The Censys Data Downloads API provides access to bulk Censys Platform data. This guide explains the structure of the data downloads and how to retrieve data files.

Dataset structure and availability

Data downloads have a three-tier hierarchical structure:

Datasets
Dataset snapshots
Snapshot files

A dataset defines the type and scope of data available. Each dataset contains one or more snapshots.

Snapshots are available on a daily or weekly basis. The certificate snapshots is always available on a daily basis regardless of whether your organization has access to weekly snapshots for other assets.

Snapshots are comprised of one or more files.

For example, the 2025-01-01 snapshot within the host-ipv4 dataset would contain a snapshot of all IPv4 host data for that day.

To obtain historical data for a particular date, you must retrieve the dataset snapshot for that date.

Datasets

Censys provides the following datasets. Platform host and web property datasets are generally available in Avro or Parquet format. Universal Internet Datasets (UIDs) are only available in Avro format. Certificate datasets are generally available in Avro format.

The datasets available to you will vary based on what additional entitlements your organization has access to. The additional requirements are detailed in the third column.

Dataset	Description	Additional entitlement requirements
`host-ipv4`	Contains IPv4 assets and their associated services.	None
`host-ipv4-vulns`	Contains IPv4 assets, their associated services, and CVE/vulnerability data.	CVE/vulnerability data
`host-ipv4-threats`	Contains IPv4 assets, their associated services, and threat data.	Threat data
`host-ipv6`	Contains IPv6 assets and their associated services.	None
`host-ipv6-vulns`	Contains IPv6 assets, their associated services, and CVE/vulnerability data.	CVE/vulnerability data
`host-ipv6-threats`	Contains IPv6 assets, their associated services, and threat data.	Threat data
`web`	Contains web properties and their associated endpoints.	None
`web-vulns`	Contains web properties, their associated endpoints, and CVE/vulnerability data.	CVE/vulnerability data
`web-threats`	Contains web properties, their associated endpoints, and threat data.	Threat data
`certificates-v2-full`	Contains records and details about certificates as of a given date.	None
`certificates-v2-incremental`	Contains records and details about new certificates. Daily updates to the certificate dataset not included included in v2-full.	None
`universal-internet-dataset-v2-ipv4`	Contains IPv4 host assets and their associated services from before August 1, 2025.	Extended data downloads history
`universal-internet-dataset-v2-ipv4-virtual-hosts`	Contains IPv4 virtual host assets and their associated services from before August 1, 2025.	Extended data downloads history
`universal-internet-dataset-v2-ipv6`	Contains IPv6 host assets and their associated services from before August 1, 2025.	Extended data downloads history
`universal-internet-dataset-v2-ipv6-virtual-hosts`	Contains IPv6 virtual host assets and their associated services from before August 1, 2025.	Extended data downloads history

File size

Approximate file sizes for the datasets are as follows.

Dataset	Approximate size
`certificates-v2-full` (Avro)	29 TB
`certificates-v2-incremental`	130 GB
`host-ipv4` (Parquet)	500 GB
`host-ipv6` (Parquet)	7 GB
`web`	1.2 TB
`threats`	1 GB

Example files

Use the following links to retrieve sample Censys data download files.

Data schemas

Data in the snapshots is structured following the Platform data schema.

Schema files for each asset type are available from the following links.

The following tables provide general information about how data is structured for each asset type. The tables are not exhaustive but highlight in general how data is arranged for hosts, web properties, and certificates and focus on key fields for common use cases.

Host data schema

Detailed information about the host data schema is provided in the collapsible section below.

Host data schema

Hosts are composed of a top-level field for the IP address and GroupType fields for related host data like location, autonomous_system, whois, dns, and a list of observed services.

Core host information

Field name	Repetition	Logical type	Physical type	Description
`ip`	Optional	String	ByteArray	The IP address of the host.

