BRANDITSCAN V2 IS HERE FASTER SCANS SMARTER TAKEDOWNS NOW INCLUDES URLINKS PRO ALL-NEW PLATFORM BRANDITSCAN V2 IS HERE FASTER SCANS SMARTER TAKEDOWNS NOW INCLUDES URLINKS PRO ALL-NEW PLATFORM BRANDITSCAN V2 IS HERE FASTER SCANS SMARTER TAKEDOWNS NOW INCLUDES URLINKS PRO ALL-NEW PLATFORM

API Reference

Search data with built-in piracy labeling, structured piracy intelligence, and integrations that put creator protection inside your product — from a copy-paste widget to a full platform partnership.

How access works

Everything except the Leak Check widget is scoped per partner — no open keys

The Leak Check widget is live and free for everyone — copy the snippet and go. Everything else — the APIs and the Self Submissions Widget — is available on request: we scope access to your use case instead of handing out open keys. Getting set up is fast:

1
Email your use case What you're building, which APIs you need, and the volume you expect.
2
We scope it with you Endpoints, limits, and pricing where relevant — shaped around your integration.
3
Credentials issued API key, signing secret, and base URL — typically within 1 working day.
help@branditscan.com Or book a 30-min intro call

Creators love our products. Boost your brand.

Platforms like YourVids, LoyalFans, and Aylo put BranditScan protection in front of their creators. Give yours the tools they already ask for:

Free unlimited self submissions for your users Full scan results & brand insights Traffic optimizations

And you get paid: earn commission on every subscription your integration produces.

Data APIs

Google Search API

Live SERP data — web, images & videos, piracy-labeled

On request

Live Google SERP data from the same engine that powers our scanners — web, image, and video sections with position data. Every result is checked against the BranditScan Entry database of 5,000,000+ pirate sites, so piracy labeling comes built in.

GET/v1/search/googleWeb results — the "All" section
GET/v1/search/google/imagesImage results, with thumbnail + source page
GET/v1/search/google/videosVideo results, with duration + platform
ParameterDescription
qRequired. The search query.
numResults per page, 10–100. Default 20.
pageResult page. Default 1.
hlInterface language, e.g. en.
glCountry to search from, e.g. us.

Sample request

cURL
curl "$BASE_URL/v1/search/google?q=jane+doe+leaks&num=50&hl=en&gl=us" \
  -H "Authorization: Bearer $API_KEY"
200 — response (truncated)
{
  "query": "jane doe leaks",
  "engine": "google",
  "section": "web",
  "total_results": 1840000,
  "results": [
    {
      "position": 1,
      "title": "Jane Doe Leaked Videos — Watch Free",
      "link": "https://superpirate.xyz/jane-doe",
      "domain": "superpirate.xyz",
      "snippet": "Watch Jane Doe leaked videos free in HD...",
      "piracy": {
        "is_pirate": true,
        "category": "video cloud",
        "tracked_leaks": 128411
      }
    },
    {
      "position": 2,
      "title": "Jane Doe (@janedoe) — Official",
      "link": "https://onlyfans.com/janedoe",
      "domain": "onlyfans.com",
      "snippet": "Official page of Jane Doe.",
      "piracy": { "is_pirate": false }
    }
  ]
}
Available upon request only. The base URL and credentials are issued after approval — tell us what you're building and the monthly volume you expect.
Request Google Search API access

Bing Search API

Identical contract — swap the engine segment

On request

The same contract as the Google Search API, running against Bing — web, image, and video sections with identical parameters (q, num, page, hl, gl) and the same per-result piracy labeling. Swap the engine segment and keep your integration code.

GET/v1/search/bingWeb results — the "All" section
GET/v1/search/bing/imagesImage results
GET/v1/search/bing/videosVideo results
cURL
curl "$BASE_URL/v1/search/bing?q=jane+doe+leaks&num=50" \
  -H "Authorization: Bearer $API_KEY"
Available upon request only — reach out with your use case and expected volume.
Request Bing Search API access

Yandex Search API

Identical contract — Eastern Europe & CIS coverage

On request

Yandex coverage matters when your audience — or the piracy targeting it — lives in Eastern Europe and CIS markets. Same request contract and response shape as Google and Bing: web, image, and video sections, position data, and per-result piracy labeling against our Entry database.

