CT Logs
developer/v1/domain/ct-logsSearches Certificate Transparency (CT) logs for recent certificates issued for a domain via the crt.sh aggregator. Returns up to 20 deduplicated entries. Unlike the SSL endpoint which analyzes the active certificate, this searches historical records across CT logs aggregated by crt.sh.
What It Does
Queries Certificate Transparency log aggregators (crt.sh) for recent certificates issued for the domain. Returns up to 20 deduplicated entries with issuer name, log entry timestamp, and crt.sh certificate ID. The truncated field indicates if more entries exist beyond the limit.
Why It's Useful
Recent CT log entries reveal patterns invisible in the active certificate alone: CA changes over time, certificate churn rates, subdomain discovery through historical SANs, and detection of unauthorized issuance. The truncated field indicates when more entries exist beyond the 20-entry limit.
Use Cases
Historical Subdomain Enumeration
Discover subdomains from expired and historical certificates that no longer appear in the active certificate or DNS records.
Find forgotten subdomains and legacy infrastructure not visible through current DNS enumeration.
Unauthorized Issuance Detection
Search CT log history for certificates issued by unauthorized CAs or for unexpected subdomains.
Detect rogue certificate issuance that could indicate domain compromise or CA misbehavior.
Certificate Lifecycle Analysis
Analyze CA usage patterns over time — certificate rotation frequency, issuer changes, and automation effectiveness.
Optimize certificate management by identifying lifecycle patterns and automation gaps.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Required | The domain to search CT logs forExample: example.com |
Response Fields
| Field | Type | Description |
|---|---|---|
domain | string | The queried domain |
certificates | array | Certificate entries from CT logs with issuer, timestamp, and id |
scts | array | Legacy field — certificate entries with logName, timestamp, and version |
hasSCTs | boolean | Whether certificate entries were found in CT logs |
count | number | Total certificate entries found |
truncated | boolean | Whether results were truncated (more entries may exist beyond the limit) |
source | string | Data source (crt.sh aggregator) |
note | string | Additional context about the CT log search |
Code Examples
curl "https://api.edgedns.dev/v1/domain/ct-logs" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d "domain=example.com"const response = await fetch(
'https://api.edgedns.dev/v1/domain/ct-logs?domain=example.com',
{
headers: {
'Authorization': 'Bearer YOUR_API_KEY'
}
}
);
const data = await response.json();
console.log(data);import requests
response = requests.get(
'https://api.edgedns.dev/v1/domain/ct-logs',
headers={'Authorization': 'Bearer YOUR_API_KEY'},
params={
'domain': 'example.com'
}
)
data = response.json()
print(data)Read the full CT Logs guide
Why it matters, real-world use cases, parameters, response fields, and how to call it from Claude, ChatGPT, or Gemini via MCP.
Read the guide →Related Endpoints
External References
Learn more about the standards and protocols behind this endpoint.