Embed Breach Intelligence in Your Security Product
REST API and SDKs ready for production from day one — public pricing, one signed partner agreement.
Need a hand integrating?
import requests
response = requests.get(
"https://plus-api.xposedornot.com"
"/v3/check-email/[email protected]",
headers={"x-api-key": "YOUR_API_KEY"},
params={"detailed": "true"},
)
for breach in response.json()["breaches"]:
print(f"{breach['breach_id']}: "
f"{breach['xposed_records']:,} records")Average cost of a data breach in 2025
Source: IBM/Ponemon Cost of a Data Breach Report, 2025
Your Customers Want Breach Exposure In Their Dashboard
- Customers expect breach exposure alongside other risk signals in your dashboard
- Sourcing breach data is legally complex
- Maintaining a live 11.5B+ record index is a full-time engineering project
The Feature You Shouldn't Build
- Build in-house: 3-6 months and a dedicated team
- License from legacy vendors: $5K+/mo with annual lock-ins
- Either way, customers keep asking why it isn't already there
- Single API endpoint, 11.5B+ records indexed
- Sub-15-minute breach ingestion
- Plug it into your platform and surface the breach signals your customers expect to see
Built for Security Platforms & Product Teams
Production-ready breach intelligence, designed for embedding
Built for Multi-Tenant Scale
Manage hundreds of customer domains with tenant-level isolation. Each tenant gets independent alerting rules, watchlists, and reporting.
API-First With Full Specs
REST API with <100ms response, webhook delivery, and 99.99% uptime SLA. Official SDKs in 8 languages.
Live in Under 1 Hour
Skip the 2-year build. No infrastructure investment needed. Start delivering breach monitoring to clients today.
STIX 2.1 + JSON Feeds
Choose your delivery format. JSON for SIEM and data-lake ingestion, STIX 2.1 for direct TIP integration. Both fully documented.
Zero Query Persistence
Email and domain lookups are processed in memory. We never log or store the queries your platform sends our way.
Predictable Monthly Billing
Flat monthly rates with no per-request overages. Cancel anytime, no annual contracts, no surprise bills at month-end.
How Platforms Use xonThreatIntel+
Three ways security platforms surface breach intel to their customers
Embed in customer dashboards
Show clients which of their domains and accounts appear in breaches, alongside the other risk signals you already surface. Your UI, your branding, your context.
Enrich your scheduled reports
Add breach context to the recurring customer reports you already generate. No new pipeline to maintain, no breach index to keep fresh.
Inform analyst workflows
Give SOC analysts the full breach history for any domain or email. They decide remediation based on the client's incident-response runbook, not ours.
See the Data You're Working With
JSON for SIEMs, STIX for TIPs. Both formats fully documented.
Breach Intelligence JSON Feed
{
"alert_id": "TI-2025-0472",
"detected_at": "2025-04-02T14:23:47Z",
"severity": "high",
"source": {
"name": "DarkMarket Forum",
"category": "underground_forum"
},
"affected_assets": [
{
"type": "domain",
"value": "example.com",
"confidence": 0.92
}
],
"data_types_leaked": ["emails", "password_hashes"],
"threat_actor": {
"name": "RedSkull"
}
}Real-time JSON feeds for SIEM or data lake ingestion
Machine-Readable
Structured data formats for automated processing and integration
Standards-Compliant
STIX/TAXII compatible intelligence for direct TIP integration
Ship Breach Detection in Hours, Not Months
Sign the partner agreement and DPA once, then onboarding is self-serve: API credentials, production SDKs, and full docs — live the same day.
For Platform Teams
Embed breach data into your product via API
Test Your Integration
Make live API calls from your dev environment. Same endpoints and response shape your customers will see.
30 minutes
Integrate & Ship
Add to your product with Python/Node.js SDKs. Solutions engineer available.
Typically 2–4 hours
What We Commit To
Coverage and SLAs you can build on
Independently monitored, measured monthly. Credit-backed on Ultimate and enterprise plans.
From first detection to partner notification via API or webhook.
Continuously growing. New sources added weekly from dark web, paste sites, and forums.
Continuously growing index across dark web marketplaces, paste sites, Telegram channels, and underground forums.
Feeds available in JSON, CSV, and STIX 2.1 for direct TIP integration.