Host location data (`location`)

Field name	Repitition	Logical type	Physical type	Description
`continent`	Optional	String	ByteArray	The English name of the detected continent.
`country`	Optional	String	ByteArray	The English name of the detected country.
`country_code`	Optional	String	ByteArray	The detected two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, and so on).
`city`	Optional	String	ByteArray	The English name of the detected city.
`postal_code`	Optional	String	ByteArray	The postal code (if applicable) of the detected location.
`timezone`	Optional	String	ByteArray	The IANA time zone database name of the detected location.
`province`	Optional	String	ByteArray	The state or province name of the detected location.
`registered_country`	Optional	String	ByteArray	The English name of the registered country.
`registered_country_code`	Optional	String	ByteArray	The registered country's two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, and so on).
`coordinates`	Optional	null	Group	The estimated coordinates of the detected location.
`latitude`	Optional	null	Double	The estimated latitude.
`longitude`	Optional	null	Double	The estimated longitude.

Host autonomous system data (`autonomous_system`)

Field name	Repetition	Logical type	Physical type	Description
`asn`	Optional	null	Int64	The autonomous system number of the host's autonomous system.
`description`	Optional	String	ByteArray	Brief description of the autonomous system.
`bgp_prefix`	Optional	String	ByteArray	The autonomous system's CIDR.
`name`	Optional	String	ByteArray	The friendly name of the autonomous system.
`country_code`	Optional	String	ByteArray	The autonomous system's two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, and so on).
`organization`	Optional	String	ByteArray	The name of the organization managing the autonomous system.

Host WHOIS information (`whois`)

Field Name	Repetition	Logical type	Physical type	Description
`network`	Optional	null	Group (handle, name, cidrs, created, updated, allocation_type)	Details about the network block.
`handle`	Optional	String	ByteArray	Handle for the network object.
`name`	Optional	String	ByteArray	Name of the network.
`cidrs`	Required	List (element: String)	List (element: ByteArray)	List of CIDR blocks.
`created`	Optional	Timestamp	Int64	Network creation timestamp (Microseconds).
`updated`	Optional	Timestamp	Int64	Network last update timestamp (Microseconds).
`allocation_type`	Optional	String	ByteArray	Type of IP address allocation.
`organization`	Optional	null	Group (handle, name, address, street, city, state, postal_code, country, abuse_contacts, admin_contacts, tech_contacts)	Details about the organization owning the network.
`handle`	Optional	String	ByteArray	Handle for the organization object.
`name`	Optional	String	ByteArray	Name of the organization.
`address`	Optional	String	ByteArray	Organization's general address.
`street`	Optional	String	ByteArray	Street address.
`city`	Optional	String	ByteArray	City.
`state`	Optional	String	ByteArray	State/Province.
`postal_code`	Optional	String	ByteArray	Postal code.
`country`	Optional	String	ByteArray	Country.
`abuse_contacts`	Required	List (element: Group (handle, name, email))	List (element: Group)	List of abuse contact information.
`admin_contacts`	Required	List (element: Group (handle, name, email))	List (element: Group)	List of administrative contact information.
`tech_contacts`	Required	List (element: Group (handle, name, email))	List (element: Group)	List of technical contact information.

Host DNS information (`dns`)

Field Name	Repetition	Logical type	Physical type	Description
`reverse_dns`	Optional	null	Group (names, resolve_time)	Reverse DNS lookup details.
`names`	Required	List (element: String)	List (element: ByteArray)	List of resolved DNS names (hostnames).
`resolve_time`	Optional	Timestamp	Int64	Timestamp of the DNS resolution (Microseconds).
`forward_dns`	Required	List (element: Group (name, record_type, resolve_time))	List (element: Group)	Forward DNS lookup details.
`name`	Optional	String	ByteArray	The DNS record name (e.g., domain name).
`record_type`	Optional	String	ByteArray	The type of DNS record (e.g., A, CNAME, MX).
`resolve_time`	Optional	Timestamp	Int64	Timestamp of the DNS resolution (Microseconds).

