Have I Been Pwned

Pwned Passwords API

Free, unauthenticated, k-anonymity-based API to check whether a password hash appears in the 800+ million record Pwned Passwords dataset. Clients submit the first five characters of a SHA-1 hash and receive a list of matching suffixes with counts. No rate limit and no attribution required.

GitHub

Documentation

📖
Documentation
https://haveibeenpwned.com/API/v3#PwnedPasswords

Other Resources

🔗
Project
https://haveibeenpwned.com/Passwords

API entry from apis.yml

apis.yml Raw ↑ 
aid: have-i-been-pwned:pwned-passwords
name: Pwned Passwords API
description: Free, unauthenticated, k-anonymity-based API to check whether a password hash appears in
  the 800+ million record Pwned Passwords dataset. Clients submit the first five characters of a SHA-1
  hash and receive a list of matching suffixes with counts. No rate limit and no attribution required.
humanURL: https://haveibeenpwned.com/API/v3#PwnedPasswords
baseURL: https://api.pwnedpasswords.com
tags:
- Passwords
- K-Anonymity
- SHA-1
- Credential Stuffing
properties:
- type: Documentation
  url: https://haveibeenpwned.com/API/v3#PwnedPasswords
- type: Project
  url: https://haveibeenpwned.com/Passwords