GET/v1/search/yandexWeb results — the "All" section
GET/v1/search/yandex/imagesImage results
GET/v1/search/yandex/videosVideo results
cURL
curl "$BASE_URL/v1/search/yandex?q=jane+doe+leaks&num=50" \
  -H "Authorization: Bearer $API_KEY"
Available upon request only — reach out with your use case and expected volume.
Request Yandex Search API access

Piracy Data API

The dataset behind the Brandit Atlas — 5,000,000+ pirate sites

On request

Structured piracy intelligence from the largest takedown operation in the creator space — the dataset behind the Brandit Atlas. Domain reputation, threat ratings, tracked-leak volumes, category data, and takedown capability per site. Classify any domain or URL in one call.

GET/v1/piracy/domains/{domain}Full intelligence profile for a domain
GET/v1/piracy/check?url={url}Classify a full URL — is this a pirate page?

Sample request

cURL
curl "$BASE_URL/v1/piracy/domains/fapello.com" \
  -H "Authorization: Bearer $API_KEY"
200 — response
{
  "domain": "fapello.com",
  "is_pirate": true,
  "category": "image host",
  "threat": { "level": 4, "label": "Critical" },
  "tracked_leaks": 1284110,
  "reported_infringements": 96731,
  "capabilities": {
    "source_removal": true,
    "google_delisting": true
  },
  "description": "High-volume aggregator redistributing paywalled creator content..."
}
Available upon request only — reach out with your use case. Bulk exports and webhook feeds are available for approved partners.
Request Piracy Data API access
Integrations

Leak Check Widget — iframe embed

No key, no signup, no approval — copy the snippet and ship it

Live — free

The only thing on this page you don't need to email us for. A live piracy scanner your visitors use right on your page: they type a stage name, we run a real-time Google scan and check every result against our database of 5,000,000+ pirate sites. Free to embed anywhere HTML works.

HTML — paste anywhere
<!-- BranditScan Leak Check widget -->
<iframe src="https://branditscan.com/embed/leak-check" title="Free Leak Check by BranditScan" style="display:block;width:100%;max-width:960px;margin:0 auto;height:620px;border:0;border-radius:24px;background:url(https://branditscan.com/front/lp/assets/images/leak-widget-spinner.svg) no-repeat center 140px;" scrolling="no" loading="lazy"></iframe>
<script>
window.addEventListener("message", function (e) {
  if (e.origin !== "https://branditscan.com" || !e.data || e.data.type !== "bs-leak-check:height") return;
  document.querySelectorAll("iframe[src^='https://branditscan.com/embed/leak-check']").forEach(function (f) {
    if (f.contentWindow === e.source) f.style.height = Math.ceil(e.data.height) + "px";
  });
});
</script>
ParameterWhat it does
affYour BranditScan affiliate slug. Signups from the widget are credited to you — see the earnings note below.
stagenamePrefills the search and runs it immediately on load, e.g. ?stagename=janedoe. Results are cached, so repeat loads are instant.
railPins the side visual: odometer (money counter), sweep (before/after), cases (sliding case studies) or loss (average piracy loss). Omit for random rotation per load.
borderborder=0 turns the animated rainbow shell border off (on by default).
blurblur=0 renders result images unblurred by default (they're NSFW-blurred with click-to-reveal out of the box).

postMessage API

The widget talks to your page over postMessage, so you can auto-size the iframe and drive scans from your own UI:

JavaScript
// OUT — sent by the widget on every layout change (auto-height):
//   { "type": "bs-leak-check:height", "height": 1240 }

// IN — prefill + run a scan from your own page:
var frame = document.querySelector("iframe[src*='/embed/leak-check']");
frame.contentWindow.postMessage(
  { type: "bs-leak-check:scan", stagename: "jane doe" },
  "https://branditscan.com"
);
Get paid for it — 10% for life. Use the widget as-is for free, or create a free BranditScan account, grab your affiliate link from the Earnings Hub and add ?aff=your-slug to the iframe URL. Every creator who signs up through your widget earns you 10% of everything they ever pay — the exact embed code with your slug baked in is waiting in your Earnings Hub. Full commission terms are on the Affiliate Program page.

