Powered byAlgolia
BlogBookmarksSubmit

HaveIBeenPwned

Security

How to Use the Have I Been Pwned API with JavaScript

Have I Been Pwned is a free website that allows users to check if their personal information has been compromised in a data breach. The site provides an API that developers can use to integrate the data into their own applications. In this blog post, we'll cover how to use the Have I Been Pwned API with JavaScript.

Getting Started

Before we dive into the code, we need to sign up for a Have I Been Pwned API key. You can do this by visiting the API website - https://haveibeenpwned.com/API/v2 - and following the instructions. Once you have a key, you're ready to start making requests.

Examples

We'll start with a basic example to check if an email has been pwned:

const email = 'example@domain.com';
const apiKey = 'YOUR_API_KEY';

fetch(`https://haveibeenpwned.com/api/v2/breachedaccount/${email}?api_key=${apiKey}`)
  .then(response => {
    if (response.ok) {
      console.log(`${email} has been pwned!`);
    } else {
      console.log(`${email} has not been pwned.`);
    }
  })
  .catch(error => console.error(error));

In this example, we're using the Fetch API to send a GET request to the Have I Been Pwned API. We're passing the email address as a parameter in the URL, and we're also including our API key. The response will either be a list of breaches that the email was involved in, or it will be an empty array if the email hasn't been pwned.

Next, let's search for breaches by domain:

const domain = 'domain.com';
const apiKey = 'YOUR_API_KEY';

fetch(`https://haveibeenpwned.com/api/v2/breaches?domain=${domain}&api_key=${apiKey}`)
  .then(response => response.json())
  .then(data => console.log(data))
  .catch(error => console.error(error));

This example sends a GET request to the /breaches endpoint with the domain parameter. We're also passing our API key. The response will be a list of breaches that have affected the specified domain.

Finally, let's search for a breach by name:

const name = 'Adobe';
const apiKey = 'YOUR_API_KEY';

fetch(`https://haveibeenpwned.com/api/v2/breach/${name}?api_key=${apiKey}`)
  .then(response => response.json())
  .then(data => console.log(data))
  .catch(error => console.error(error));

In this example, we're using the /breach endpoint to search for a specific breach by name. The response will be the details of the specified breach.

Conclusion

That's it! With these examples, you can start using the Have I Been Pwned API to check for data breaches in your own applications. Remember to always keep user privacy in mind and handle their data with care.

Related APIs

Zaproxy

Security

Zaproxy is an open-source API testing and penetration testing tool that helps developers and security professionals identify and fix vulnerabilities in web applications. It offers a range of features, including automated scanning, a flexible plug-in architecture, and advanced reporting capabilities. Zaproxy is highly customizable and can be integrated into existing development and testing workflows.

FilterLists

Security

FilterLists is a community-driven website that offers a curated list of ad-blocking and privacy-enhancing browser extensions. The website provides an extensive collection of filter lists that users can add to their ad-blocker to improve their online privacy and security. FilterLists has a user-friendly interface that enables users to easily browse through the different filter lists and select the ones that suit their needs. In addition, the website also provides a submission process for filter lists, allowing users to suggest new lists or report issues with existing ones. Overall, FilterLists is a valuable resource for users looking to enhance their online privacy and security.

UK Police

Security

UK Police data. The API provides a rich data source for information, including: Neighbourhood team members. Upcoming events. Street-level crime and outcome data. Nearest police stations The API is implemented as a standard JSON web service using HTTP GET and POST requests. Full request and response examples are provided in the documentation.

SecurityTrails

Security

Domain and IP related information such as current and historical WHOIS and DNS records. SecurityTrails currently offers three different products that can help you enrich your data, search for information, and find relevant security information for organizations in no time: Security Trails API, Accessing the Security Trails REST API and data format.

National Vulnerability Database

Security

U.S. National Vulnerability Database. A weakness in the computational logic (e.g., code) found in software and hardware components that, when exploited, results in a negative impact to confidentiality, integrity, or availability. Mitigation of the vulnerabilities in this context typically involves coding changes, but could also include specification changes or even specification deprecations (e.g., removal of affected protocols or functionality in their entirety).

Shodan

Security

Search engine for Internet connected devices. Use the API to automatically generate reports, notify you if something popped up on Shodan or keep track of results over time. The Streaming API gives you the ability to subscribe to events in real-time so you can immediately respond to new discoveries.

FilterLists

Security

Lists of filters for adblockers and firewalls. Make a simple call to the api and it will list all blockers and firewalls in a JSON file. Easy, simple and fast way to integrate ads / lucrative content to your website.

censys

Security

Search engine for Internet connected devices. Identify, investigate and remediate all relevant risks to your attack surface Discover the “unknown unknowns” on your network, including: Exposed Internal Services, Exposed Login Services, Out-of-date TLS configurations, and other risky entry points for attackers.

Virus Scan APIs

Security

Virus API lets you scan files and content for viruses and identify security issues with content. The most powerful and cost effective cloud APIs, continuously improved. Optical Character Recognition API, Document and Data Conversion API, Validate API to check if an Email is real, image and face recognition and processing API, Barcode APIs, voice recognition and speech apis.

AWS Serverless Kit

Developer Tool

Deploy your app in minutes with AWS best practices

Search API

Data Access

Real-time Google, YouTube & Amazon SERP API for easy SERP scraping.

ipstack

Geocoding

Locate and identify website visitors by IP address.

Exchangerate API

Currency Exchange

JSON API for foreign exchange rates and currency conversion

Weatherstack

Weather

Retrieve instant, accurate weather information for any location in the world in lightweight JSON format