Host service information (`services`)

Field Name	Repetition	Logical Type	Physical Type	Description
`endpoints`	Required	List (element: Group (element))	List (element: Group)	List of endpoints (HTTP, Elasticsearch, Kubernetes, etc.) on this service.
`port`	Optional	null	Int64	The port number the service is running on.
`protocol`	Optional	String	ByteArray	The application layer protocol (e.g., http, ssh).
`transport_protocol`	Optional	String	ByteArray	The transport layer protocol (e.g., tcp, udp).
`scan_time`	Optional	Timestamp	Int64	The time the service was scanned (Microseconds).
`banner`	Optional	null	ByteArray	The raw service banner/response.
`banner_hash_sha256`	Optional	null	ByteArray	The SHA256 hash of the service banner.
`tls`	Optional	null	Group	TLS/SSL handshake information.
`cert`	Optional	null	Group	SSL/TLS certificate details.
`jarm`	Optional	null	Group	JARM fingerprinting information.
`software`	Required	List (element: Group (element))	List (element: Group)	List of software detected running the service.
`hardware`	Required	List (element: Group (element))	List (element: Group)	List of hardware details associated with the service.
`operating_systems`	Required	List (element: Group (element))	List (element: Group)	List of operating systems identified for the service.
`labels`	Required	List (element: Group (element))	List (element: Group)	Arbitrary labels applied to the service.
`vnc`	Optional	null	Group	Details specific to the VNC protocol.
`rdp`	Optional	null	Group	Details specific to the RDP protocol.
`ssh`	Optional	null	Group	Details specific to the SSH protocol.
`mysql`	Optional	null	Group	Details specific to the MySQL protocol.
`ipmi`	Optional	null	Group	Details specific to the IPMI protocol.
`amqp`	Optional	null	Group	Details specific to the AMQP protocol.
`memcached`	Optional	null	Group	Details specific to the Memcached protocol.
`mssql`	Optional	null	Group	Details specific to the MSSQL protocol.
`oracle`	Optional	null	Group	Details specific to the Oracle protocol.
`redis`	Optional	null	Group	Details specific to the Redis protocol.
`snmp`	Optional	null	Group	Details specific to the SNMP protocol.
`postgres`	Optional	null	Group	Details specific to the PostgreSQL protocol.
`mongodb`	Optional	null	Group	Details specific to the MongoDB protocol.
`bacnet`	Optional	null	Group	Details specific to the BACnet protocol.
`dnp3`	Optional	null	Group	Details specific to the DNP3 protocol.
`dns`	Optional	null	Group	Details specific to the DNS protocol.
`ftp`	Optional	null	Group	Details specific to the FTP protocol.
`imap`	Optional	null	Group	Details specific to the IMAP protocol.
`ipp`	Optional	null	Group	Details specific to the IPP protocol.
`modbus`	Optional	null	Group	Details specific to the Modbus protocol.
`mqtt`	Optional	null	Group	Details specific to the MQTT protocol.
`ntp`	Optional	null	Group	Details specific to the NTP protocol.
`pc_anywhere`	Optional	null	Group	Details specific to the pcAnywhere protocol.
`pop3`	Optional	null	Group	Details specific to the POP3 protocol.
`s7`	Optional	null	Group	Details specific to the Siemens S7 protocol.
`smb`	Optional	null	Group	Details specific to the SMB protocol.
`smtp`	Optional	null	Group	Details specific to the SMTP protocol.
`telnet`	Optional	null	Group	Details specific to the Telnet protocol.
`fox`	Optional	null	Group	Details specific to the Fox protocol.
`openvpn`	Optional	null	Group	Details specific to the OpenVPN protocol.
`coap`	Optional	null	Group	Details specific to the CoAP protocol.
`sip`	Optional	null	Group	Details specific to the SIP protocol.
`team_viewer`	Optional	null	Group	Details specific to the Team Viewer protocol.
`x11`	Optional	null	Group	Details specific to the X11 protocol.
`skinny`	Optional	null	Group	Details specific to the Cisco Skinny protocol.
`pptp`	Optional	null	Group	Details specific to the PPTP protocol.
`mms`	Optional	null	Group	Details specific to the MMS protocol.
`ike`	Optional	null	Group	Details specific to the IKE protocol.
`ssdp`	Optional	null	Group	Details specific to the SSDP protocol.
`upnp`	Optional	null	Group	Details specific to the UPnP protocol.
`any_connect`	Optional	null	Group	Details specific to the Cisco AnyConnect protocol.