Live demo — embedded on your site

Changes apply to the demo below — and the embed snippet above adjusts to your settings.

yoursite.com

This is the real widget, live on this page — type a stage name, or hit Run sample scan to see it work end-to-end (uses the widget's postMessage API).

Self Submissions Widget

Unlimited takedowns — embedded in your product

On request

Own a platform? Give your entire user base unlimited self-submitted takedowns — free, globally, as your feature. Your users paste leak links right inside your product, we take them down, and every link's state updates as it moves through removal. The single most requested tool in the creator industry, shipped plug-and-play.

Ship it as simple or as advanced as you want: drop the ready-made widget in with one snippet (like the Leak Check widget above), or go fully custom — the surface is white-label-friendly and we match your UI/UX and design language so it feels native to your product. Either way there's no per-submission cost to you or your users, and under the hood every submission runs through the same pipeline our own creators use: validation, per-site grouping, DMCA notices, escalations, and Google delisting.

How it works

1
Your user pastes leak links Right inside your product — we validate, dedupe, expand shorteners, and group them per site.
2
We take them down Source removal + Google delisting, with escalations — filed and tracked by our pipeline 24/7.
3
States update automatically Every link moves Submitted → In Progress → Removed / Delisted — your users watch it happen without leaving your platform.

Live integration — Takedown Labs on YourVids

A real partner build on this surface, fully customized to YourVids' own design — creators submit stolen-content links, takedowns run, and every request tracks its removals live:

YourVids submit takedown request form — paste infringing URLs, one per line
The submit flow — paste up to 50 infringing URLs
YourVids takedown requests list — removed and pending states per submission
Tracking — per-request status with live removed / pending counts
YourVids completed takedown request — each submitted URL marked Removed with its BranditScan DMCA reference
A completed request — every URL removed, each with its BranditScan DMCA reference

Embed

Illustrative — your embed URL and the final state contract ship with your platform credentials:

HTML
<!-- BranditScan Self Submissions widget — embed URL issued per platform -->
<iframe src="https://branditscan.com/embed/self-submission?platform=YOUR_PLATFORM_KEY"
        title="Submit takedowns — BranditScan"
        style="display:block;width:100%;max-width:960px;margin:0 auto;height:720px;border:0;border-radius:24px;"
        scrolling="no" loading="lazy"></iframe>
State updates — as links progress
{
  "url": "https://fapello.com/jane-doe/",
  "website": "fapello.com",
  "state": "Source Removed",   // Submitted → In Progress → Source Removed / Delisted
  "updated_at": "2026-07-18T09:12:44+00:00"
}

Pairs naturally with the Platform API (accounts, scans, results in your UI) and SSO — but it also works standalone: the widget alone is enough to put takedowns in your product.

Enabled per platform. From the drop-in widget to a fully custom build in your design (like Takedown Labs above) — submissions bind to real BranditScan protection under the hood, so we set up your embed, tenancy, and limits with you, typically within a few days.
Request the Self Submissions Widget

SSO API

Sign your users into BranditScan in one tap

On request

Use case: your users tap "Open BranditScan" inside your app, site, or Telegram bot — and land in their BranditScan dashboard already signed in. No passwords, no onboarding friction, no support tickets.

SSO is part of the Platform API: you mint a one-time, short-lived token for a user your platform created, then send the user to the returned URL. The consume page is crawler-proof — link previews and bots that prefetch URLs can't burn the token.

