HaveIBeenPwned
APICheck if emails or passwords were exposed in data breaches
Overview
The HaveIBeenPwned API v3 offers RESTful endpoints for verifying exposed credentials: /breachedaccount/{email} checks breach history for an email, /pwnedpassword/{hash} uses k-anonymity to check password exposure without sharing full credentials, and /pasteaccount/{email} finds pastes containing the email. Responses are JSON-formatted, including breach details (names, dates, compromised data types). Use cases: Integrate breach alerts into apps, password managers to warn users of weak credentials, or organizational audits for exposed data.
Example Integration (JavaScript)
fetch('https://haveibeenpwned.com/API/v3')
.then(res => res.json())
.then(data => console.log(data))
.catch(err => console.error(err)); Key Features
- RESTful
- JSON Support
- k-Anonymity for Password Checks
- Email Breach Verification
- Paste Exposure Detection
Frequently Asked Questions
? Is HaveIBeenPwned API free to use?
Yes, non-commercial use (like password checks via k-anonymity) is free. Commercial plans require payment and an API key.
? Does it require an API key?
Endpoints for email breaches and pastes need an API key, but password checks (k-anonymity) do not.
? What is the response format?
All responses are in JSON, including breach details like names, dates, and compromised data fields.
Top Alternatives
People Also Ask about HaveIBeenPwned
Tool Info
Pros
- ⊕ Privacy-focused password checks
- ⊕ Easy integration into security tools
- ⊕ Comprehensive breach database
- ⊕ Free tier for non-commercial use
Cons
- ⊖ API key required for email/paste endpoints
- ⊖ Rate limits on free tiers
- ⊖ Commercial usage restrictions