`ldap`	Optional	null	Group	Details specific to the LDAP protocol.
`activemq`	Optional	null	Group	Details specific to the ActiveMQ protocol.
`checkpoint_topology`	Optional	null	Group	Details specific to Check Point Topology.
`dhcpdiscover`	Optional	null	Group	Details specific to DHCP discovery.
`epmd`	Optional	null	Group	Details specific to the Erlang Port Mapper Daemon protocol.
`ethereum`	Optional	null	Group	Details specific to the Ethereum protocol.
`krpc`	Optional	null	Group	Details specific to the Kademlia RPC protocol.
`l2tp`	Optional	null	Group	Details specific to the L2TP protocol.
`monero_p2p`	Optional	null	Group	Details specific to the Monero P2P protocol.
`opc_ua`	Optional	null	Group	Details specific to the OPC UA protocol.
`rocketmq`	Optional	null	Group	Details specific to the RocketMQ protocol.
`socks`	Optional	null	Group	Details specific to the SOCKS protocol.
`zeromq`	Optional	null	Group	Details specific to the ZeroMQ protocol.
`eip`	Optional	null	Group	Details specific to the EtherNet/IP protocol.
`elf_file`	Optional	null	Group	Details about a detected ELF file.
`tplink_kasa`	Optional	null	Group	Details specific to the TP-Link Kasa protocol.
`darkcomet`	Optional	null	Group	Details specific to the DarkComet RAT protocol.
`dcerpc`	Optional	null	Group	Details specific to the DCE/RPC protocol.
`hikvision`	Optional	null	Group	Details specific to the Hikvision protocol.
`chromecast`	Optional	null	Group	Details specific to the Chromecast protocol.
`crestron_cp3`	Optional	null	Group	Details specific to the Crestron CP3 protocol.
`cwmp`	Optional	null	Group	Details specific to the CWMP protocol.
`dvr_ip`	Optional	null	Group	Details specific to the DVR/IP protocol.
`etcd`	Optional	null	Group	Details specific to the etcd protocol.
`gearman`	Optional	null	Group	Details specific to the Gearman protocol.
`hid_vertx`	Optional	null	Group	Details specific to the HID Vertx protocol.
`iota`	Optional	null	Group	Details specific to the IOTA protocol.
`iscsi`	Optional	null	Group	Details specific to the iSCSI protocol.
`lpd`	Optional	null	Group	Details specific to the LPD protocol.
`mdns`	Optional	null	Group	Details specific to the mDNS protocol.
`minecraft`	Optional	null	Group	Details specific to the Minecraft protocol.
`murmur`	Optional	null	Group	Details specific to the Murmur protocol.
`nbd`	Optional	null	Group	Details specific to the NBD protocol.
`nfs_mountd`	Optional	null	Group	Details specific to the NFS mountd protocol.
`nmea`	Optional	null	Group	Details specific to the NMEA protocol.
`onvif`	Optional	null	Group	Details specific to the ONVIF protocol.
`pgbouncer`	Optional	null	Group	Details specific to the PgBouncer protocol.
`portmap`	Optional	null	Group	Details specific to the Portmap/RPCBind protocol.
`rdate`	Optional	null	Group	Details specific to the RDate protocol.
`realport`	Optional	null	Group	Details specific to the RealPort protocol.
`ripple`	Optional	null	Group	Details specific to the Ripple protocol.
`rlogin`	Optional	null	Group	Details specific to the RLogin protocol.
`rtsp`	Optional	null	Group	Details specific to the RTSP protocol.
`sap_router`	Optional	null	Group	Details specific to the SAP Router protocol.
`scpi`	Optional	null	Group	Details specific to the SCPI protocol.
`ser2net`	Optional	null	Group	Details specific to the Ser2Net protocol.
`seven_days_to_die`	Optional	null	Group	Details specific to the 7 Days to Die game protocol.
`spice`	Optional	null	Group	Details specific to the SPICE protocol.
`steam`	Optional	null	Group	Details specific to the Steam protocol.
`tacacs_plus`	Optional	null	Group	Details specific to the TACACS+ protocol.
`tibia`	Optional	null	Group	Details specific to the Tibia game protocol.
`unitronics_pcom`	Optional	null	Group	Details specific to the Unitronics PCOM protocol.
`ventrilo`	Optional	null	Group	Details specific to the Ventrilo protocol.
`weblogic_t3`	Optional	null	Group	Details specific to the WebLogic T3 protocol.
`winrm`	Optional	null	Group	Details specific to the WinRM protocol.
`ws_discovery`	Optional	null	Group	Details specific to the WS-Discovery protocol.
`nats_io`	Optional	null	Group	Details specific to the NATS.io protocol.

