Have I Been Pwned

have i been pwned is a service that helps users determine if their personal data has been compromised in data breaches have i been pwned is a widely recognized service that allows users to check if their personal data has been compromised in a data breach this connector enables swimlane turbine users to automate the retrieval of breach information, account exposure, and data class details from have i been pwned by integrating this service, users can enhance their security operations by quickly identifying compromised accounts, monitoring domain breaches, and taking proactive measures to mitigate risks this integration empowers security teams to streamline breach detection and response processes, ensuring a more robust security posture connector to integrate with have i been pwned api prerequisites before you can use the have i been pwned connector for turbine, you'll need access to the have i been pwned api this requires the following an api key authentication using the following parameters url the endpoint url for accessing the have i been pwned api api key a valid api key to authenticate requests to the have i been pwned api capabilities the have i been pwned has the following capabilities get a single breached site get all breached sites in the system get all breaches for an account get all data classes get all pastes for an account getting all breached email addresses for a domain getting all subscribed domains getting the most recently added breach getting the subscription status this connector was last tested against product version 3 api documentation https //haveibeenpwned com/api/v3 additional documentation https //docs swimlane com/connectors/have i been pwned https //haveibeenpwned com/api/v3 configurations have i been pwned api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required hibp api key api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get a single breached site retrieve detailed information about a specific breach by providing the site's name in have i been pwned endpoint url /api/v3/breach/{{name}} method get input argument name type required description path parameters name string required sometimes just a single breach is required and this can be retrieved by the breach "name" this is the stable value which may or may not be the same as the breach "title" (which can change) input example {"path parameters" {"name" "example name"}} output parameter type description status code number http status code of the response reason string response reason phrase name string name of the resource title string output field title domain string output field domain breachdate string date value addeddate string date value modifieddate string date value pwncount number count value description string output field description logopath string output field logopath dataclasses array response data isverified boolean output field isverified isfabricated boolean output field isfabricated issensitive boolean output field issensitive isretired boolean output field isretired isspamlist boolean output field isspamlist ismalware boolean output field ismalware output example {"name" "example name","title" "string","domain" "string","breachdate" "string","addeddate" "string","modifieddate" "string","pwncount" 123,"description" "string","logopath" "string","dataclasses" \["string"],"isverified"\ true,"isfabricated"\ true,"issensitive"\ true,"isretired"\ true,"isspamlist"\ true} get all breached sites in the system retrieve detailed information on all breached sites in the system, including notable instances such as adobe and gawker endpoint url /api/v3/breaches method get input argument name type required description parameters domain string optional filters the result set to only breaches against the domain specified it is possible that one site (and consequently domain), is compromised on multiple occasions input example {"parameters" {"domain" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase output example \[] get all breaches for an account retrieve all data breaches associated with a given account from the have i been pwned api requires the 'account' path parameter endpoint url /api/v3/breachedaccount/{{account}} method get input argument name type required description path parameters account string required the most common use of the api is to return a list of all breaches a particular account has been involved in the api takes a single parameter which is the account to be searched for the account is not case sensitive and will be trimmed of leading or trailing white spaces parameters truncateresponse boolean optional by default, only the name of the breach is returned rather than the complete breach data, thus reducing the response body size by approximately 98% the name can then be used to either retrieve a single breach or it can be found in the list of all breaches in the system if you'd like complete breach data returned in the api call, set this to false parameters domain string optional filters the result set to only breaches against the domain specified it is possible that one site (and consequently domain), is compromised on multiple occasions parameters includeunverified boolean optional returns breaches that have been flagged as "unverified" by default, both verified and unverified breaches are returned when performing a search input example {"path parameters" {"account" "string"},"parameters" {"truncateresponse"\ true,"domain" "string","includeunverified"\ true}} output parameter type description status code number http status code of the response reason string response reason phrase output example \[] get all data classes retrieve a comprehensive list of data classes recognized by have i been pwned as compromised in various breaches endpoint url /api/v3/dataclasses method get output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "fri, 16 aug 2024 11 29 35 gmt","content type" "application/json; charset=utf 8","content length" "1424","connection" "keep alive","access control expose headers" "request context","cache control" "public, max age=3600","content encoding" "gzip","vary" "accept encoding","strict transport security" "max age=31536000; includesubdomains; preload","x frame options" "deny","x content type options" "nosniff","referrer policy" "strict origin when cross orig get all pastes for an account retrieve all paste entries for a specified email account from have i been pwned, with case insensitive and trimmed input handling endpoint url /api/v3/pasteaccount/{{account}} method get input argument name type required description path parameters account string required email address to be searched for input example {"path parameters" {"account" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase output example \[] getting all breached email addresses for a domain retrieve all breached email addresses for a verified domain from have i been pwned requires the domain as a path parameter endpoint url /api/v3/breacheddomain/{{domain}} method