EXTERNAL API
Leaked Checker API
Programmatically access breach intelligence and password exposure signals through Leaked Checker.
Overview
The Leaked Checker External API allows third-party applications to query breach data by email or domain. Most endpoints require an API key. The password exposure endpoint is free and does not require authentication.
Base URL
External API base
http://91.222.173.119:7000/api/v1/external/In development, this is usually your local server. In production, use your own domain.
Authorisation
All external API endpoints (except password checking) require authentication via API key. Create an API key from your dashboard:
- Log in to your dashboard
- Navigate to Dashboard → API Keys
- Click Create New API Key
- Store your key securely (it cannot be retrieved later)
Request header
X-API-Key: [your key]
Leaked Checker API header (optional)
leakedchecker-api-key: [your key]
API key format
32-character hexadecimal string
Example: a1b2c3d4e5f6789012345678abcdef01
Authorisation errors
| Code | Message | Description |
|---|---|---|
| 401 | Access denied due to missing X-API-Key | No API key provided |
| 401 | Access denied due to improperly formed X-API-Key | Key is not 32 hex characters |
| 401 | Access denied due to invalid X-API-Key | Key doesn't exist or is revoked |
Rate limiting
Rate limits are enforced per API key based on your subscription plan.
| Plan | Requests / minute |
|---|---|
| Begin | 10 |
| Premium | 30 |
| Pro | 100 |
| Enterprise | 500 |
Rate limit headers
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests per minute |
X-RateLimit-Remaining | Requests remaining in current window |
X-RateLimit-Reset | Window duration in seconds (60) |
Retry-After | Seconds to wait (only on 429 responses) |
429 response example
{
"success": false,
"message": "Rate limit exceeded. Please wait before making more requests.",
"retry_after": 45
}Subscription APIs
APIs for retrieving subscription status and managing subscribed domains.
Get Subscription Status
Returns details of the current subscription associated with the API key.
GET http://91.222.173.119:7000/api/v1/external/subscription/status X-API-Key: [your key]
Response
{
"success": true,
"data": {
"SubscriptionName": "Pro",
"Description": "Professional access with high rate limits...",
"SubscribedUntil": "2025-12-31T23:59:59+00:00",
"Rpm": 100,
"DomainSearchMaxBreachedAccounts": 1000,
"ApiSupported": true,
"EmailAlertLimit": 50,
"SsnCheckLimit": 10,
"CcCheckLimit": 10,
"StartDate": "2024-01-01T00:00:00+00:00",
"IsActive": true
}
}Response attributes
| Attribute | Type | Description |
|---|---|---|
| SubscriptionName | string | Tier name: Begin, Premium, Pro, or Enterprise |
| SubscribedUntil | datetime | Subscription expiry date (ISO 8601) |
| Rpm | integer | Rate limit in requests per minute |
| DomainSearchMaxBreachedAccounts | integer | Max breached accounts for domain search |
Get Subscribed Domains
Returns all domains verified and linked to the subscription.
GET http://91.222.173.119:7000/api/v1/external/subscribeddomains X-API-Key: [your key]
Response
{
"success": true,
"count": 2,
"domains": [
{
"DomainName": "example.com",
"IsVerified": true,
"VerifiedAt": "2024-06-15T10:30:00+00:00",
"VerificationMethod": "dns",
"CreatedAt": "2024-06-14T08:00:00+00:00"
}
]
}Leaked Checker API
APIs for querying breach data. These are built on our own database with a RESTful structure.
Get All Breaches for an Account
Returns a list of breaches for a specific email. The account is case-insensitive, trims whitespace, and must be URL-encoded.
GET http://91.222.173.119:7000/api/v1/external/breachedaccount/{account}
X-API-Key: [your key]Query parameters
| Parameter | Example | Description |
|---|---|---|
| truncateResponse | ?truncateResponse=false | Returns full breach details (default: true) |
| Domain | ?Domain=adobe.com | Filter breaches by domain |
| IncludeUnverified | ?IncludeUnverified=false | Exclude unverified breaches |
Truncated response (default)
[
{ "Name": "adobe" },
{ "Name": "gawker" },
{ "Name": "stratfor" }
]Get Breached Email Addresses for a Domain
Returns all breached email aliases under a domain. Maps aliases to their breach names.
