# Pwned Passwords Password Validator API

## Alternate endpoint for Passwords API compatible with PingDirectory's Pwned Passwords Password Validator

> This is an alternate endpoint for the Passwords API which is compatible with PingIdentity's \[Pwned Passwords Password Validator]\(<https://docs.ping.directory/PingDataSync/latest/config-guide/pwned-passwords-password-validator.html#dsconfig%20Usage>).  This is a part of PingDirectory.  Note that since it's not possible to specify the API key and secret using the Authorization header when using this service, you can instead embed the API key and secret in the URL, e.g. <https://apiKey:secret@api.enzoic.com/range><br>

```json
{"openapi":"3.0.0","info":{"title":"Enzoic API","version":"1.3.0"},"tags":[{"name":"passwords","description":"APIs related to checking compromise status of a password"}],"servers":[{"url":"https://api.enzoic.com/v1"}],"security":[{"enzoic_auth":[]}],"components":{"securitySchemes":{"enzoic_auth":{"type":"http","scheme":"basic","bearerFormat":"Base64(your_api_key:your_api_secret)","description":"The Enzoic API uses a basic auth scheme where the username is your API key and the password is your API secret.  \nSee https://docs.enzoic.com/enzoic-api-developer-documentation/using-the-enzoic-api#api-authentication for more details.       \n"}}},"paths":{"/range/{partialHash}":{"get":{"tags":["passwords"],"summary":"Alternate endpoint for Passwords API compatible with PingDirectory's Pwned Passwords Password Validator","operationId":"passwordsRange","description":"This is an alternate endpoint for the Passwords API which is compatible with PingIdentity's [Pwned Passwords Password Validator](https://docs.ping.directory/PingDataSync/latest/config-guide/pwned-passwords-password-validator.html#dsconfig%20Usage).  This is a part of PingDirectory.  Note that since it's not possible to specify the API key and secret using the Authorization header when using this service, you can instead embed the API key and secret in the URL, e.g. https://apiKey:secret@api.enzoic.com/range\n","responses":{"200":{"description":"One or more possible candidate matches were found. The response body contains the candidates. If any of the candidate hashes match the exact hash, this is a compromised password, i.e. a “hacked” password.","content":{"text/plain":{"schema":{"type":"string","description":"A list of all hash suffixes matching the provided partial hash prefix.  The format of the response is a string with each line containing a single hash suffix, followed by a count of how many times that password has been publicly exposed, separated by a colon."}}}}},"parameters":[{"name":"partialHash","description":"The first 5 hex characters of the SHA-1 hash of the password to check or the NTLM hash if mode=ntlm","in":"path","required":true,"schema":{"type":"string"}},{"name":"mode","description":"(Optional) If specified and set to \"ntlm\", the partialHash is treated as the first 5 hex characters of the NTLM hash of the password rather than the SHA-1 hash.  Note that PingIdentity's service uses SHA-1 hashes, so typically this parameter is unnecessary","in":"query","required":false,"schema":{"type":"string"}}]}}}}
```