HEXL
Catalog/security-password-pwned

Security

Password breach check (HIBP k-anonymity) API

Returns how many known breaches contain a password plus a severity read, using the HIBP Pwned Passwords range API with k-anonymity — only the first 5 chars of the SHA-1 leave this process, so the full hash and password are never exposed. Answers 'has this password been pwned', 'how many breaches contain this password', 'is this password safe', 'pwned password count'.

Price$0.01per request
MethodPOST
Route/v1/security/password-pwned
StatusLive
MIME typeapplication/json
Rate limit60/minute
Cache3600s public
securitypasswordpwnedhibpbreachk-anonymityleakcredentials
API URLhttps://x402.hexl.dev/v1/security/password-pwned
Integration docs
Example request
{
  "password": "password"
}
Example response
{
  "pwned": true,
  "count": 10434004,
  "verdict": "critical",
  "hashPrefix": "5BAA6",
  "recommendation": "This password has appeared in known breaches. Do not use it; choose a unique password."
}
Input schema
{
  "type": "object",
  "required": [
    "password"
  ],
  "properties": {
    "password": {
      "type": "string",
      "examples": [
        "password"
      ]
    }
  }
}
Output schema
{
  "type": "object",
  "additionalProperties": true
}