GET http://91.222.173.119:7000/api/v1/external/breacheddomain/emails/{domain}
X-API-Key: [your key]Response
{
"alias1": ["Adobe"],
"alias2": ["Adobe", "Gawker", "Stratfor"],
"alias3": ["AshleyMadison"]
}alias1@example.com → Adobe breach, alias2@example.com → Adobe, Gawker, Stratfor breaches
Get All Breached Sites
Returns all breaches available in the system.
GET http://91.222.173.119:7000/api/v1/external/breaches X-API-Key: [your key]
Optional filters
?domain=adobe.com- Filter by domain?isSpamList=true- Filter by spam list status
Get a Single Breach by Name
Returns details of a specific breach using its stable name (not the display title).
GET http://91.222.173.119:7000/api/v1/external/breach/{name}
X-API-Key: [your key]Get Most Recently Added Breach
Returns the breach with the most recent AddedDate.
GET http://91.222.173.119:7000/api/v1/external/latestbreach X-API-Key: [your key]
Get All Data Classes
Returns all exposed data types that can appear in breaches.
GET http://91.222.173.119:7000/api/v1/external/dataclasses X-API-Key: [your key]
Response
[ "Email addresses", "Passwords", "Usernames", "Phone numbers", "IP addresses", "Names", "Physical addresses", "Dates of birth", "Credit cards", "Social security numbers", "Bank account numbers", "Employment information", "Geographic locations", "Government issued IDs" ]
Breach Model Reference
Each breach contains the following attributes:
| Attribute | Type | Description |
|---|---|---|
| Name | string | Stable, unique identifier |
| Title | string | Display name |
| Domain | string | Affected domain |
| BreachDate | date | Date of breach |
| LeakedCount | integer | Total leaked accounts |
| DataClasses | array | Types of compromised data |
| IsVerified | boolean | Verified breach |
| IsSpamList | boolean | Spam list |
Paste APIs
APIs for querying paste data. Pastes are records of email addresses found in public paste sites like Pastebin, Pastie, and others. This is an authenticated API and requires an API key.
Get All Pastes for an Account
Returns all pastes containing a specific email address. The account is case-insensitive, trims whitespace, and should be URL encoded.
GET http://91.222.173.119:7000/api/v1/external/pasteaccount/{account}
X-API-Key: [your key]Sample Response
[
{
"Source": "Pastebin",
"Id": "8Q0BvKD8",
"Title": "syslog",
"Date": "2014-03-04T19:14:54Z",
"EmailCount": 139
},
{
"Source": "Pastie",
"Id": "7152479",
"Date": "2013-03-28T16:51:10Z",
"EmailCount": 30
}
]Paste Model
| Attribute | Type | Description |
|---|---|---|
| Source | string | The paste service (Pastebin, Pastie, Slexy, Ghostbin, QuickLeak, JustPaste, AdHocUrl) |
| Id | string | The ID of the paste at the source service. Combined with Source, resolves the paste URL. |
| Title | string | The title of the paste (may be null/omitted) |
| Date | datetime | When the paste was posted (ISO 8601, may be null) |
| EmailCount | integer | Number of emails found in the paste |
Get All Paste Sources
Returns all available paste sources in the system.
GET http://91.222.173.119:7000/api/v1/external/pastesources X-API-Key: [your key]
Response
[ "AdHocUrl", "Ghostbin", "JustPaste", "Pastebin", "Pastie", "QuickLeak", "Slexy" ]
Other Endpoints
API status (public)
Check if the API is operational. No authentication required.
GET http://91.222.173.119:7000/api/v1/external/status
{
"success": true,
"status": "operational",
"version": "1.0",
"message": "Leaked Checker API is operational."
}Breaches for an account (email)
Returns all breaches a particular account has been involved in. The account is case-insensitive and will be trimmed. Always URL-encode the email.
GET http://91.222.173.119:7000/api/v1/external/breachedemail/{account}
X-API-Key: [your key]Query parameters
| Parameter | Example | Description |
|---|---|---|
| truncate | ?truncate=true | Return only breach source names |
| include_unverified | ?include_unverified=true | Include unverified breaches |
Example (truncated)
{
"success": true,
"count": 3,
"breaches": [
"Adobe",
"Gawker",
"Stratfor"
]
}Breaches for a domain
Search for breaches associated with a domain. Results may be limited by your plan.
