# Add new stolen credentials

Add stolen credentials sourced from other threat intelligence feeds within your organization.

Endpoint: POST /v1/controls/stolenCredentials
Version: v1
Security: x-api-key

## Request fields (application/json):

  - `email` (string)
    Email address of employee.
    Example: "john.hill@example.com"

  - `password` (string)
    Plain text password. Note that uploading hashes will never match and only plain text passwords can be used.
    Example: "myAm@z!ngP4$$w0rdTh4tUcantGu3$$"

  - `metadata` (object,null)
    Metadata provided from the TI provider about where these credentials were found. This will be attached to any Stolen Credentials finding that matched with these credentials

## Response 200 fields (application/json):

  - `result` (array)

  - `result.email` (string)
    Email address of employee.
    Example: "john.hill@example.com"

  - `result.password` (string)
    Plain text password. Note that uploading hashes will never match and only plain text passwords can be used.
    Example: "myAm@z!ngP4$$w0rdTh4tUcantGu3$$"

  - `result.metadata` (object,null)
    Metadata provided from the TI provider about where these credentials were found. This will be attached to any Stolen Credentials finding that matched with these credentials


## Response 400 fields