Have I Been Pwned

the have i been pwned connector allows users to integrate real time data breach information into their security workflows, enabling proactive monitoring and response to incidents of data exposure have i been pwned is a renowned platform for checking if personal data has been compromised in data breaches the have i been pwned turbine connector allows users to automate the process of monitoring and responding to breaches involving their organization's domains and email accounts by integrating with swimlane turbine, security teams can proactively detect compromised credentials, assess the impact of breaches, and initiate swift incident response workflows this connector enhances cybersecurity posture by providing actionable insights and streamlining the management of breach incidents connector to integrate with have i been pwned api prerequisites to utilize the have i been pwned connector within swimlane turbine, ensure you have the following api key authentication with the following parameters url the endpoint url for the have i been pwned api api key a valid api key provided by have i been pwned to access their services capabilities the have i been pwned has the following capabilities get a single breached site get all breached sites in the system get all breaches for an account get all data classes get all pastes for an account getting all breached email addresses for a domain getting all subscribed domains getting the most recently added breach getting the subscription status this connector was last tested against product version 3 api documentation https //haveibeenpwned com/api/v3 configurations have i been pwned api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required hibp api key api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get a single breached site retrieve detailed information about a specific breach by providing the site's name in have i been pwned endpoint url /api/v3/breach/{{name}} method get input argument name type required description path parameters name string required sometimes just a single breach is required and this can be retrieved by the breach "name" this is the stable value which may or may not be the same as the breach "title" (which can change) input example {"path parameters" {"name" "example name"}} output parameter type description status code number http status code of the response reason string response reason phrase name string name of the resource title string output field title domain string output field domain breachdate string date value addeddate string date value modifieddate string date value pwncount number count value description string output field description logopath string output field logopath dataclasses array response data isverified boolean output field isverified isfabricated boolean output field isfabricated issensitive boolean output field issensitive isretired boolean output field isretired isspamlist boolean output field isspamlist ismalware boolean output field ismalware output example {"name" "example name","title" "string","domain" "string","breachdate" "string","addeddate" "string","modifieddate" "string","pwncount" 123,"description" "string","logopath" "string","dataclasses" \["string"],"isverified"\ true,"isfabricated"\ true,"issensitive"\ true,"isretired"\ true,"isspamlist"\ true} get all breached sites in the system retrieve detailed information on all breached sites in the system, including notable instances such as adobe and gawker endpoint url /api/v3/breaches method get input argument name type required description parameters domain string optional filters the result set to only breaches against the domain specified it is possible that one site (and consequently domain), is compromised on multiple occasions input example {"parameters" {"domain" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase output example \[] get all breaches for an account retrieve all data breaches associated with a given account from the have i been pwned api, requiring the 'account' path parameter endpoint url /api/v3/breachedaccount/{{account}} method get input argument name type required description path parameters account string required the most common use of the api is to return a list of all breaches a particular account has been involved in the api takes a single parameter which is the account to be searched for the account is not case sensitive and will be trimmed of leading or trailing white spaces parameters truncateresponse boolean optional by default, only the name of the breach is returned rather than the complete breach data, thus reducing the response body size by approximately 98% the name can then be used to either retrieve a single breach or it can be found in the list of all breaches in the system if you'd like complete breach data returned in the api call, set this to false parameters domain string optional filters the result set to only breaches against the domain specified it is possible that one site (and consequently domain), is compromised on multiple occasions parameters includeunverified boolean optional returns breaches that have been flagged as "unverified" by default, both verified and unverified breaches are returned when performing a search input example {"path parameters" {"account" "string"},"parameters" {"truncateresponse"\ true,"domain" "string","includeunverified"\ true}} output parameter type description status code number http status code of the response reason string response reason phrase output example \[] get all data classes retrieve a comprehensive list of data classes recognized by have i been pwned as compromised in various breaches endpoint url /api/v3/dataclasses method get output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "fri, 16 aug 2024 11 29 35 gmt","content type" "application/json; charset=utf 8","content length" "1424","connection" "keep alive","access control expose headers" "request context","cache control" "public, max age=3600","content encoding" "gzip","vary" "accept encoding","strict transport security" "max age=31536000; includesubdomains; preload","x frame options" "deny","x content type options" "nosniff","referrer policy" "strict origin when cross orig get all pastes for an account retrieve all paste entries for a specified email account from have i been pwned, with case insensitive and trimmed input handling endpoint url /api/v3/pasteaccount/{{account}} method get input argument name type required description path parameters account string required email address to be searched for input example {"path parameters" {"account" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase output example \[] getting all breached email addresses for a domain retrieve all breached email addresses for a verified domain from have i been pwned endpoint url /api/v3/breacheddomain/{{domain}} method get input argument name type required description path