POST/api/platform/sso/tokenMint a one-time SSO token for one of your users
GET/sso/platform/{token}Browser URL — signs the user in and opens their dashboard

Sample request

cURL
curl -X POST https://branditscan.com/api/platform/sso/token \
  -H "Authorization: Bearer bsp_12_XXXXXXXXXXXXXXXXXXXX" \
  -H "X-Platform-Timestamp: 1767225600" \
  -H "X-Platform-Signature: 3f2a9c1e8b..." \
  -H "Content-Type: application/json" \
  -d '{"reference": "tg_482913"}'
201 — response
{
  "redirect_url": "https://branditscan.com/sso/platform/hnJdQ3...64-char-token...kQ",
  "expires_at": "2026-07-14T18:08:21+00:00",
  "expires_in": 300
}
  • One-time use, 5-minute TTL — mint a fresh token for every tap; never cache or reuse URLs.
  • Tenancy-scoped — a platform can only mint SSO for users it created. Admin and staff accounts can never be signed in via SSO.
  • Signed requests — same authentication scheme as the rest of the Platform API.
Integration by request. SSO is enabled per platform as part of a Platform API partnership.
Request SSO integration

Network Manager API

Roster-wide protection reports for agencies & studios

On request

Use case: you run an agency or studio with a roster of creators on BranditScan — and you want their protection numbers inside your own dashboards, reporting, and client decks instead of logging in per account.

Roster-wide reporting over every creator your network manager account oversees: links found, takedowns filed, removals, and per-domain breakdowns — filterable by membership tier, domain, and date range.

POST/api/v2/manager/users/reportProtection report for every managed creator
POST/api/v2/manager/users/cachePre-warm report caches for your roster
POST/api/manager/takedownFile takedowns on behalf of a managed creator
ParameterDescription
membershipFilter the roster: premium, basic, or unverified. Default premium.
domainScope the report to one pirate domain, e.g. fapello.com.
from_date / to_dateReport window, Y-m-d. Both required when either is set.

Sample request

cURL
curl -X POST https://branditscan.com/api/v2/manager/users/report \
  -H "Authorization: Bearer $MANAGER_TOKEN" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d '{"membership": "premium", "from_date": "2026-06-01", "to_date": "2026-06-30"}'
Access on request. API tokens are issued to network manager (agency / studio) accounts — if you manage creators on BranditScan, ask and we'll switch it on for you.
Request Manager API access

Platform API — scans & results

Launch scans for your users, serve their piracy results in your product

On request

Own a platform? Put real leak scans and live piracy results inside your product — your platform creates BranditScan accounts for its users, launches scans on demand, and renders the findings natively in your own UI. Your users see their leaks where they already are: on your platform. And you earn a commission on every subscription it produces.

The Platform API is a multi-tenant partner surface: create BranditScan accounts for your users, launch scans, poll completion, pull infringements and per-site rollups into your own UI, and sign users straight into their dashboard via SSO. Everything is tenancy-scoped — your platform only ever sees the users it created. Looking for unlimited self-submitted takedowns instead? That's the Self Submissions Widget.

Endpoints

POST/api/platform/usersCreate a BranditScan user (1–3 stagenames)
POST/api/platform/users/syncBulk membership status for up to 200 of your users
POST/api/platform/users/lookupMass existence check by email or stagename
POST/api/platform/scansLaunch a scan for one of your users
GET/api/platform/scans/{id}Poll scan progress + summary
GET/api/platform/users/{ref}/infringementsPaginated infringing links
GET/api/platform/users/{ref}/branditsPer-domain rollup with piracy intel
POST/api/platform/traffic-checkRun a leak check for any stagename
POST/api/platform/sso/tokenMint an SSO login URL — see SSO API

Authentication

Every request carries three headers: your bearer key, a unix timestamp (±300s of server time), and an HMAC-SHA256 signature of "{timestamp}.{rawBody}" keyed by your signing secret. An IP allowlist and per-platform rate limits apply on top.