get input argument name type required description path parameters domain string required parameters for the getting all breached email addresses for a domain action input example {"path parameters" {"domain" "example com"}} output parameter type description status code number http status code of the response reason string response reason phrase alias1 array output field alias1 alias2 array output field alias2 alias3 array output field alias3 output example {"status code" 200,"response headers" {"date" "fri, 16 aug 2024 11 29 35 gmt","content type" "application/json; charset=utf 8","content length" "1424","connection" "keep alive","access control expose headers" "request context","cache control" "public, max age=3600","content encoding" "gzip","vary" "accept encoding","strict transport security" "max age=31536000; includesubdomains; preload","x frame options" "deny","x content type options" "nosniff","referrer policy" "strict origin when cross orig getting all subscribed domains retrieve verified domains from the have i been pwned domain search dashboard endpoint url /api/v3/subscribeddomains method get output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "fri, 16 aug 2024 11 40 08 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","cf ray" "8b4125d4b86379ef hyd","cf cache status" "dynamic","content encoding" "gzip","strict transport security" "max age=31536000; includesubdomains; preload","vary" "accept encoding","x content type options" "nosniff","set cookie" " cf bm=n3s0cyvdjqbztonyjqpbqgvbi9n1tdlv7jb8ibkuueq 1723808408 1 0 1 1 yvp9ugzsn ","server" "cl getting the most recently added breach retrieve the most recently added breach information from have i been pwned, regardless of the actual event date endpoint url /api/v3/latestbreach method get output parameter type description status code number http status code of the response reason string response reason phrase name string name of the resource title string output field title domain string output field domain breachdate string date value addeddate string date value modifieddate string date value pwncount number count value description string output field description logopath string output field logopath dataclasses array response data isverified boolean output field isverified isfabricated boolean output field isfabricated issensitive boolean output field issensitive isretired boolean output field isretired isspamlist boolean output field isspamlist ismalware boolean output field ismalware issubscriptionfree boolean output field issubscriptionfree output example {"status code" 200,"response headers" {"date" "fri, 16 aug 2024 11 47 38 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","cf ray" "8b4130d3ace879ef hyd","cf cache status" "dynamic","access control allow origin" " ","cache control" "public, max age=300","content encoding" "gzip","strict transport security" "max age=31536000; includesubdomains; preload","vary" "accept encoding","arr disable session affinity" "true","request context" "appid=cid v1 7711 getting the subscription status retrieve current subscription details for have i been pwned, including plan type and expiration date endpoint url /api/v3/subscription/status method get output parameter type description status code number http status code of the response reason string response reason phrase subscribeduntil string output field subscribeduntil subscriptionname string name of the resource description string output field description domainsearchmaxbreachedaccounts number output field domainsearchmaxbreachedaccounts rpm number output field rpm output example {"status code" 200,"response headers" {"date" "fri, 16 aug 2024 12 02 50 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","cf ray" "8b41471859b279ef hyd","cf cache status" "dynamic","content encoding" "gzip","strict transport security" "max age=31536000; includesubdomains; preload","vary" "accept encoding","x content type options" "nosniff","set cookie" " cf bm=i1p4morpw6sbrbnzgesfgxi5zqlwql11bi3pbuaxjsm 1723809770 1 0 1 1 j40wzbztr ","server" "cl response headers header description example accept ranges http response header accept ranges access control allow origin http response header access control allow origin access control expose headers http response header access control expose headers request context age http response header age arr disable session affinity http response header arr disable session affinity true cache control directives for caching mechanisms public, max age=3600 cf cache status http response header cf cache status dynamic cf ray http response header cf ray 8b4125d4b86379ef hyd connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 1424 content security policy http response header content security policy default src 'none';script src 'self' http //www google com http //www gstatic com cdnjs cloudflare com az416426 vo msecnd net ajax cloudflare com challenges cloudflare com static cloudflareinsights com;style src 'self' 'unsafe inline' cdnjs cloudflare com;img src 'self' http //www gstatic com translate google com logos haveibeenpwned com;font src 'self' cdnjs cloudflare com fonts gstatic com;connect src 'self' api pwnedpasswords com stats g doubleclick net dc services visualstudio com;base uri 'self';child src http //www google com challenges cloudflare com;form action 'self' accounts google com http //www paypal com billing stripe com checkout stripe com billing haveibeenpwned com;frame ancestors 'none';worker src 'self';upgrade insecure requests;report uri https //troyhunt report uri com/r/d/csp/enforce content type the media type of the resource application/json; charset=utf 8 date the date and time at which the message was originated fri, 16 aug 2024 11 47 38 gmt expires the date/time after which the response is considered stale last modified the date and time at which the origin server believes the resource was last modified pragma http response header pragma referrer policy http response header referrer policy strict origin when cross origin request context http response header request context appid=cid v1 3665810e aab5 4aa5 90b9 f46c41b757ec server information about the software used by the origin server cloudflare set cookie http response header set cookie cf bm=el8ywcvljsn77rmjpgkmwczyiaperignbktfnff9nwy 1723808858 1 0 1 1 l9cgvsrnhpty4god5by z1fhydst7hrnzeq yjcpyqv83tqjkx602asaax9cuarpl78c9ypqtpji4qxyzxpeyw; path=/; expires=fri, 16 aug 24 12 17 38 gmt; domain= haveibeenpwned com; httponly; secure; samesite=none strict transport security http response header strict transport security max age=31536000; includesubdomains; preload transfer encoding http response header transfer encoding chunked vary http response header vary accept encoding x content type options http response header x content type options nosniff x frame options http response header x frame options deny x powered by http response header x powered by x xss protection http response header x xss protection 1; mode=block