Using the API

There are two basic ways of querying the API. You can send us the unecrypted password and let us sha1 hash it before retrieving the data:

https://leakedpassword.com/api/?p={your-clear-text-password}

Or you can hash the password before sending it to us. This is theoretically faster, as we don't have to go through process of hashing the password. As we never receive the clear-text-password, this method is more secure and thus the preferred method:

https://leakedpassword.com/api/?s={your-sha1-hashed-password}

The response

The typical successful response should look something like this:

{
    "password": {
        "leak": true,
        "hash": "7110eda4d09e062aa5e4a390b0a572ac0d2c0220",
        "seen": 1256907
    }
}

SHA1 format

If you chose to query the API for a sha1 hash, this must be rendered as a hexadecimal number, 40 digits long (Example: 7110eda4d09e062aa5e4a390b0a572ac0d2c0220). Otherwise the API will return an error:

{
    "error": "The hash was not in a valid SHA1 format"
}

HTTPS

The API cannot be invoked over an unencrypted HTTP connection. The API will return the following error if called from a non-HTTPS connection:

{
    "error": "Query from non-secure connection"
}

Other unsuccessful queries will return:

{
    "error": "Invalid API query"
}