Node.js — sign a request
const crypto = require("crypto");

const timestamp = Math.floor(Date.now() / 1000).toString();
const body = JSON.stringify(payload); // exact raw body you will send

const signature = crypto
  .createHmac("sha256", process.env.BS_SIGNING_SECRET)
  .update(timestamp + "." + body)
  .digest("hex");

// Headers:
//   Authorization:        Bearer bsp_12_XXXXXXXXXXXXXXXXXXXX
//   X-Platform-Timestamp: timestamp
//   X-Platform-Signature: signature

1 — Create a user

cURL
curl -X POST https://branditscan.com/api/platform/users \
  -H "Authorization: Bearer bsp_12_XXXXXXXXXXXXXXXXXXXX" \
  -H "X-Platform-Timestamp: 1767225600" \
  -H "X-Platform-Signature: 3f2a9c1e8b..." \
  -H "Content-Type: application/json" \
  -d '{"email": "creator@example.com", "stagenames": ["jane doe"], "external_id": "tg_482913"}'
201 — response
{
  "user": {
    "bs_user_id": 38412,
    "external_id": "tg_482913",
    "email": "creator@example.com",
    "is_premium": false,
    "membership": 0
  }
}
  • Existing emails are rejected (409) — a platform can never claim an account it didn't create.
  • Idempotent — re-sending the same external_id returns the existing user instead of erroring.

2 — Launch a scan, poll until complete

cURL
curl -X POST https://branditscan.com/api/platform/scans \
  -H "Authorization: Bearer bsp_12_XXXXXXXXXXXXXXXXXXXX" \
  -H "X-Platform-Timestamp: 1767225600" \
  -H "X-Platform-Signature: 9d41be07ac..." \
  -H "Content-Type: application/json" \
  -d '{"reference": "tg_482913"}'
GET /api/platform/scans/512 — once completed
{
  "scan": {
    "id": 512,
    "reference": "tg_482913",
    "bs_user_id": 38412,
    "queue": "first-search",
    "progress": 100,
    "completed": true,
    "created_at": "2026-07-14T18:03:21+00:00",
    "completed_at": "2026-07-14T19:41:05+00:00",
    "summary": {
      "total_links": 1204,
      "total_views": 8125940,
      "total_loss": 24377,
      "total_domains": 87,
      "top_websites": [
        { "domain": "fapello.com", "links_count": 214 },
        { "domain": "leakedzone.com", "links_count": 168 }
      ]
    }
  }
}

3 — Pull the findings into your UI

GET /api/platform/users/tg_482913/infringements?page=1&per_page=25
{
  "data": [
    {
      "id": 981220431,
      "url": "https://fapello.com/jane-doe/",
      "title": "Jane Doe Nude Leaks",
      "website": "fapello.com",
      "views": 48210,
      "states": ["Active"],
      "in_dmca": true,
      "found_at": "2026-07-14T19:22:41+00:00"
    }
  ],
  "pagination": { "page": 1, "per_page": 25, "total": 1204, "last_page": 49 }
}

Finish the loop with SSO: one tap in your product and the creator is inside their BranditScan dashboard, where takedowns run 24/7.

Partnership required. Platform credentials, quotas, SSO, and your commission rate are set up per partner — pitch us your platform and we'll scope the integration with you. Commission details live on the Affiliate Program page.
Pitch us your platform Affiliate Program

Book an intro call

30 minutes — scope your integration live with the founding team

Faster than email ping-pong: grab a slot, tell us what you're building, and we'll map the right APIs, quotas, and commercials with you on the call — credentials usually follow within a working day.

Fair use: the Leak Check widget may be embedded on any site as long as it isn't modified, wrapped in misleading UI, or used to misrepresent BranditScan. Widget scans are rate-limited per visitor and shared across all embeds. API credentials are issued per use case and may not be shared or resold; data from the widget or APIs may not be resold or republished as a dataset. We may revoke access for abuse. That's it — build something good.