HEXL
Catalog/security-breach-check

Security

Password breach check (HIBP) API

Check whether a password has appeared in known data breaches via Have I Been Pwned, using k-anonymity (the password is NEVER sent — only the first 5 chars of its SHA-1). Answers 'has this password been breached', 'is this password safe'.

Price$0.01per request
MethodPOST
Route/v1/security/breach-check
StatusLive
MIME typeapplication/json
Rate limit60/minute
CacheNo cache
securitypasswordbreachhibppwnedcredentials
API URLhttps://x402.hexl.dev/v1/security/breach-check
Integration docs
Example request
{
  "password": "password123"
}
Example response
{
  "pwned": true,
  "count": 251682,
  "note": "This password has appeared in 251682 known breaches — do not use it."
}
Input schema
{
  "type": "object",
  "required": [
    "password"
  ],
  "properties": {
    "password": {
      "type": "string"
    }
  }
}
Output schema
{
  "type": "object",
  "required": [
    "pwned",
    "count"
  ],
  "properties": {
    "pwned": {
      "type": "boolean"
    },
    "count": {
      "type": "number"
    },
    "note": {
      "type": "string"
    }
  }
}