Have I Been Pwned

Have I Been Pwned API v3

REST API for searching breached accounts, pastes, breach metadata, domain breach data, and stealer log entries. Authentication requires an hibp-api-key header (32-character key) along with a descriptive user-agent header. Most endpoints require a paid subscription; rate limits range from 600 to 100,000 requests per minute depending on tier.

GitHub

Documentation

📖
Documentation
https://haveibeenpwned.com/API/v3
📖
Authentication
https://haveibeenpwned.com/API/Key

Other Resources

🔗
Pricing
https://haveibeenpwned.com/API/Key

API entry from apis.yml

apis.yml Raw ↑ 
aid: have-i-been-pwned:api-v3
name: Have I Been Pwned API v3
description: REST API for searching breached accounts, pastes, breach metadata, domain breach data, and
  stealer log entries. Authentication requires an hibp-api-key header (32-character key) along with a
  descriptive user-agent header. Most endpoints require a paid subscription; rate limits range from 600
  to 100,000 requests per minute depending on tier.
humanURL: https://haveibeenpwned.com/API/v3
baseURL: https://haveibeenpwned.com/api/v3
tags:
- Breaches
- Pastes
- Stealer Logs
- Domain Search
- Account Search
properties:
- type: Documentation
  url: https://haveibeenpwned.com/API/v3
- type: Authentication
  url: https://haveibeenpwned.com/API/Key
- type: Pricing
  url: https://haveibeenpwned.com/API/Key