Vault Summary API | Enpass Help

The Vault Report endpoint returns paginated, user-level data with a detailed breakdown of password health and security posture across your organization. Each record represents a vault associated with a specific user and the device it was last accessed from.

Use this endpoint to:

Identify users with weak or compromised passwords
Find accounts affected by breached credentials
Track passkey adoption at the individual level
Monitor compliance with your organization's password policies

Required scope: Vault Summary

Request

POST api/v1/vaults/report/

Query Parameters

Parameter	Type	Description
`page_size`	number	Number of records to return per page

Request Body

Parameter	Type	Description
`search_email`	string	Filter by a partial or full user email address
`vault_filters`	object	One or more filters to apply to the results. See Vault Filters below

Vault Filters

The vault_filters object accepts the following fields.

`password`

Type: list

Filter by password health properties of items in the vault.

Value	Description
`compromised`	Vaults with at least one compromised password
`weak`	Vaults with at least one weak password
`identical`	Vaults with at least one reused/identical password

`user_state`

Type: list

Filter by the current state of the vault owner's account.

Value	Description
`active`	User has an active Enpass License.
`expired`	User's subscription has expired
`deprovisioned`	User has been removed from the Admin Console.

`websites`

Type: list

Filter by website-level security properties.

Value	Description
`breached`	Vaults with at least one breached website password
`2fa`	Vaults with at least one item on a 2FA-supported website

`location`

Type: list

Filter by vault storage location.

Value	Description
`one_drive`	Vaults stored in OneDrive
`sites`	Vaults stored in SharePoint Sites
`teams`	Vaults stored in Microsoft Teams

`primary_vault`

Type: boolean

When true, returns only primary vault records. When false, primary vaults are excluded.

`shared_vault`

Type: boolean

When true, returns only shared vault records. When false, shared vaults are excluded.

`security`

Type: list

Filter by the overall security rating of the vault.

Value	Description
`low`	Vaults with a low security rating
`medium`	Vaults with a medium security rating
`high`	Vaults with a high security rating

`ordering`

Type: object

Sort results by one or more supported fields. Use 1 for ascending and -1 for descending.

Field	Example
`vault_owner`	`{ "vault_owner": 1 }`
`security_score`	`{ "security_score": 1 }`
`compromised`	`{ "compromised": -1 }`
`breached`	`{ "breached": 1 }`
`weak`	`{ "weak": -1 }`
`identical`	`{ "identical": 1 }`

Multiple fields can be combined in a single ordering object:

{
  "ordering": {
    "security_score": 1,
    "compromised": -1,
    "weak": -1
  }
}

Example Request

{
  "search_email": "john@acmebizness.net",
  "vault_filters": {
    "password": ["weak", "compromised"],
    "user_state": ["active"],
    "security": ["medium"],
    "ordering": {
      "security_score": 1,
      "compromised": -1
    }
  }
}

Response

Field	Type	Description
`count`	integer	Total number of records returned
`pages`	integer	Total number of pages available
`limit`	integer	Maximum records returned per page
`current`	integer	The current page number
`next`	string / null	URL to the next page, or `null` if none
`previous`	string / null	URL to the previous page, or `null` if on the first page

Result Object

Each object in the results array contains three sections.

User

Field	Type	Description
`fullname`	string	Full name of the user
`email`	string	Email address of the user
`created_date`	timestamp	Date the user account was created
`modified_date`	timestamp	Date the user account was last modified
`state`	string	Current account state (e.g. `active`, `deprovisioned`)
`keys_state`	string	State of the user's encryption keys (e.g. `active`)

Vault

Field	Type	Description
`name`	string	Name of the vault
`vault_location`	string	Storage location (e.g. `one_drive`, `sites`)
`private`	boolean	Whether the vault is private
`shared`	boolean	Whether the vault is shared with other users
`created_date`	timestamp	Date the vault was created
`modified_date`	timestamp	Date the vault was last modified
`creator`	object	User object of the person who originally created the vault

Security Metrics

Field	Type	Description
`security_score`	float	Overall security score for the vault (0–100)
`security`	string	Security rating derived from score (`low`, `medium`, `high`)
`password_strength`	string	Aggregate password strength indicator
`password_items_count`	integer	Total number of password items in the vault
`weak`	integer	Number of weak passwords
`compromised`	integer	Number of compromised passwords
`identical`	integer	Number of reused/identical passwords
`sso_identical`	integer	Number of passwords identical to SSO credentials
`two_fa`	integer	Number of items with 2FA enabled
`passkey`	integer	Number of items using passkeys
`non_compliant`	integer	Number of items not meeting your password policy
`expired`	integer	Number of expired passwords
`breached`	integer	Number of passwords found in known data breaches
`http_url_count`	integer	Number of items with insecure HTTP URLs
`attachments_count`	integer	Number of attachments stored in the vault
`excluded`	integer	Number of items excluded from security audit calculations
`have_keyfile`	boolean	Whether the vault is protected with a key file
`mount_vault_name`	string	Display name used when the vault is mounted

Device

Field	Type	Description
`name`	string	Name or identifier of the device
`device_type`	string	Device type and OS version (e.g. `Windows 10 (10.0)`)
`os`	string	Operating system (e.g. `windows`, `macos`, `ios`)
`os_version`	string	Version of the operating system
`country`	string	Country from which the device is registered
`created_date`	timestamp	Date the device was first registered
`modified_date`	timestamp	Date the device record was last updated

Example Response

{
  "count": 1,
  "pages": 1,
  "limit": 5,
  "current": 1,
  "next": null,
  "previous": null,
  "results": [
    {
      "user": {
        "fullname": "John William",
        "email": "john@acmebizness.net",
        "created_date": "1774345265",
        "modified_date": "1774345265",
        "state": "active",
        "keys_state": "active"
      },
      "vault": {
        "name": "Test Vault",
        "vault_location": "one_drive",
        "private": false,
        "shared": false,
        "created_date": "1774355052",
        "modified_date": "1774355052",
        "creator": {
          "fullname": "John William",
          "email": "john@acmebizness.net",
          "state": "active",
          "keys_state": "active"
        }
      },
      "security_score": 82.0,
      "security": "medium",
      "password_strength": "2",
      "password_items_count": 10,
      "weak": 4,
      "compromised": 0,
      "identical": 0,
      "sso_identical": 0,
      "two_fa": 0,
      "passkey": 0,
      "non_compliant": 0,
      "expired": 0,
      "breached": 0,
      "http_url_count": 0,
      "attachments_count": 0,
      "excluded": 0,
      "have_keyfile": false,
      "mount_vault_name": "Test Vault",
      "device": {
        "name": "John MacBook",
        "device_type": "desktop",
        "os": "mac",
        "os_version": "26.3",
        "country": "United Kingdom",
        "created_date": "1774345499",
        "modified_date": "1776327819"
      }
    }
  ]
}

Request

Query Parameters

Request Body

Vault Filters

password

user_state

websites

location

primary_vault

shared_vault

security

ordering

Example Request

Response

Pagination Fields

Result Object

User

Vault

Security Metrics

Device

Example Response

Related

`password`

`user_state`

`websites`

`location`

`primary_vault`

`shared_vault`

`security`

`ordering`