Knogin
[Developers]

Discovery Domain

An investigator starts a new case with a single name. She needs to know what the platform already knows about that name, what investigations have previously touched it, what entities are connected to it, and whether any

Back to All Modules
Category: Api DomainsLast Updated: Feb 5, 2026
api-domainscompliance

Overview#

An investigator starts a new case with a single name. She needs to know what the platform already knows about that name, what investigations have previously touched it, what entities are connected to it, and whether any OSINT sources have relevant material. Searching each module separately would take 20 minutes. The Discovery domain returns all of that in a single query, ranked by relevance, with faceted filtering to narrow down the results.

That is discovery working as it should: one search that reaches across the entire platform and all connected sources simultaneously.

Key Features#

  • Cross-domain search across entities, investigations, and intelligence.
  • Search result aggregation from multiple data sources.
  • OSINT provider integration for expanded discovery.
  • Digital footprint correlation in search results.
  • Saved search configurations for repeated queries.
  • Search result ranking and relevance scoring.
  • Faceted filtering for search refinement.
  • Organisation-scoped search with access control.

Use Cases#

Investigators search across all platform data sources for investigation leads from a single entry point, receiving ranked results that surface the most relevant matches regardless of which module they originate from.

Intelligence analysts discover related entities and intelligence through cross-domain queries, finding connections between a new subject and existing investigations that would remain invisible without a unified search capability.

Law enforcement officers running OSINT-enhanced discovery for persons of interest receive results that combine internal platform records with external OSINT data, giving a consolidated picture without switching between systems.

Recurring investigation teams save and reuse common search patterns for case types they handle repeatedly, fraud investigation templates, organised crime network queries, sanctions compliance checks, reducing setup time for each new case.

Integration#

Integrates with search operations, OSINT providers, and digital footprint analysis for comprehensive discovery workflows.

Open Standards#

  • GraphQL (June 2018 specification): the entire Discovery query and mutation surface is defined as a typed GraphQL schema, allowing clients to request exactly the fields they need across jobs, sources, results, and saved queries.
  • WebSocket (RFC 6455): job-status updates (running, completed, failed, cancelled) are pushed in real time to subscribed clients over a WebSocket connection, removing the need for polling.
  • JSON Web Token (RFC 7519) / OAuth 2.0 (RFC 6749): all authenticated Discovery endpoints enforce bearer-token access control using RS256-signed JWTs issued by the platform authorisation server.
  • OpenAPI 3.1: the platform publishes a curated OpenAPI contract at /.well-known/openapi.json (RFC 8615 well-known URI), covering the Discovery REST surface and enabling partner tooling to generate typed clients automatically.
  • RFC 9727, API Catalog: a machine-readable API catalogue link-set is served at /.well-known/api-catalog, letting HTTP clients discover available API endpoints without prior out-of-band knowledge.
  • Certificate Transparency (RFC 9162): the crt.sh OSINT provider queries public CT logs to surface subdomain registrations and certificate issuance events as discovery results for domain-type queries.
  • WHOIS (RFC 3912): WHOIS-capable providers surface domain registration and ownership records as part of the fan-out for domain and IP queries.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.