Leaked Credentials API
GET /leaksdb/identities/by_keyword/(string: name)
Returns a list of identities with a matching keyword.
Results are returned ordered ascendent by id and two optional parameters can be added to the query fetch large amounts (or all) of results:
size [optional] refers to the maximum size of the JSON object that will be returned (maximum 10 000)
from [optional] refers to the id of the database entry you want to start (excluding this id) the results from
By using the id of the last item from a request as the value for the query parameter from of the following request, you will be able to scroll through results. When the result contains an empty list, you know that you received all results
First HTTP call with parameters
Wildcard
The keyword may contain a wildcard. Wildcards should either be at the start or at the end of your query.
Example Wildcards
- johndoe* will match an identity with the name johndoe and any string that follows(e.g. [email protected]).
- johndoe will match either johndoe or JOHNdoe.
Example request:
Example response:
Query parameters:
- from (int) – The highest password id that was returned in the previous request. Defaults to 0.
- size (int) – Number of results to display. Defaults to 100.
- order_by_dfesc (boolean) – Order records descending. Defaults to false.
- show_passwords (boolean) – Show password hash in response. Defaults to true.
- source_id (string) – Filters the results to the passwords from a specific source id of the leak. Optional.
- imported_after (string) – Filters the results to the passwords imported after a given date. Date must be formatted with ISO 8901. Optional.
Status Codes:
- 200 OK – Returns a list of identities. Empty list if no identity with leaked passwords matches the pattern.
- 401 Unauthorized – Invalid or expired authentication token.
POST /leaksdb/identities/by_accounts
Returns a list of identities with leaked passwords given a list of accounts. This endpoint only match exact account match and doesn’t allow wildcard or domain searches. This is API is useful when doing batch processing.
The list of account is provided through a JSON payload. An object with an accounts key must contains the list of account names. The accounts list must contain up to 100 values.
The response is an object with requested account as keys and an identity object as values. The identity object contains a list of passwords that might be empty if not passwords were found for this account.
Example of paging
Passwords are listed in the order that they were inserted into the database. Up to 100 passwords are included in each identity object. A links attribute is included in each object and may contain a next attribute with an URL that can be followed with a valid Authorization token to get additional results for this specific identity.
Example request:
Example response:
Status codes:
- 200 OK – Returns an object with queried account as keys and identities as values.
- 400 Bad Request – Invalid query. Details are available in response object.
- 401 Unauthorized – Invalid or expired authentication token.
GET /leaksdb/identities/by_domain/<domain.com>
Returns a list of accounts matchin the domain provided. The format of the domain should include everything after the @ .
Results are returned ordered ascendent by id and two optional parameters can be added to the query fetch large amounts (or all) of results:
size [optional] refers to the maximum size of the JSON object that will be returned (maximum 10 000)
from [optional] refers to the id of the database entry you want to start (excluding this id) the results from
By using the id of the last item from a request as the value for the query parameter from of the following request, you will be able to scroll through results. When the result contains an empty list, you know that you received all results
Example request
Example response
Status codes:
- 200 OK – Returns an object with queried account as keys and identities as values.
- 400 Bad Request – Invalid query. Details are available in response object.
- 401 Unauthorized – Invalid or expired authentication token.
POST /leaksdb/identities/by_password/<password>
This endpoint allow to search by passwords. It will return a list of JSON objects containing email addresses that have been associated with this email
Results are returned ordered ascendent by id and two optional parameters can be added to the query fetch large amounts (or all) of results:
size [optional] refers to the maximum size of the JSON object that will be returned (maximum 10 000)
from [optional] refers to the id of the database entry you want to start (excluding this id) the results from
Example request
Example Response
GET /leaksdb/credentials
This endpoint will return a list of all crendentials we have in our database, meant to be used as a feed.
Results are returned ordered ascendent by id and two optional parameters can be added to the query fetch large amounts (or all) of results:
size [optional] refers to the maximum size of the JSON object that will be returned (maximum 10 000)
from [optional] refers to the id of the database entry you want to start (excluding this id) the results from
order [optional] refers to the order in which you want to browse the credentials. One of asc or desc. It defaults to asc which is the recommended way to use the API to obtain newly imported passwords.
By using the id of the last item from a request as the value for the query parameter from of the following request, you will be able to scroll through results. When the result contains an empty list, you know that you received all results
Example request
Example response with size=2&from=0 :
Represents an identity for which credentials were leaked.
Object properties:
- name (string) – The name of the identity. This can be anything from an email address to a phone number, depending on the data that was available in the leak source.
- passwords (list(password)) – List of leaked passwords that are associated with this identity.
- hash - Will return the password value in clear text if available, hashed otherwise
- hash_type - The type of hash
- domain - The domain of the email associated with this password
- source_id - The year of break and source where this password comes from (collection-1 included leaks that were found with no association to a specific breach)
JSON example with 1:
Represents a leaked password for an identity. Passwords are not just in plain text, they can also be hashes.
Object properties:
- hash (string) – The hash or plaintext password that was found in the leak source. This can be anything from an unsalted md5 hash or a plaintext password.
- hash_type (string) – The type of the hash, if it was guaranteed by the source. Set to unknown if there are no guarantees about what hash type this may be.
- domain (string) – The domain associated with the password.
- id (int) – The identifier of the password.
- source_id (string) – The identifier of the corresponding leak source.
- source_params (object) – Additional information about the leak source. Example of source_params for the documents source, which contains crawled documents: {"document_id": "y0zYhrrs", "document_type": "paste", "document_source": "pastebin"}
- imported_at (timestamp) – Timestamp of the moment that the password was imported in the database. Represented in ISO 8601 format.
- extra (object) – Additional data about the leak(e.g. the salt of the hash)
While all credentials and passwords are Flare Systems property, some leaks details such as description and dates are provided by haveibeenpwned.com under the Creative Commons Attribution 4.0 International License.