Credentials API
Quickly and easily check if a specific username/password combination is known to be compromised
Last updated
Quickly and easily check if a specific username/password combination is known to be compromised
Last updated
The Credentials API allows you to securely lookup whether a given username/password combination exists in our database of compromised account credentials. The typical example where this API can be useful is on a website’s login form. As users login, you can check their credentials against this API to ensure that they have not been compromised. In the event that a user’s credentials have been exposed, you can force them to reset their password or take other corrective action. In this way, you can prevent cybercriminals from logging in using stolen credentials.
The Credentials API offers two different options for checks: the Hashed Credentials API and the Cleartext Credentials API:
Hashed Credentials API This API employs a multi-step sequence where you hash your user's credentials locally and compare them against the results from the Enzoic database. It is highly recommended to use one of the pre-built Enzoic Libraries and not attempt to utilize this API directly.
Cleartext Credentials API This API returns cleartext passwords for a given email address, allowing you to compare locally against the password you have for the user. While this API is easier to use and more flexible in terms of use cases, given the extremely sensitive nature of its data it requires extensive vetting and special permission to use.