Web property data schema

Detailed information about the web property data schema is provided in the collapsible section below.

Web property data schema

Internet assets that respond to hostname-based scans are classified as web properties.

Web properties are identified by a hostname and a port. Hostnames can be name-based records (such as app.censys.io) or IP-based records (such as 104.18.10.85). Example names of web property records include app.censys.io:443 and 104.18.10.85:8880.

You can use web properties to explore websites, APIs, web-based applications, and much more.

Top-level web property fields and groups

Field Name	Repetition	Logical Type	Physical Type	Description
`hostname`	Optional	String	ByteArray	The hostname of the web property.
`scan_time`	Optional	Timestamp	Int64	The time that the web property was scanned.
`endpoints`	Required	List	List	A list of network endpoints discovered for the web property.
`port`	Optional	N/A	Int64	The port number that was scanned on the web property.
`operating_systems`	Required	List	List	List of operating systems identified for the web property/underlying server.
`hardware`	Required	List	List	List of hardware details for the web property/underlying server.
`software`	Required	List	List	List of software running the web property or on the server.
`jarm`	Optional	null	Group	JARM fingerprinting details for a TLS session used by the property.
`labels`	Required	List	List	Arbitrary tags or intelligence labels applied to the web property.
`tls`	Optional	null	Group	TLS/SSL handshake negotiation details.
`cert`	Optional	null	Group	SSL/TLS certificate details.

Web property endpoint data (`endpoints`)

Field Name	Repetition	Logical Type	Physical Type	Description
`path`	Optional	String	ByteArray	The URI path inspected on the endpoint (e.g., /api/v1).
`endpoint_type`	Optional	String	ByteArray	A classification of the endpoint (e.g., web, elasticsearch).
`scan_time`	Optional	Timestamp	Int64	Timestamp of the individual endpoint scan (Microseconds).
`ip`	Optional	String	ByteArray	The IP address associated with the endpoint.
`banner`	Optional	null	ByteArray	The raw service banner/response.
`banner_hash_sha256`	Optional	null	ByteArray	SHA256 hash of the service banner.
`http`	Optional	null	Group	HTTP protocol-specific metadata.
`elasticsearch`	Optional	null	Group	Elasticsearch server details.
`kubernetes`	Optional	null	Group	Kubernetes API/cluster details.
`prometheus`	Optional	null	Group	Prometheus monitoring metrics.
`fortigate`	Optional	null	Group	Fortigate device specific info.
`cobalt_strike`	Optional	null	Group	Cobalt Strike team server profile details.
`pprof`	Optional	null	Group	Go pprof profiling metrics endpoint info.
`prometheus_target`	Optional	null	Group	Prometheus target metrics.
`graphql`	Optional	null	Group	GraphQL endpoint details.
`ivanti_avalanche`	Optional	null	Group	Ivanti Avalanche server info.
`ollama`	Optional	null	Group	Ollama large language model server info.
`chrome_devtools`	Optional	null	Group	Chrome DevTools protocol details.
`plex_media_server`	Optional	null	Group	Plex Media Server information.
`redlion_web`	Optional	null	Group	Red Lion Web Server information.
`scada_view`	Optional	null	Group	SCADA View application server information.
`open_directory`	Optional	null	Group	Open directory contents.
`screenshots`	Required	List	List	List of captured screenshots for this endpoint.

Certificate data schema

Detailed information about the certificate data schema is provided in the collapsible section below.

