Accounts API
The Accounts API lets you return a list of Exposures associated with a given username or set of usernames. Alternatively, the Accounts API can return a list of users associated with a specific Exposure. This API uses a format similar to that of the original Pwnedlist API.
Available Calls
- Exposures by Account
Returns all of the credentials Exposures that have been found for a given username or set of usernames.
- Accounts by Exposure
Returns a list of user accounts associated with a specific Exposure.
POST – Exposures by Account
https://api.passwordping.com/accounts
Returns all of the credentials Exposures that have been found for a given username or set of usernames. Alternatively, SHA256 hashes of the usernames can be passed.
See Using Enzoic for general instructions on using the API.
Request
Parameter |
Type |
Description |
account_identifier |
string |
A comma-separated list of usernames or SHA256 hashes of the usernames to return Exposures for |
limit |
integer |
(Optional) The maximum number of results to return (default is 500, maximum is 10000) |
Response
Response |
Description |
200 |
One or more of the usernames were found and the associated Exposures are in the response body |
404 |
None of the usernames were found in Enzoic’s database and have no Exposures associated with them. |
Response Body
The response body contains an array of AccountResponses for the specified users. The leak_id’s in these can be used with the Exposure Details API to get additional information about each Exposure.
Member |
Type |
Description |
count |
integer |
The number of items in the results array |
results |
AccountResponses[] |
An array of AccountResponses. The leak_id can be used with the Exposure Details call to retrieve additional information about the Exposure. |
AccountResponse:
Member |
Type |
Description |
plain |
string |
The username |
leak_id |
string |
The ID of the Exposure |
Example
Request
curl --header "authorization: basic {your auth string}" --data="account_identifier=sample@email.tst,sample2@email.tst&limit=2" "https://api.passwordping.com/accounts"
Response
{
"count": 2,
"results": [
{
"plain": "sample@email.tst",
"leak_id": "57dc11964d6db21300991b78"
},
{
"plain": "sample@email.tst",
"leak_id": "5805029914f33808dc802ff7"
}
]
}
POST – Accounts by Exposure
https://api.passwordping.com/accounts
Returns a list of user accounts associated with a specific Exposure. Results are paginated.
See Using Enzoic for general instructions on using the API.
Request
Parameter |
Type |
Description |
leak_id |
string |
The ID of the Exposure |
page_size |
integer |
(Optional) The maximum number of results to return with a single call. Defaults to 1000, which is the maximum. |
token |
string |
(Optional) A paging token. Omit on the first call. Whenever there are additional pages of responses available, the response will include a token field. That value should be passed to this call to retrieve the next page of results. |
Response
Response |
Description |
200 |
The response body contains an array of accounts that were compromised in the specified Exposure. |
Response Body
Member |
Type |
Description |
token |
string |
If present, indicates more pages of results are available. The token value should be passed in as a parameter to retrieve the next page of results. |
count |
integer |
The total number of results available across all pages. |
accounts |
Account[] |
An array of Accounts that were compromised in this Exposure. |
Account:
Member |
Type |
Description |
plain |
string |
The username |
Example
Request
curl --header "authorization: basic {your auth string}" --data "leak_id=57dc11964d6db21300991b78&count=5" "https://api.passwordping.com/accounts"
Response
{
"token": "57ffb08c4d6db2180ce661f3",
"count": 5,
"accounts": [
{
"plain": "sample@email.tst"
},
{
"plain": "sample2@email.tst"
},
{
"plain": "sample3@email.tst"
},
{
"plain": "sample4@email.tst"
},
{
"plain": "sample5@email.tst"
}
]
}