Getting Started


PasswordPing has a series of simple hosted APIs which allow you to harness the power of our massive database of compromised credentials and accounts for integration into your application or website. PasswordPing consists of the following:

Credentials API

  • Securely lookup whether a given username/password combination exists in our database of compromised account credentials.
  • Typical Use Case: As users log into a website or application, their credentials are checked against this API and, if compromised, the login can be blocked and redirected into a password reset flow. This prevents cybercriminals from logging in using stolen credentials.

Exposures API

  • Lookup what exposures a given email address has been involved in.
  • Typical Use Case: Periodic scans across your user base can determine if one of your users has been involved in any new exposures. If so, a notification can be sent to the user and potentially a password reset required.

Exposure Alerts Service API

  • Allows you to register email addresses so that you will be notified when a new exposure of that address occurs. Notification occurs via a POST to a Webhook URL you specify.
  • Typical Use Case: Proactive notification about whether your users are involved in a new exposure provides a way to enrich your threat intelligence and allow immediate notification the moment a new exposure is found.

Passwords API

  • Lookup whether a given password exists in our database of compromised passwords.
  • Typical Use Case: Integration into account signup forms and password change forms to alert users if they enter a known compromised password in order to ensure users aren’t using exposed passwords that cybercriminals routinely include in password cracking dictionaries.

Password Strength Meter

  • A JavaScript library which allows you to easily replace the password strength meter on your website’s signup form or password change form with one that leverages the Passwords API.

Unless otherwise noted, all APIs are implemented as REST web services with JSON responses.