Certificate data schema

The Censys certificate dataset is the most exhaustive collection of X.509 documents in existence. It consists of over 15 billion records and records are added on a daily basis.

In the Censys Platform, certificates are indexed and identified by their "fingerprint," which is the SHA-256 digest of the entire raw certificate.

Top-level certificate fields

Field Name	Repetition	Logical Type	Physical Type	Description
`fingerprint_sha256`	Optional	bytes	bytes	SHA256 fingerprint of the certificate.
`fingerprint_sha1`	Optional	bytes	bytes	SHA1 fingerprint of the certificate.
`fingerprint_md5`	Optional	bytes	bytes	MD5 fingerprint of the certificate.
`tbs_fingerprint_sha256`	Optional	bytes	bytes	SHA256 fingerprint of the To Be Signed (TBS) part.
`tbs_no_ct_fingerprint_sha256`	Optional	bytes	bytes	SHA256 fingerprint of the TBS part without the Certificate Transparency (CT) extension.
`spki_subject_fingerprint_sha256`	Optional	bytes	bytes	SHA256 fingerprint of the Subject Public Key Info (SPKI).
`parent_spki_subject_fingerprint_sha256`	Optional	bytes	bytes	SHA256 fingerprint of the parent certificate's SPKI.
`parsed`	Optional	record	Group	Parsed details extracted from the certificate content.
`precert`	Optional	boolean	boolean	Indicates if the certificate is a precertificate.
`revoked`	Optional	boolean	boolean	Indicates if the certificate is known to be revoked.
`names`	Required	string	array	List of all domain names (CN, SANs) associated with the certificate.
`validation_level`	Optional	string	string	The type of validation (e.g., DV, OV, EV).
`validation`	Optional	record	Group	External validation status from various trust stores.
`revocation`	Optional	record	Group	Revocation check details (OCSP and CRL).
`ct`	Optional	record	Group	Certificate Transparency log entry data.
`ever_seen_in_scan`	Optional	boolean	boolean	Whether this certificate has ever been observed in a scan.
`raw`	Optional	bytes	bytes	The raw certificate bytes.
`added_at`	Optional	Timestamp	long	Timestamp when the certificate was first seen (Microseconds).
`modified_at`	Optional	Timestamp	long	Timestamp of the last modification (Microseconds).
`validated_at`	Optional	Timestamp	long	Timestamp of the last validation check (Microseconds).
`parse_status`	Optional	string	string	Status of the certificate parsing process.
`zlint`	Optional	record	Group	ZLint (certificate linter) validation results.
`labels`	Required	string	array	Arbitrary labels applied to the certificate.
`not_valid_after`	Optional	Timestamp	long	The certificate's expiration time (Microseconds).
`inserted_at`	Optional	Timestamp	long	Time when the record was inserted into the database (Microseconds).

Parsed certificate data (`parsed`)

Field Name	Repetition	Logical Type	Physical Type	Description
`version`	Optional	long	long	The X.509 certificate version.
`serial_number`	Optional	string	string	The certificate's unique serial number.
`issuer_dn`	Optional	string	string	The Issuer's Distinguished Name (raw string).
`issuer`	Optional	record	Group	Parsed fields of the Issuer's distinguished name (e.g., common_name, country).
`subject_dn`	Optional	string	string	The Subject's Distinguished Name (raw string).
`subject`	Optional	record	Group	Parsed fields of the Subject's distinguished name.
`subject_key_info`	Optional	record	Group	Details about the Subject's public key (algorithm, modulus/curve info).
`validity_period`	Optional	record	Group	Start and end dates of the certificate's validity.
`signature`	Optional	record	Group	Details about the digital signature (algorithm, validity status).
`extensions`	Optional	record	Group	Parsed X.509 extensions (e.g., key_usage, subject_alt_name).
`unknown_extensions`	Required	record	array	List of unrecognized X.509 extensions.
`redacted`	Optional	boolean	boolean	Indicates if certificate information has been redacted.
`serial_number_hex`	Optional	string	string	The serial number in hexadecimal format.
`ja4x`	Optional	string	string	JA4X certificate fingerprint value.