GET http://91.222.173.119:7000/api/v1/external/breacheddomain/{domain}
X-API-Key: [your key]Query parameters
| Parameter | Example | Description |
|---|---|---|
| truncate | ?truncate=true | Return unique breach source names |
| limit | ?limit=50 | Maximum number of results (default 100, max 1000) |
Leaked passwords (public)
Check if a password has been exposed using a k-anonymity approach. This endpoint is free and does not require an API key.
GET http://91.222.173.119:7000/api/v1/external/leakedpassword/{hash_prefix}How it works
- Hash your password using SHA-1
- Send only the first 5 characters of the hash
- The server returns whether matching hashes exist in the breach corpus
Python example
import hashlib password = "password123" sha1_hash = hashlib.sha1(password.encode()).hexdigest().upper() prefix = sha1_hash[:5] # e.g. CBFDA
Credit Card Endpoints
Check if credit card numbers have been exposed in data breaches. All responses mask the credit card number and automatically remove any SSN data for privacy compliance.
Check credit card breach status
Check if a specific credit card number has been exposed in breaches. The actual card number is never returned in the response.
POST http://91.222.173.119:7000/api/v1/external/breachedcc
X-API-Key: [your key]
Content-Type: application/json
{
"cc_num": "4111111111111111"
}Response (found)
{
"success": true,
"message": "Credit card found in breach database.",
"data": {
"is_breached": true,
"cc_masked": "****-****-****-1111",
"breach_count": 1,
"breaches": [
{
"cc_masked": "****-****-****-1111",
"source": "ExampleBreach2023",
"date": "2023-01-15",
"details": {
"Name": "Joh***",
"Phone": "555-1***"
}
}
]
}
}Response (not found)
{
"success": true,
"message": "No breaches found for this credit card.",
"data": {
"is_breached": false,
"cc_masked": "****-****-****-1111",
"breach_count": 0,
"breaches": []
}
}Search breaches by email (for CC data)
Search for breaches associated with an email address. Returns breach information with any SSN data automatically removed.
GET http://91.222.173.119:7000/api/v1/external/breachedcc/email/{email}
X-API-Key: [your key]Response
{
"success": true,
"count": 2,
"breaches": [
{
"source": "ExampleBreach2023",
"email": "user@example.com",
"breach_date": "2023-01-15",
"data_classes": ["Passwords", "Credit cards", "Names"]
}
]
}SSN Check Endpoint
Check SSN breach status
Check if an SSN (by last 4 digits) has been exposed in breaches. Only breach metadata is returned.
POST http://91.222.173.119:7000/api/v1/external/breachedssn
X-API-Key: [your key]
Content-Type: application/json
{
"last4": "1234"
}Response (found)
{
"success": true,
"message": "SSN found in breach database.",
"data": {
"is_breached": true,
"breach_count": 1,
"breaches": [
{
"source": "ExampleBreach2023",
"details": {
"Name": "Joh***",
"Gender": "Male"
}
}
]
}
}Response (not found)
{
"success": true,
"message": "No breaches found for this SSN.",
"data": {
"is_breached": false,
"breach_count": 0,
"breaches": []
}
}Data that is NEVER returned:
- Full SSN number
- Partial SSN (except what you provided)
- SSN hash values
- Any field containing SSN data
Response codes
| Code | Description |
|---|---|
| 200 | Ok — Everything worked and there's a result to return |
| 400 | Bad request — The parameter does not comply with an acceptable format |
| 401 | Unauthorised — The API key provided was not valid |
| 403 | Forbidden — API access not included in your subscription plan |
| 404 | Not found — No breaches could be found |
| 429 | Too many requests — Rate limit has been exceeded |
| 500 | Internal server error — Something went wrong on our end |
API key management
These endpoints manage API keys for authenticated users and require JWT authentication (not an API key).