parameters domain string required parameters for the getting all breached email addresses for a domain action input example {"path parameters" {"domain" "example com"}} output parameter type description status code number http status code of the response reason string response reason phrase alias1 array output field alias1 alias2 array output field alias2 alias3 array output field alias3 output example {"status code" 200,"response headers" {"date" "fri, 16 aug 2024 11 29 35 gmt","content type" "application/json; charset=utf 8","content length" "1424","connection" "keep alive","access control expose headers" "request context","cache control" "public, max age=3600","content encoding" "gzip","vary" "accept encoding","strict transport security" "max age=31536000; includesubdomains; preload","x frame options" "deny","x content type options" "nosniff","referrer policy" "strict origin when cross orig getting all subscribed domains retrieve verified domains from the have i been pwned domain search dashboard endpoint url /api/v3/subscribeddomains method get output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "fri, 16 aug 2024 11 40 08 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","cf ray" "8b4125d4b86379ef hyd","cf cache status" "dynamic","content encoding" "gzip","strict transport security" "max age=31536000; includesubdomains; preload","vary" "accept encoding","x content type options" "nosniff","set cookie" " cf bm=n3s0cyvdjqbztonyjqpbqgvbi9n1tdlv7jb8ibkuueq 1723808408 1 0 1 1 yvp9ugzsn ","server" "cl getting the most recently added breach retrieve the most recently added breach information from have i been pwned, regardless of the actual event date endpoint url /api/v3/latestbreach method get output parameter type description status code number http status code of the response reason string response reason phrase name string name of the resource title string output field title domain string output field domain breachdate string date value addeddate string date value modifieddate string date value pwncount number count value description string output field description logopath string output field logopath dataclasses array response data isverified boolean output field isverified isfabricated boolean output field isfabricated issensitive boolean output field issensitive isretired boolean output field isretired isspamlist boolean output field isspamlist ismalware boolean output field ismalware issubscriptionfree boolean output field issubscriptionfree output example {"status code" 200,"response headers" {"date" "fri, 16 aug 2024 11 47 38 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","cf ray" "8b4130d3ace879ef hyd","cf cache status" "dynamic","access control allow origin" " ","cache control" "public, max age=300","content encoding" "gzip","strict transport security" "max age=31536000; includesubdomains; preload","vary" "accept encoding","arr disable session affinity" "true","request context" "appid=cid v1 7711 getting the subscription status retrieve current subscription details for have i been pwned, including plan type and expiration date endpoint url /api/v3/subscription/status method get output parameter type description status code number http status code of the response reason string response reason phrase subscribeduntil string output field subscribeduntil subscriptionname string name of the resource description string output field description domainsearchmaxbreachedaccounts number output field domainsearchmaxbreachedaccounts rpm number output field rpm output example {"status code" 200,"response headers" {"date" "fri, 16 aug 2024 12 02 50 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","cf ray" "8b41471859b279ef hyd","cf cache status" "dynamic","content encoding" "gzip","strict transport security" "max age=31536000; includesubdomains; preload","vary" "accept encoding","x content type options" "nosniff","set cookie" " cf bm=i1p4morpw6sbrbnzgesfgxi5zqlwql11bi3pbuaxjsm 1723809770 1 0 1 1 j40wzbztr ","server" "cl response headers header description example accept ranges http response header accept ranges access control allow origin http response header access control allow origin access control expose headers http response header access control expose headers request context age http response header age arr disable session affinity http response header arr disable session affinity true cache control directives for caching mechanisms public, max age=3600 cf cache status http response header cf cache status dynamic cf ray http response header cf ray 8b41471859b279ef hyd connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 1424 content security policy http response header content security policy default src 'none';script src 'self' http //www google com http //www gstatic com cdnjs cloudflare com az416426 vo msecnd net ajax cloudflare com challenges cloudflare com static cloudflareinsights com;style src 'self' 'unsafe inline' cdnjs cloudflare com;img src 'self' http //www gstatic com translate google com logos haveibeenpwned com;font src 'self' cdnjs cloudflare com fonts gstatic com;connect src 'self' api pwnedpasswords com stats g doubleclick net dc services visualstudio com;base uri 'self';child src http //www google com challenges cloudflare com;form action 'self' accounts google com http //www paypal com billing stripe com checkout stripe com billing haveibeenpwned com;frame ancestors 'none';worker src 'self';upgrade insecure requests;report uri https //troyhunt report uri com/r/d/csp/enforce content type the media type of the resource application/json date the date and time at which the message was originated fri, 16 aug 2024 11 40 08 gmt expires the date/time after which the response is considered stale last modified the date and time at which the origin server believes the resource was last modified pragma http response header pragma referrer policy http response header referrer policy strict origin when cross origin request context http response header request context appid=cid v1 3665810e aab5 4aa5 90b9 f46c41b757ec server information about the software used by the origin server cloudflare set cookie http response header set cookie cf bm=lwucgjvib6qev c1mw9e4vsi3 vi1jhqxcurxnxasvk 1723807775 1 0 1 1 v2jgrpsrbkwm0awty7bpmc zzkiq5ijl8jdojfpsbtbfnvaujng5h n830i0kn yuauwin5wkxrvvp77g3cwzq; path=/; expires=fri, 16 aug 24 11 59 35 gmt; domain= haveibeenpwned com; httponly; secure; samesite=none strict transport security http response header strict transport security max age=31536000; includesubdomains; preload transfer encoding http response header transfer encoding chunked vary http response header vary accept encoding x content type options http response header x content type options nosniff x frame options http response header x frame options deny x powered by http response header x powered by x xss protection http response header x xss protection 1; mode=block