CIPHERCUE
Integration

Clay HTTP Enrichment recipe

Add a CipherCue column to any Clay table so every row gets enriched with KEV matches, tech stack observations, and DNS posture, sourced from public records.

Audience: Clay operators with a CipherCue workspace and an API token with read:entities scope.

Prerequisites

  • A CipherCue workspace. Free workspaces get 1,000 API calls per month for trialing.
  • An API token with the read:entities scope, created at /settings/api-tokens in your CipherCue workspace.
  • A Clay table with a Domain (or equivalent) column containing apex domains, e.g. example.com.

Add an HTTP Enrichment column

  1. In your Clay table, click + Add Enrichment and choose HTTP API.
  2. Set Method to GET.
  3. Set URL to: 
    https://ciphercue.com/api/v1/entities/lookup?domain={{Domain}}
    Replace {{Domain}} with the Clay column reference for the domain on each row.
  4. Add a header: 
    Authorization: Bearer YOUR_CIPHERCUE_TOKEN
  5. Run on a sample row to verify a JSON response comes back. If the entity is not in CipherCue yet, the response is {"entity": null} — Clay leaves the row blank.

Clay rate-limits HTTP enrichments by default. CipherCue's burst limit is 60 requests per minute per token. The two play together well; you don't need to tune anything for typical Clay tables.

Map the JSON response to columns

Clay parses the response and lets you pick JSON paths for new columns. The most useful paths:

Column suggestionJSON path
Canonical nameentity.canonical_name
Industryentity.industry
First KEV CVEentity.facts.kev_matches[0].cve_id
KEV vendorentity.facts.kev_matches[0].vendor
KEV countentity.facts.kev_matches.length
CMSentity.facts.tech_stack[?(@.category=='cms')].product
CDNentity.facts.tech_stack[?(@.category=='cdn')].vendor
DMARC policyentity.facts.dns_compliance.dmarc
Latest cert issuerentity.facts.cert_transparency[0].issuer

For Slack alerting or HubSpot list seeding, an If KEV count > 0 Clay condition is the canonical play.

Errors and retries

  • 401 — token invalid or missing. Verify the Authorization header and that the token has not been revoked at /settings/api-tokens.
  • 403 — token missing the read:entities scope. Issue a new token with the right scope checked.
  • 429 — burst or monthly quota exceeded. The response carries X-Quota-Reset — schedule a retry against that ISO timestamp.

See the full API reference for endpoint semantics and the legal posture every response carries.