Overview
Check if passwords have been exposed in data breaches using k-anonymity. Your password never leaves your device. No API key needed.
Notes: Uses k-anonymity model - only first 5 chars of SHA-1 hash sent. Free, no rate limits published. Completely free by Troy Hunt.
TL;DR
What it does: Have I Been Pwned: Check if passwords have been exposed in data breaches using k-anonymity. Uses k-anonymity model - only first 5 chars of SHA-1 hash sent.
Quick start: https://api.pwnedpasswords.com/range/21BD1
No API key needed!
Try It Now
Call this URL to see what you get back:
https://api.pwnedpasswords.com/range/21BD1FAQ
- Do I need an API key?
- No! This API is completely free to use with no authentication required.
- Is there a rate limit?
- Uses k-anonymity model - only first 5 chars of SHA-1 hash sent. Free, no rate limits published. Completely free by Troy Hunt.
- Can I use this in a commercial project?
- Yes, these APIs are free for both personal and commercial use. Check the documentation for any specific restrictions.
- How do I get started?
- Copy the example URL above and paste it into your browser or code. The response is in JSON format which you can parse in any programming language.
Code Examples
JavaScript Example
fetch('https://api.pwnedpasswords.com/range/21BD1')
.then(res => res.json())
.then(data => console.log(data))
.catch(err => console.error(err));Python Example
import requests
url = 'https://api.pwnedpasswords.com/range/21BD1'
response = requests.get(url)
data = response.json()
print(data)API Details
- API URL
https://api.pwnedpasswords.com/range/- Documentation
- https://haveibeenpwned.com/API/v3
- Category
- Security
- Authentication
- Not Required
- Geographic Coverage
- global
What You Can Build
- Security audit tools
- Password strength checkers
- Certificate monitoring dashboards
- Security research projects