Format

Snapshots are available in AVRO and Parquet format.

The specific formats available may vary on a snapshot-by-snapshot basis.

Asynchronous downloads

Recent snapshots are generally ready to download without delay. However, when downloading older snapshots or the current day's snapshot, the files endpoint may return a 202 status with the message The files for this snapshot are currently being generated, and will be available soon. Please request them later.

For large datasets, it may take several hours before the data is ready to download. You can periodically retry the request until the files become available.

Data download API endpoints

API endpoints are available for the following operations.

Endpoint	Description and link
`GET https://data.censys.io/api/v1/datasets`	Retrieve a list of the datasets available to an organization.
`GET https://data.censys.io/api/v1/datasets/{dataset}/snapshots`	Retrieve the list of snapshots available for a dataset.
`GET https://data.censys.io/api/v1/datasets/{dataset}/snapshots/{snapshot}/files/{format}`	Retrieve the list of files available for a snapshot in a particular format.

Example workflow

Prerequisites

Your Censys organization ID. To find your organization ID:
1. Go the the Censys Platform web console. Ensure that you have your Enterprise account selected.
2. Your organization ID is provided in the URL after org=.
Your Personal Access Token (PAT).

You must include your organization ID and PAT in all of your requests. Your organization ID is used to determine which datasets you have access to.

List and retrieve data

To list the datasets that you have access to, use the following:

curl -H "Authorization: Bearer <your-api-token>" "https://data.censys.io/api/v1/datasets?org=<your-organization-id>"

This will return a list of datasets, such as the example response provided below.

{
  "datasets": [
    {
      "id": "host-ipv4",
      "description": "Daily IPv4 Host Snapshots"
    }
  ]
}

List the available snapshots for a dataset using the following example. This will retrieve the snapshots available for the host-ipv4 dataset.

curl -H "Authorization: Bearer <your-api-token>" "https://data.censys.io/api/v1/datasets/host-ipv4/snapshots?org=<your-organization-id>"

You will receive a response similar to the one below.

{
  "dataset": "host-ipv4",
  "snapshots": [
    {
      "id": "1234",
      "addedTime": "2025-01-01T00:00:00.00000000Z",
      "expireTime": "2025-11-31T00:00:00.00000000Z",
      "formats": [
        {
          "name": "AVRO"
        },
        {
          "name": "PARQUET"
        }
      ]
    }
  ]
}

Use the id field from a snapshot to list the files that constitute a snapshot.

curl -H "Authorization: Bearer <your-api-token>" "https://data.censys.io/api/v1/datasets/host-ipv4/snapshots/datasets/1234/?org=<your-organization-id>"

You will a receive a response similar to the one below.

{
  "dataset": "host-ipv4",
  "snapshot": "1234",
  "file": [
    {
      "url": "<signed url>",
      "sizeBytes": 10000
    }
  ]
}

Use the signed URL to download the files or use a tool like DuckDB to query the files without downloading them.
```
SELECT * FROM parquet_scan("<signed-url>") LIMIT 1;
```

BigQuery configuration

To ensure that your data exports function as expected when using BigQuery, enable the following boolean fields.

Format	Field	Additional information
Parquet	`enableListInference`	BigQuery refernce guide
Avro	`useAvroLogicalTypes`	BigQuery reference guide

Dataset structure and availability

Datasets

File size

Example files

Data schemas

Host data schema

Core host information

Host location data (location)

Host autonomous system data (autonomous_system)

Host WHOIS information (whois)

Host DNS information (dns)

Host service information (services)

Web property data schema

Top-level web property fields and groups

Web property endpoint data (endpoints)

Certificate data schema

Top-level certificate fields

Parsed certificate data (parsed)

Format

Asynchronous downloads

Data download API endpoints

Example workflow

Prerequisites

List and retrieve data

BigQuery configuration

Host location data (`location`)

Host autonomous system data (`autonomous_system`)

Host WHOIS information (`whois`)

Host DNS information (`dns`)

Host service information (`services`)

Web property endpoint data (`endpoints`)

Parsed certificate data (`parsed`)