API Reference
Search data with built-in piracy labeling, structured piracy intelligence, and integrations that put creator protection inside your product — from a copy-paste widget to a full platform partnership.
How access works
Everything except the Leak Check widget is scoped per partner — no open keys
The Leak Check widget is live and free for everyone — copy the snippet and go. Everything else — the APIs and the Self Submissions Widget — is available on request: we scope access to your use case instead of handing out open keys. Getting set up is fast:
Creators love our products. Boost your brand.
Platforms like YourVids, LoyalFans, and Aylo put BranditScan protection in front of their creators. Give yours the tools they already ask for:
And you get paid: earn commission on every subscription your integration produces.
Google Search API
Live SERP data — web, images & videos, piracy-labeled
Live Google SERP data from the same engine that powers our scanners — web, image, and video sections with position data. Every result is checked against the BranditScan Entry database of 5,000,000+ pirate sites, so piracy labeling comes built in.
/v1/search/googleWeb results — the "All" section/v1/search/google/imagesImage results, with thumbnail + source page/v1/search/google/videosVideo results, with duration + platform| Parameter | Description |
|---|---|
q | Required. The search query. |
num | Results per page, 10–100. Default 20. |
page | Result page. Default 1. |
hl | Interface language, e.g. en. |
gl | Country to search from, e.g. us. |
Sample request
curl "$BASE_URL/v1/search/google?q=jane+doe+leaks&num=50&hl=en&gl=us" \ -H "Authorization: Bearer $API_KEY"
{
"query": "jane doe leaks",
"engine": "google",
"section": "web",
"total_results": 1840000,
"results": [
{
"position": 1,
"title": "Jane Doe Leaked Videos — Watch Free",
"link": "https://superpirate.xyz/jane-doe",
"domain": "superpirate.xyz",
"snippet": "Watch Jane Doe leaked videos free in HD...",
"piracy": {
"is_pirate": true,
"category": "video cloud",
"tracked_leaks": 128411
}
},
{
"position": 2,
"title": "Jane Doe (@janedoe) — Official",
"link": "https://onlyfans.com/janedoe",
"domain": "onlyfans.com",
"snippet": "Official page of Jane Doe.",
"piracy": { "is_pirate": false }
}
]
}
Bing Search API
Identical contract — swap the engine segment
The same contract as the Google Search API, running against Bing — web, image, and video sections with identical parameters (q, num, page, hl, gl) and the same per-result piracy labeling. Swap the engine segment and keep your integration code.
/v1/search/bingWeb results — the "All" section/v1/search/bing/imagesImage results/v1/search/bing/videosVideo resultscurl "$BASE_URL/v1/search/bing?q=jane+doe+leaks&num=50" \ -H "Authorization: Bearer $API_KEY"
Yandex Search API
Identical contract — Eastern Europe & CIS coverage
Yandex coverage matters when your audience — or the piracy targeting it — lives in Eastern Europe and CIS markets. Same request contract and response shape as Google and Bing: web, image, and video sections, position data, and per-result piracy labeling against our Entry database.
/v1/search/yandexWeb results — the "All" section/v1/search/yandex/imagesImage results/v1/search/yandex/videosVideo resultscurl "$BASE_URL/v1/search/yandex?q=jane+doe+leaks&num=50" \ -H "Authorization: Bearer $API_KEY"
Piracy Data API
The dataset behind the Brandit Atlas — 5,000,000+ pirate sites
Structured piracy intelligence from the largest takedown operation in the creator space — the dataset behind the Brandit Atlas. Domain reputation, threat ratings, tracked-leak volumes, category data, and takedown capability per site. Classify any domain or URL in one call.
/v1/piracy/domains/{domain}Full intelligence profile for a domain/v1/piracy/check?url={url}Classify a full URL — is this a pirate page?Sample request
curl "$BASE_URL/v1/piracy/domains/fapello.com" \ -H "Authorization: Bearer $API_KEY"
{
"domain": "fapello.com",
"is_pirate": true,
"category": "image host",
"threat": { "level": 4, "label": "Critical" },
"tracked_leaks": 1284110,
"reported_infringements": 96731,
"capabilities": {
"source_removal": true,
"google_delisting": true
},
"description": "High-volume aggregator redistributing paywalled creator content..."
}
Leak Check Widget — iframe embed
No key, no signup, no approval — copy the snippet and ship it
The only thing on this page you don't need to email us for. A live piracy scanner your visitors use right on your page: they type a stage name, we run a real-time Google scan and check every result against our database of 5,000,000+ pirate sites. Free to embed anywhere HTML works.
