Get account info v2

Access the attack status and risk score of an account on your application.

This updated version includes detailed information in the response. We recommend transitioning to this version from the v1.

Path parameters

account_idstringRequired

ID for an account

Query parameters

days_rangeintegerOptionalDefaults to 30

Customizes the aggregative data calculation. When provided, the following behavior applies:

The aggregative_data fields will be calculated based on values observed within the specified time period.
The time period is defined as the last days_range days from the current date.
Only data points that fall within this window will be included in the calculations.

Customizes the aggregative data calculation. When provided, the following behavior applies: - The `aggregative_data` fields will be calculated based on values observed within the specified time period. - The time period is defined as the last `days_range` days from the current date. - Only data points that fall within this window will be included in the calculations.

Response

Success

account_idstring or null

The ID for the account.

existsboolean or null

Whether the specified account exists.

is_under_attackboolean or null

The status for the attack corresponding to the statuses displayed in the Account Defender portal. Only present if exists returns true.

true corresponds to Pending attacks. false corresponds to:

Resolved or Archived attacks
The account does not exist
The account exists, but is not under attack

The status for the attack corresponding to the statuses displayed in the Account Defender portal. Only present if `exists` returns `true`. `true` corresponds to **Pending** attacks. `false` corresponds to: - **Resolved** or **Archived** attacks - The account does not exist - The account exists, but is not under attack

first_seenstring or nullformat: "YYYY-MM-DDTHH:mm:ss.sssZ"

The first time Account Defender encountered this account. Only present if exists returns true.

last_seenstring or nullformat: "YYYY-MM-DDTHH:mm:ss.sssZ"

The last time Account Defender encountered this account. Only present if exists returns true.

emailstring or null

The account’s email address. Only present if exists returns true.

registration_datestring or nullformat: "YYYY-MM-DDTHH:mm:ss.sssZ"

The date the account was created. Only present if exists returns true.

active_incidentslist of objects or null

An array of pending incidents on the account. Only present if is_under_attack returns true.

aggregative_dataobject or null

Statistical information about the account based on the supplied days_range. Only present if calculated information is available for the given days_range.

1	import requests
2
3	url = "https://console.humansecurity.com/api/v2/account_defender/account/123456789"
4
5	headers = {"Authorization": "Bearer <token>"}
6
7	response = requests.get(url, headers=headers)
8
9	print(response.json())

1	{
2	"account_id": "123456789",
3	"exists": true,
4	"is_under_attack": true,
5	"first_seen": "2023-10-06T19:52:12.132Z",
6	"last_seen": "2025-01-21T13:00:41.008Z",
7	"email": "email@email.com",
8	"registration_date": "2021-01-06T19:25:28Z",
9	"active_incidents": [
10	{
11	"attack_type": "account_takeover",
12	"event_type": "single",
13	"risk_score": 0.707,
14	"is_manually_created": false,
15	"incident_creation": "2025-01-20T14:19:49.028Z",
16	"additional": {
17	"account_age": 35394,
18	"asn": "Mobile Telecommunications Company",
19	"city": "City",
20	"country": "KCountryW",
21	"device_fingerprint": "16427277324375911310",
22	"email": "email@email.com",
23	"ip": "1.1.1.1",
24	"path": "/inbox/conversations/messages",
25	"user_agent": "Mozilla/5.0",
26	"vid": "111"
27	}
28	}
29	],
30	"aggregative_data": {
31	"trigger_categories": [
32	"network",
33	"behavior"
34	],
35	"sensitive_transactions": [
36	"send_message",
37	"send_attachment"
38	]
39	}
40	}

Path parameters

Headers

Query parameters

Response

Errors