Passwords API

Quickly and easily check if a given password is weak or known to be compromised

Check passwords to see if they are compromised

Allows you to check whether a given password is known to be compromised, without needing to pass the exact password hash in. Rather than passing exact hashes of the password to the API, it is only necessary to supply the first 10 hex characters of each hash. A list of candidate hashes will then be returned and can be compared locally with the exact hash to determine if there was a match. This is the recommended approach for new implementations using the Passwords API.

POSThttps://api.enzoic.com/v1/passwords

Authorization

Body

partialSHA256*string

The first 10 hex characters of the SHA-256 hash of the password to be checked. The password should be in UTF-8 encoding prior to hashing.

Response

One or more possible candidate matches were found. The response body contains the candidates. If any of the candidate hashes match the exact hash, this is a compromised password, i.e. a “hacked” password.

Body

candidatesarray of object

Request

const response = await fetch('https://api.enzoic.com/v1/passwords', {
    method: 'POST',
    headers: {
      "Authorization": "basic <token>",
      "Content-Type": "application/json"
    },
    body: JSON.stringify({
      "partialSHA256": "9f86d08188"
    }),
});
const data = await response.json();

Response

{
  "candidates": [
    {
      "sha256": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
      "revealedInExposure": true,
      "exposureCount": 10
    }
  ]
}

PreviousAPI reference NextCredentials API

Last updated 4 months ago