# Hostname History API

This API returns the raw historical observations for a single hostname or domain.

## Response Body Semantics

The results in the `results` array represent aggregated observation in various intervals, from various data sources and for various different values. Each result is unique by the combination of it's `seen_on`, `source`, and `sub_id` fields.For each source and value we store at most one observation per day, albeit with accurate `first_seen` and `last_seen` timestamps per day. Each entry will match this format:

- `seen_on` always — Date, YYYY-MM-DD
- `source` always — Source of observation, see below
- `sub_id` always — Observation value, can be "" in some cases
- `first_seen` always — First-seen timestamp, ISO8601
- `last_seen` always — Last-seen timestamp, ISO8601
- `data_type` optional — Can be json
- `data` optional — Might contain arbitrary data according to `data_type`


The first results for every hostname will contain entries for future dates (e.g. 2200-01-01 and 2100-01-01). These records are summarised and housekeeping records which track global attributes for the hostname:

- `2200-01-01/seenDates`: Global first-seen and last-seen timestamps for the hostname.
- `2100-01-01/shardDate`: Internal, please disregard.
- `2100-01-01/ct`: Global first-seen and last-seen timestamps for the ct datasource (Certificate Transparency).
- `2100-01-01/pdns/A`: Global first-seen and last-seen timestamps for an A record for the hostname from the pdns datasource (Passive DNS).


The source filed can be one of `ct`, `scan`, `pdns`, `zonefile`, `scan-link`, `scan-cert-subject`.