Cookies - VantaPrism API

Export browser cookie rows for one or more domains. Set active_only: true to only return cookies whose expiration_utc is still in the future — useful for assessing active session-hijacking risk (a still-valid session cookie can be replayed without needing the user’s password at all).

Request

POST /v1/data/cookies · Required scope: view:cookies (pro and ultra tiers)

Parameter	Type	Required	Default	Description
`domains`	string[]	Yes	—	Registrable domains to filter by, min 1 item, e.g. `["acme-corp.com"]`
`active_only`	boolean	No	`false`	When `true`, only return cookies whose `expiration_utc` is in the future
`start_date`	string (date-time) \| null	No	—	Inclusive start filter, clamped by `query_window_days`
`end_date`	string (date-time) \| null	No	—	Inclusive end filter
`sort_direction`	`asc` \| `desc`	No	`desc`	Must stay constant across pages
`cursor`	string \| null	No	—	Pagination token
`limit`	integer	No	`25`	1–500, clamped to your tier’s `max_rows`

Example request

curl -X POST https://api.vantaprism.me/v1/data/cookies \
  -H "api-key: $VANTAPRISM_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "domains": ["acme-corp.com"], "active_only": true, "limit": 25 }'

Response

200 OK — array of CookieRecord, cursor-paginated.

{
  "data": [
    {
      "victim_id": "a3f1c9e8b2d4567890abcdef1234567890abcdef1234567890abcdef123456",
      "domain": "acme-corp.com",
      "name": "session_token",
      "value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
      "path": "/",
      "secure": true,
      "http_only": true,
      "expiration": 1780512151,
      "expiration_utc": "2026-06-02T14:22:31Z",
      "browser": "Chrome",
      "profile": "Default",
      "inserted_at": "2026-05-02T14:22:31Z"
    }
  ],
  "nextCursor": null,
  "meta": {
    "request_id": "req_01HZXK3Q7N8YV6F3M2P9JABCDE",
    "took_ms": 41.2,
    "tier": "pro",
    "masked_fields": []
  }
}

Field	Description
`victim_id`	SHA-256 victim ID — use with Victim Profiles
`domain`	Domain the cookie was set for
`name`	Cookie name
`value`	Cookie value. Returned as `"[REDACTED]"` on free tier
`path`	Cookie path
`secure`	`Secure` flag
`http_only`	`HttpOnly` flag
`expiration`	Expiration as a Unix timestamp, may be `null`
`expiration_utc`	Expiration as an ISO 8601 timestamp, may be `null`
`browser`	Browser the cookie was harvested from
`profile`	Browser profile name
`inserted_at`	When the record was ingested

Pagination

Cursor-paginated — see Pagination.

Errors

Status	`code`	Cause
400	`VALIDATION_ERROR`	`domains` is empty
400	`INVALID_CURSOR`	Tampered or stale `cursor`
403	`FORBIDDEN_SCOPE`	Key lacks `view:cookies` (free tier)

See Errors for the full catalog.

Tier notes

This endpoint requires view:cookies, which is not included on the free tier — a free-tier key receives 403 FORBIDDEN_SCOPE. On pro and ultra tiers, value is returned raw; on free tier it would be returned as "[REDACTED]" (see Data Masking). Returning a raw cookie value is logged to the api_raw_access audit table.

​Request

​Example request

​Response

​Pagination

​Errors

​Tier notes