Base URL
http://91.222.173.119:7000/api/v1/api-keys/List API keys
GET http://91.222.173.119:7000/api/v1/api-keys/ Authorization: Bearer [your JWT token]
Create API key
POST http://91.222.173.119:7000/api/v1/api-keys/
Authorization: Bearer [your JWT token]
Content-Type: application/json
{
"name": "My Production Key"
}Revoke API key
DELETE http://91.222.173.119:7000/api/v1/api-keys/{key_id}
Authorization: Bearer [your JWT token]Usage stats
GET http://91.222.173.119:7000/api/v1/api-keys/{key_id}/usage
Authorization: Bearer [your JWT token]Code examples
Python
import requests
API_KEY = "your-32-character-hex-key"
BASE_URL = "http://91.222.173.119:7000/api/v1/external"
headers = {"X-API-Key": API_KEY}
response = requests.get(
f"{BASE_URL}/breachedemail/test@example.com",
headers=headers,
)
data = response.json()
if data.get("success"):
print(f"Found {data.get('count')} breaches")cURL
curl -H "X-API-Key: your-api-key" "http://91.222.173.119:7000/api/v1/external/breachedemail/test@example.com"
Postman collection
A Postman collection is included in the backend repo.
File: backend/external_api/postman_collection.json
Set variables:
base_url(e.g.https://api.leakdatachecker.com/api/v1)api_keyjwt_token
Support
For API support, contact us through the dashboard or email support@your-domain.com.
Further Reading
HTTPS Security
All API endpoints must be invoked over HTTPS. Any requests over HTTP will result in a 301 response with a redirect to the same path on the secure scheme. Only TLS versions 1.2 and 1.3 are supported; older versions of the protocol will not allow a connection to be made.
Rate Limiting
Requests to the breaches, pastes and stealer log APIs are rate limited. The rate limits depend on the API key you've purchased. Any request that exceeds the limit will receive an HTTP 429 "Too many requests" response. The response also includes an accompanying "retry-after" response header expressing the number of seconds remaining before the client can make a successful API call with the same key.
It's advisable to avoid querying the API at exactly the rate limit as network behavior may result in some requests arriving within the retry period and causing a 429. Adding a short delay between requests on top of the rate limit will usually ensure this won't happen.
There is no official rate limit for the domain search API, although the intention is to query it infrequently, usually only after a new breach is loaded. Regular querying of the domain search API beyond what is practically necessary may result in measures being applied to reduce the query rate and respond with an HTTP 429.
Cross-Origin Resource Sharing (CORS)
CORS is only supported for non-authenticated APIs. APIs requiring a key should not be hit directly from the client side as it exposes the secret to other users. Instead, proxy the request through your own API and handle the authorisation between there and the client in your own code.
On supported APIs, CORS accepts all origins — you can hit the API from websites on any other domain.
Acceptable Use
The API has been designed to make it easy for people to do awesome things with it. Things that are not awesome include:
- Querying the data for purposes that are intended to cause harm to the victims of data breaches
- Anything deliberately intended to limit service availability such as denial of service attacks
- Deliberate attempts to circumvent measures designed to ensure acceptable use
- Not properly identifying the user agent such that it accurately describes the consumer of the API
- Misrepresenting the consuming client by impersonating other user agents in an attempt to obfuscate API requests
- Other services designed to fraudulently represent the Private Data Checker name or brand
- Misrepresenting the source of the data as originating from somewhere other than Private Data Checker
- Not adhering to the Creative Commons Attribution License as described below
- Automating the consumption of other APIs not explicitly documented on this page
- Using the service in a fashion that brings Private Data Checker into disrepute
Abusing these objectives may limit your ability to query the service via a range of countermeasures. Those countermeasures may impact other consumers of the API if they share network services with an abusive user. If in doubt, get in touch and outline how you'd like to use the service in a way that's consistent with these objectives.
License — Breach & Paste APIs
This work is licensed under a Creative Commons Attribution 4.0 International License.
In other words, you're welcome to use the public API to build other services, but you must identify Private Data Checker as the source of the data. Clear and visible attribution with a link to your Private Data Checker instance should be present anywhere data from the service is used including when searching breaches or pastes and when representing breach descriptions. It doesn't have to be overt, but the interface in which Private Data Checker data is represented should clearly attribute the source per the Creative Commons Attribution 4.0 International License.
In order to help maximise adoption, there is no licensing or attribution requirements on the Pwned Passwords API, although it is welcomed if you would like to include it.