diff --git a/docs/api-reference/astp/endpoints/post-urls-by-credential-hash.mdx b/docs/api-reference/astp/endpoints/post-urls-by-credential-hash.mdx
new file mode 100644
index 0000000..0fe8bd8
--- /dev/null
+++ b/docs/api-reference/astp/endpoints/post-urls-by-credential-hash.mdx
@@ -0,0 +1,60 @@
+---
+title: "List URLs by Credential Hash"
+api: "POST https://api.flare.io/astp/urls/by_credential_hash"
+authMethod: "bearer"
+---
+
+import GatedAccessFeatureAstp from '/snippets/gated-access-feature-astp.mdx';
+
+
+
+Returns the URLs where a leaked credential was seen being used, for a single credential hash.
+
+Credential hashes are returned in the `credential_hash` field of each credential from the
+[Search Credentials ](/api-reference/astp/endpoints/post-credentials-search)
+endpoint.
+
+Each result contains the full `url` (including scheme and path), its host (`domain`), and the
+`credential_hash` it belongs to.
+
+
+
+```json Response Example
+{
+ "items": [
+ {
+ "url": "https://login.example.com/signin",
+ "domain": "login.example.com",
+ "credential_hash": "43804850e72d054f3648660557330630"
+ },
+ {
+ "url": "https://mail.example.com/",
+ "domain": "mail.example.com",
+ "credential_hash": "43804850e72d054f3648660557330630"
+ }
+ ],
+ "next": "WyJtYWlsLmV4YW1wbGUuY29tIl0"
+}
+```
+
+
+
+## Paging
+
+This endpoint supports the
+[Flare standard paging pattern ](/concepts/paging).
+Use the `next` value from the response as the `from` value in the next request to fetch additional URLs.
+
+## Body Parameters
+
+
+ The credential hash to look up URLs for, as returned in the `credential_hash` field of a credential.
+
+
+
+ Maximum number of URLs to return (maximum 5000).
+
+
+
+ The `next` value from the last response.
+
diff --git a/docs/changelog/overview.mdx b/docs/changelog/overview.mdx
index 1f468ac..c0055fd 100644
--- a/docs/changelog/overview.mdx
+++ b/docs/changelog/overview.mdx
@@ -14,6 +14,8 @@ Release notes for the Flare Platform can be found on the [product documentation
Added the `urls` value to the `include` parameter in the [ASTP Search Credentials Endpoint ](/api-reference/astp/endpoints/post-credentials-search).
+
+ Added the [ASTP List URLs by Credential Hash Endpoint ](/api-reference/astp/endpoints/post-urls-by-credential-hash) to list the URLs where a leaked credential was seen.
diff --git a/docs/docs.json b/docs/docs.json
index 5d345be..3bbd94e 100644
--- a/docs/docs.json
+++ b/docs/docs.json
@@ -115,6 +115,7 @@
"group": "Credentials",
"pages": [
"api-reference/astp/endpoints/post-credentials-search",
+ "api-reference/astp/endpoints/post-urls-by-credential-hash",
"api-reference/astp/endpoints/post-by-accounts",
"api-reference/astp/endpoints/get-sources",
"api-reference/astp/endpoints/get-source"