Cleartext Credentials API
Previously named the "Raw Passwords API" - retrieve all compromised passwords in cleartext for a username
The Cleartext Credentials API allows you to lookup all the compromised passwords Enzoic has for a given user. The passwords are returned in cleartext, if available, or in the raw hash format that was recovered if not (e.g. MD5, SHA1, BCrypt, etc.). This API is extremely sensitive and restricted to organizations that pass extensive vetting. Please contact sales if you believe you have an appropriate use case for this API.
get
https://api.enzoic.com/v1
/cleartext-credentials
Query all cleartext passwords for a given email address.
Returns a list of passwords in the Enzoic database for a given email address.
Parameters
Query
username*
string
The email or SHA-256 hash of the lowercased email you wish to check credentials for
includeExposureDetails
integer
If this parameter is specified and non-zero, the results will include the exposure details inline, rather than just the IDs. In this case the exposures array in the response will contain an array of ExposureDetails objects
Responses
200: OK
Passwords for the user were found in the Enzoic database and are included in the response
404: Not Found
Enzoic has no passwords for the requested user.
get
https://api.enzoic.com/v1
/cleartext-credentials-by-partial-hash
Query all cleartext passwords for a user by providing a partial hash of their email address.
Returns a list of passwords in the Enzoic database for a given email address. This variant of the call takes a partial SHA-256 hash of the email being checked and returns passwords for all possible candidate matches. Unless you need to pass only partial hashes for compliance purposes, we recommend using the exact match /cleartext-credentials variant for better performance.
Parameters
Query
partialUsernameHash*
string
The first 8 or more characters of the SHA-256 hash of the lowercased email you wish to check credentials for
includeExposureDetails
integer
If this parameter is specified and non-zero, the results will include the exposure details inline, rather than just the IDs. In this case the exposures array in the response will contain an array of ExposureDetails objects
Responses
200: OK
The call was successful and any matching candidate users are in the response
Last modified 8d ago