<!-- BranditScan Leak Check widget -->
<iframe src="https://branditscan.com/embed/leak-check" title="Free Leak Check by BranditScan" style="display:block;width:100%;max-width:960px;margin:0 auto;height:620px;border:0;border-radius:24px;background:url(https://branditscan.com/front/lp/assets/images/leak-widget-spinner.svg) no-repeat center 140px;" scrolling="no" loading="lazy"></iframe>
<script>
window.addEventListener("message", function (e) {
if (e.origin !== "https://branditscan.com" || !e.data || e.data.type !== "bs-leak-check:height") return;
document.querySelectorAll("iframe[src^='https://branditscan.com/embed/leak-check']").forEach(function (f) {
if (f.contentWindow === e.source) f.style.height = Math.ceil(e.data.height) + "px";
});
});
</script>
| Parameter | What it does |
|---|---|
aff | Your BranditScan affiliate slug. Signups from the widget are credited to you — see the earnings note below. |
stagename | Prefills the search and runs it immediately on load, e.g. ?stagename=janedoe. Results are cached, so repeat loads are instant. |
rail | Pins the side visual: odometer (money counter), sweep (before/after), cases (sliding case studies) or loss (average piracy loss). Omit for random rotation per load. |
border | border=0 turns the animated rainbow shell border off (on by default). |
blur | blur=0 renders result images unblurred by default (they're NSFW-blurred with click-to-reveal out of the box). |
postMessage API
The widget talks to your page over postMessage, so you can auto-size the iframe and drive scans from your own UI:
// OUT — sent by the widget on every layout change (auto-height):
// { "type": "bs-leak-check:height", "height": 1240 }
// IN — prefill + run a scan from your own page:
var frame = document.querySelector("iframe[src*='/embed/leak-check']");
frame.contentWindow.postMessage(
{ type: "bs-leak-check:scan", stagename: "jane doe" },
"https://branditscan.com"
);
Live demo — embedded on your site
This is the real widget, live on this page — type a stage name, or hit Run sample scan to see it work end-to-end (uses the widget's postMessage API).
Self Submissions Widget
Unlimited takedowns — embedded in your product
Own a platform? Give your entire user base unlimited self-submitted takedowns — free, globally, as your feature. Your users paste leak links right inside your product, we take them down, and every link's state updates as it moves through removal. The single most requested tool in the creator industry, shipped plug-and-play.
Ship it as simple or as advanced as you want: drop the ready-made widget in with one snippet (like the Leak Check widget above), or go fully custom — the surface is white-label-friendly and we match your UI/UX and design language so it feels native to your product. Either way there's no per-submission cost to you or your users, and under the hood every submission runs through the same pipeline our own creators use: validation, per-site grouping, DMCA notices, escalations, and Google delisting.
How it works
Live integration — Takedown Labs on YourVids
A real partner build on this surface, fully customized to YourVids' own design — creators submit stolen-content links, takedowns run, and every request tracks its removals live:
Embed
Illustrative — your embed URL and the final state contract ship with your platform credentials:
<!-- BranditScan Self Submissions widget — embed URL issued per platform -->
<iframe src="https://branditscan.com/embed/self-submission?platform=YOUR_PLATFORM_KEY"
title="Submit takedowns — BranditScan"
style="display:block;width:100%;max-width:960px;margin:0 auto;height:720px;border:0;border-radius:24px;"
scrolling="no" loading="lazy"></iframe>
{
"url": "https://fapello.com/jane-doe/",
"website": "fapello.com",
"state": "Source Removed", // Submitted → In Progress → Source Removed / Delisted
"updated_at": "2026-07-18T09:12:44+00:00"
}
Pairs naturally with the Platform API (accounts, scans, results in your UI) and SSO — but it also works standalone: the widget alone is enough to put takedowns in your product.
SSO API
Sign your users into BranditScan in one tap
Use case: your users tap "Open BranditScan" inside your app, site, or Telegram bot — and land in their BranditScan dashboard already signed in. No passwords, no onboarding friction, no support tickets.
SSO is part of the Platform API: you mint a one-time, short-lived token for a user your platform created, then send the user to the returned URL. The consume page is crawler-proof — link previews and bots that prefetch URLs can't burn the token.
/api/platform/sso/tokenMint a one-time SSO token for one of your users/sso/platform/{token}Browser URL — signs the user in and opens their dashboardSample request
curl -X POST https://branditscan.com/api/platform/sso/token \
-H "Authorization: Bearer bsp_12_XXXXXXXXXXXXXXXXXXXX" \
-H "X-Platform-Timestamp: 1767225600" \
-H "X-Platform-Signature: 3f2a9c1e8b..." \
-H "Content-Type: application/json" \
-d '{"reference": "tg_482913"}'
{
"redirect_url": "https://branditscan.com/sso/platform/hnJdQ3...64-char-token...kQ",
"expires_at": "2026-07-14T18:08:21+00:00",
"expires_in": 300
}
- One-time use, 5-minute TTL — mint a fresh token for every tap; never cache or reuse URLs.
- Tenancy-scoped — a platform can only mint SSO for users it created. Admin and staff accounts can never be signed in via SSO.
- Signed requests — same authentication scheme as the rest of the Platform API.
Network Manager API
Roster-wide protection reports for agencies & studios
Use case: you run an agency or studio with a roster of creators on BranditScan — and you want their protection numbers inside your own dashboards, reporting, and client decks instead of logging in per account.
Roster-wide reporting over every creator your network manager account oversees: links found, takedowns filed, removals, and per-domain breakdowns — filterable by membership tier, domain, and date range.
