NordStellar

IAM & SecurityAPI tokenLive

Connect your customers' NordStellar accounts so your product can pull threat-intelligence findings, data-breach detections, and dark web monitoring results as part of onboarding or continuous risk monitoring. A single bearer token is all the customer needs to provide.

Book a demo

View docs

What you can do

Read data-breach detections for monitored domains

Fetch breaches detected for the customer's monitored domains and email addresses, including breach source, detection date, and the categories of data exposed (passwords, PII, financial data).

Pull dark-web exposure findings

Read alerts for leaked credentials, leaked documents, and mentions of the customer's brand or infrastructure on dark-web marketplaces and forums monitored by NordStellar.

List monitored assets and their status

Fetch the list of domains, IPs, and keywords the customer has enrolled for monitoring in NordStellar, plus the current monitoring status and last-checked timestamp for each.

Fetch individual finding details

Read the full detail record for any finding, including the raw source snippet, severity classification, and recommended remediation steps, without requiring access to the NordStellar portal.

Track remediation state per finding

Read whether a finding has been marked as resolved or suppressed in NordStellar so your product's risk dashboard can reflect the current, post-remediation state rather than raw alert volume.

Pull summary statistics for dashboards

Read aggregate finding counts broken down by severity and category so your product can build executive-level risk dashboards without fetching every individual alert record.

Sample use case

Adding dark-web exposure to an onboarding risk assessment

You sell a third-party risk management platform. When a new vendor, Thornwood Logistics Partners, is onboarded by one of your enterprise customers, your product needs to check whether Thornwood's domain has any active dark-web exposure or leaked credentials before the customer extends network access. Thornwood has a NordStellar account monitoring their domain.

1
Thornwood provides the bearer token
Thornwood's security manager opens their NordStellar platform account, copies the bearer token from the API settings, and pastes it into your product's vendor-onboarding form. Askel validates the token with a test request.
2
Monitored asset list read
Askel fetches the list of assets Thornwood has enrolled in NordStellar monitoring. Your product confirms that thornwoodlogistics.com is actively monitored and stores the asset ID for subsequent reads.
3
Breach detection pull
Askel reads all active breach detections for the monitored domain. Your product surfaces 3 findings: a credential dump from 18 months ago, an active stealer log hit from last week, and a paste site mention of their email domain.
4
Risk score computed
Your product weighs the NordStellar findings against other data sources (patent filings, financial records, IT security questionnaire) and outputs an initial vendor risk score that includes the dark-web exposure component.
5
Remediation tracked
When Thornwood's security team resolves the stealer log finding in NordStellar, Askel reads the updated remediation status on the next sync. Your product updates the vendor risk score automatically without manual input.

Authentication

API token

The customer retrieves their bearer token from the NordStellar platform settings. They paste it into Askel once. Askel sends it as an Authorization Bearer header on every request to platform-integration-api.nordstellar.com; the token never reaches your servers.

Data flow

How Askel sits between your product and the customer's system

Breach detectionsDark-web findingsMonitored assetsFinding severityRemediation status

Related integrations

Snyk

Read vulnerability and license findings from customer Snyk orgs.

Lupasafe

Pull employee security-posture data from Lupasafe.

GoPhish

Run phishing campaigns and pull results from customer GoPhish servers.

FAQ for NordStellar

What kinds of data can NordStellar detect through Askel?+

NordStellar monitors for leaked credentials (email and password combinations), sensitive documents, dark-web marketplace listings, and brand mentions across the sources NordStellar covers in its threat-intel network. Askel forwards whatever finding types the customer's NordStellar plan includes.

How fresh is the data returned through this integration?+

NordStellar updates findings as their monitoring system detects new hits. Askel reads the current state from the NordStellar API on each call; there is no additional caching layer in Askel. The freshness of the data depends on NordStellar's own monitoring frequency.

Can we monitor multiple organisations through one NordStellar account?+

If the customer's NordStellar account covers multiple monitored entities, Askel reads all of them through a single token. Each entity is identified by its asset ID in the API response, so your product can filter findings per entity.

What happens if the bearer token expires or is rotated?+

NordStellar tokens that expire or are revoked will cause API calls to return auth errors. Askel surfaces a credential-expired alert on the customer's connection page. The customer pastes a new token to restore the connection.

Ready to ship integrations faster?customers faster?implementations faster?

Join onboarding teams delivering integrations without the engineering queue,
catching drift before it breaks, and hitting go-live dates.

Book a demo

Security & Compliance

Askel.ai

Automation for customer onboarding teams

Product

Features Documentation Integrations

Company

About us Our team Blog Contact

Resources