search" \
-H "X-API-KEY: xxxx-xxxx-xxxx-xxxxxx" \
-H "Content-Type: application/json" \
-d '{
"type": "domain",
"query": "acme.com",
"query_tags": {
"client_name": "ACMECorp",
"workspace": "production"
}
}'
Example Request — By Host
curl -X POST "https://fullhunt.io/api/v1/oem/alerts/search" \
-H "X-API-KEY: xxxx-xxxx-xxxx-xxxxxx" \
-H "Content-Type: application/json" \
-d '{
"type": "host",
"query": "api.acme.com"
}'
Example Response
{
"query": {
"type": "domain",
"value": "acme.com"
},
"total_results": 1,
"results": [
{
"host": "mail.acme.com",
"domain": "acme.com",
"tld": "com",
"subdomain": "mail",
"host_type": "dns",
"ip_address": "203.0.113.42",
"category": "dns_cname",
"change": "new",
"value": "mail-acme.s3.amazonaws.com.",
"old_value": "",
"timestamp": "2026-04-28 23:10:54"
}
]
}
Response Fields
| Field | Type | Description |
|---|---|---|
query | object | The query parameters used |
query.type | string | Query type (host or domain) |
query.value | string | The queried value |
total_results | integer | Number of alerts returned |
results | array | Array of alert objects |
results[].host | string | The affected host |
results[].domain | string | Parent domain of the host |
results[].tld | string | Top-level domain |
results[].subdomain | string | Subdomain label |
results[].host_type | string | Host type (e.g., dns, ip) |
results[].ip_address | string | IP address of the host |
results[].category | string | Alert category (e.g., dns_cname, port_open, http_title) |
results[].change | string | Type of change detected (e.g., new, removed, updated) |
results[].value | string | New value detected |
results[].old_value | string | Previous value (empty for new detections) |
results[].timestamp | string | When the alert was generated |
Use Cases
- Continuous Monitoring: Track changes in client attack surface over time
- Certificate Management: Get ahead of certificate expiry events
- Incident Response: Identify newly exposed services or infrastructure changes
- Change Notifications: Integrate alerts into SIEM or ticketing workflows
Query Tags for Tracking
Use query_tags to track per-client usage in audit logs:
{
"query_tags": {
"client_id": "client_123",
"client_name": "ACME Corporation",
"workspace": "production"
}
}
Error Handling
| Status Code | Description |
|---|---|
| 200 | Success |
| 400 | Bad Request — missing or invalid parameters |
| 401 | Unauthorized — invalid API key |
| 403 | Forbidden — OEM access not enabled or credits exhausted |
| 429 | Rate limit exceeded (60 requests/minute) |
| 500 | Internal server error |