Skip to main content

Accounts API


The Accounts API lets you return a list of Exposures associated with a given username or set of usernames. Alternatively, the Accounts API can return a list of users associated with a specific Exposure. This API uses a format similar to that of the original Pwnedlist API.

Available Calls

  • Exposures by Account
    Returns all of the credentials Exposures that have been found for a given username or set of usernames.
  • Accounts by Exposure
    Returns a list of user accounts associated with a specific Exposure.

POST – Exposures by Account

https://api.passwordping.com/accounts

Returns all of the credentials Exposures that have been found for a given username or set of usernames. Alternatively, SHA256 hashes of the usernames can be passed.

See Using Enzoic for general instructions on using the API.

Request

Parameter Type Description
account_identifier string A comma-separated list of usernames or SHA256 hashes of the usernames to return Exposures for
limit integer (Optional) The maximum number of results to return (default is 500, maximum is 10000)

Response

Response Description
200 One or more of the usernames were found and the associated Exposures are in the response body
404 None of the usernames were found in Enzoic’s database and have no Exposures associated with them.

Response Body

The response body contains an array of AccountResponses for the specified users. The leak_id’s in these can be used with the Exposure Details API to get additional information about each Exposure.

Member Type Description
count integer The number of items in the results array
results AccountResponses[] An array of AccountResponses. The leak_id can be used with the Exposure Details call to retrieve additional information about the Exposure.

AccountResponse:
Member Type Description
plain string The username
leak_id string The ID of the Exposure

Example

Request
curl --header "authorization: basic {your auth string}" --data="account_identifier=sample@email.tst,sample2@email.tst&limit=2" "https://api.passwordping.com/accounts"
Response
{ 
  "count": 2,
  "results": [
      {
          "plain": "sample@email.tst",
          "leak_id": "57dc11964d6db21300991b78"
      },
      {
          "plain": "sample@email.tst",
          "leak_id": "5805029914f33808dc802ff7"
      }
  ]
}

POST – Accounts by Exposure

https://api.passwordping.com/accounts

Returns a list of user accounts associated with a specific Exposure. Results are paginated.

See Using Enzoic for general instructions on using the API.

Request

Parameter Type Description
leak_id string The ID of the Exposure
page_size integer (Optional) The maximum number of results to return with a single call. Defaults to 1000, which is the maximum.
token string (Optional) A paging token. Omit on the first call. Whenever there are additional pages of responses available, the response will include a token field. That value should be passed to this call to retrieve the next page of results.

Response

Response Description
200 The response body contains an array of accounts that were compromised in the specified Exposure.

Response Body

Member Type Description
token string If present, indicates more pages of results are available. The token value should be passed in as a parameter to retrieve the next page of results.
count integer The total number of results available across all pages.
accounts Account[] An array of Accounts that were compromised in this Exposure.

Account:
Member Type Description
plain string The username

Example

Request
curl --header "authorization: basic {your auth string}" --data "leak_id=57dc11964d6db21300991b78&count=5" "https://api.passwordping.com/accounts"
Response
{ 
"token": "57ffb08c4d6db2180ce661f3",
    "count": 5,
    "accounts": [
        {
            "plain": "sample@email.tst"
        },
        {
            "plain": "sample2@email.tst"
        },
        {
            "plain": "sample3@email.tst"
        },
        {
            "plain": "sample4@email.tst"
        },
        {
            "plain": "sample5@email.tst"
        }
    ]
}