/api/v2/manager/users/reportProtection report for every managed creator/api/v2/manager/users/cachePre-warm report caches for your roster/api/manager/takedownFile takedowns on behalf of a managed creator| Parameter | Description |
|---|---|
membership | Filter the roster: premium, basic, or unverified. Default premium. |
domain | Scope the report to one pirate domain, e.g. fapello.com. |
from_date / to_date | Report window, Y-m-d. Both required when either is set. |
Sample request
curl -X POST https://branditscan.com/api/v2/manager/users/report \
-H "Authorization: Bearer $MANAGER_TOKEN" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d '{"membership": "premium", "from_date": "2026-06-01", "to_date": "2026-06-30"}'
Platform API — scans & results
Launch scans for your users, serve their piracy results in your product
Own a platform? Put real leak scans and live piracy results inside your product — your platform creates BranditScan accounts for its users, launches scans on demand, and renders the findings natively in your own UI. Your users see their leaks where they already are: on your platform. And you earn a commission on every subscription it produces.
The Platform API is a multi-tenant partner surface: create BranditScan accounts for your users, launch scans, poll completion, pull infringements and per-site rollups into your own UI, and sign users straight into their dashboard via SSO. Everything is tenancy-scoped — your platform only ever sees the users it created. Looking for unlimited self-submitted takedowns instead? That's the Self Submissions Widget.
Endpoints
/api/platform/usersCreate a BranditScan user (1–3 stagenames)/api/platform/users/syncBulk membership status for up to 200 of your users/api/platform/users/lookupMass existence check by email or stagename/api/platform/scansLaunch a scan for one of your users/api/platform/scans/{id}Poll scan progress + summary/api/platform/users/{ref}/infringementsPaginated infringing links/api/platform/users/{ref}/branditsPer-domain rollup with piracy intel/api/platform/traffic-checkRun a leak check for any stagenameAuthentication
Every request carries three headers: your bearer key, a unix timestamp (±300s of server time), and an HMAC-SHA256 signature of "{timestamp}.{rawBody}" keyed by your signing secret. An IP allowlist and per-platform rate limits apply on top.
const crypto = require("crypto");
const timestamp = Math.floor(Date.now() / 1000).toString();
const body = JSON.stringify(payload); // exact raw body you will send
const signature = crypto
.createHmac("sha256", process.env.BS_SIGNING_SECRET)
.update(timestamp + "." + body)
.digest("hex");
// Headers:
// Authorization: Bearer bsp_12_XXXXXXXXXXXXXXXXXXXX
// X-Platform-Timestamp: timestamp
// X-Platform-Signature: signature
1 — Create a user
curl -X POST https://branditscan.com/api/platform/users \
-H "Authorization: Bearer bsp_12_XXXXXXXXXXXXXXXXXXXX" \
-H "X-Platform-Timestamp: 1767225600" \
-H "X-Platform-Signature: 3f2a9c1e8b..." \
-H "Content-Type: application/json" \
-d '{"email": "creator@example.com", "stagenames": ["jane doe"], "external_id": "tg_482913"}'
{
"user": {
"bs_user_id": 38412,
"external_id": "tg_482913",
"email": "creator@example.com",
"is_premium": false,
"membership": 0
}
}
- Existing emails are rejected (409) — a platform can never claim an account it didn't create.
- Idempotent — re-sending the same external_id returns the existing user instead of erroring.
2 — Launch a scan, poll until complete
curl -X POST https://branditscan.com/api/platform/scans \
-H "Authorization: Bearer bsp_12_XXXXXXXXXXXXXXXXXXXX" \
-H "X-Platform-Timestamp: 1767225600" \
-H "X-Platform-Signature: 9d41be07ac..." \
-H "Content-Type: application/json" \
-d '{"reference": "tg_482913"}'
{
"scan": {
"id": 512,
"reference": "tg_482913",
"bs_user_id": 38412,
"queue": "first-search",
"progress": 100,
"completed": true,
"created_at": "2026-07-14T18:03:21+00:00",
"completed_at": "2026-07-14T19:41:05+00:00",
"summary": {
"total_links": 1204,
"total_views": 8125940,
"total_loss": 24377,
"total_domains": 87,
"top_websites": [
{ "domain": "fapello.com", "links_count": 214 },
{ "domain": "leakedzone.com", "links_count": 168 }
]
}
}
}
3 — Pull the findings into your UI
{
"data": [
{
"id": 981220431,
"url": "https://fapello.com/jane-doe/",
"title": "Jane Doe Nude Leaks",
"website": "fapello.com",
"views": 48210,
"states": ["Active"],
"in_dmca": true,
"found_at": "2026-07-14T19:22:41+00:00"
}
],
"pagination": { "page": 1, "per_page": 25, "total": 1204, "last_page": 49 }
}
Finish the loop with SSO: one tap in your product and the creator is inside their BranditScan dashboard, where takedowns run 24/7.
Book an intro call
30 minutes — scope your integration live with the founding team
Faster than email ping-pong: grab a slot, tell us what you're building, and we'll map the right APIs, quotas, and commercials with you on the call — credentials usually follow within a working day.