Contents

How to REST the Have I Been Pwned (HIBP) API

Perform REST API requests to the HIBP API to verify if your email or password have been involved in a data breach.

Prerequisites

I prefer integrated extensions like REST Client within my developer workspace to not have to switch between applications - Yeah I’m lazy, so what.

A working version for REST calls for email, passwords and breaches can be found at segraef/Scripts/REST or my tiny HIBP web app I wrote using Python and Flask but let me give you the single snippet here to give you the idea:

1
2
3
4
5
6
7
8
9
@account = your@email.com
@key = '' # Yes you have to put your API key here
@api = https://haveibeenpwned.com/api/v3

# Get all breaches for an account
GET {{api}}/breachedaccount/{{account}}

# API Key
hibp-api-key: {{key}}

Output

The output looks like this:

/how-to-rest-have-i-been-pwned-hibp-api/20230123163136.png

A more detailed and non-truncated response with breach details looks like this:

1
GET {{api}}/breachedaccount/{{account}}?truncateResponse=false

/how-to-rest-have-i-been-pwned-hibp-api/20230124125707.png