Uptime is independently monitored — see the live status page · full SLA terms
Built for Production
Rate limits, webhooks, audit logs, and the headers your team will ask for
Rate Limits & Headers
Standard 429 responses include retry-after headers. Per-key request analytics in the partner console so you can right-size your usage.
Key Scoping
Restrict API keys to specific IP ranges or environments. Rotate, scope, or revoke keys from your partner console without ticketing.
Webhook Delivery
Real-time breach alerts pushed to your endpoint as JSON. Available on Growth and Ultimate plans, configurable per client.
Structured Errors
Consistent JSON error schema with status and message fields, mapped to standard HTTP codes. Predictable handling across every endpoint.
Per-Key Audit Logs
Every API request is logged with timestamp, key, and response status. Rotate, scope, or revoke keys without ticketing.
Full API Reference
Endpoint-by-endpoint docs with request and response examples at console.xposedornot.com/docs/api.
Side by Side With Legacy Vendors
Where xonThreatIntel+ wins and where legacy slows you down
Enterprise-grade breach data at a fraction of legacy threat-intel pricing, starting at $99/mo. One 30-minute call to sign the partner agreement and DPA — most partners onboard the same day.
What customers are saying
Verified reviews from G2
Sundar Kumar
IT and Product Head, Corent Technology
"Xposedornot is a useful tool for data breach alerting system. Every organization requires this tool to receive timely alerts of their exposed breaches. Its user-friendly design and seamless integration make it a valuable asset for proactive data security."
Miguel Mendes
IT Security Lead, Bluecom
"Indispensable to monitor the exposure of your personal data. What I like most about ExposedOrNot is its real-time dashboard alerts, as well as integration with Slack and Teams, are very practical features to be informed immediately in the event of a compromise."
Bertold Kolics
VP Engineering, Verosint
"I have been working with XposedOrNot from the early days. My experience could not have been better. The service scales well, performs well under high load and it has a large set of breach data dating back to several years."
Senthil K
Information Security Officer, Invicara
"I love how XposedOrNot makes protecting our data so simple and effective from ATO. The alerts are timely, and the CXO dashboard gives a clear picture of breach trends and risks. It's more than just a tool, it's like having a personal assistant for your security."
What You Get on Day 1
Same kit on every plan
Production API key
Live access to v3 endpoints with per-key analytics and audit logs.
Partner console
Web dashboard for key management, usage analytics, and rate-limit headroom.
SDKs & docs
Official SDKs in 8 languages on the major package registries. Full reference at console.xposedornot.com/docs/api.
Concierge onboarding
30-min call with our partner team to walk through credentials, your stack, and first integration.
Plans That Scale With Your Client Base
Start with 10 domains at $99/mo. Add more as you grow. Volume discounts at 50+
Basic
Growth
Ultimate
| Compare plans | Basic $99 /mo | MOST POPULAR Growth $243 /mo | Ultimate $447 /mo |
|---|---|---|---|
| Domains monitored | 10 | 25 | 50 |
| Data delivery | API + CSV | API + JSON + STIX | API + JSON + STIX |
| Breach alerts (<15 min) | Email + webhooks | Email + webhooks | |
| CXO dashboards | |||
| Deep dive analysis | — | ||
| Support response | Email (next business day) | Slack + email (same day) | Priority (4 business hours) |
| Custom integration support | — | — | |
| Threat intel advisory sessions | — | — | |
| 99.99% uptime SLA | Standard | Standard | Credit-backed |
All plans include: cancel anytime, monthly billing, and a 30-day money-back guarantee. Partner plans start with a signed partner agreement, terms, and DPA — book a 30-minute call to countersign; onboarding is self-serve and most partners are live the same day.
Custom enterprise agreements available. Contact us for a tailored quote
For comparison: SpyCloud's MSSP program starts at $10,000/mo. White-label and multi-tenant access are included in every xonPlus tier.
Frequently Asked Questions
Everything about integration, pricing, and going live
Reselling breach monitoring to your clients instead? See xonThreatIntel+ for MSSPs →
Ship Breach Monitoring in Hours, Not Months
Build breach detection into your product with our API. Official SDKs in 8 languages. 30-day money-back guarantee.
