Enzoic API - Developer Documentation
Visit our website
  • Enzoic Website
  • Getting Started
    • .NET Quick Start
    • Java Quick Start
    • JavaScript Quick Start
    • Ruby Quick Start
    • PHP Quick Start
    • Go Quick Start
    • Python Quick Start
  • Using the Enzoic API
  • Libraries
  • API reference
    • Passwords API
    • Credentials API
      • Hashed Credentials API
      • Cleartext Credentials API
        • Query Passwords for an Email Address
        • Query Passwords for a Domain
        • Query Passwords for a Partial Hash of an Email Address
      • Test Accounts
    • Exposures API
      • Get Exposures for an Email Address
      • Get Exposures for a Domain
      • Get Exposures for All Email Addresses in a Domain
      • Get Exposures by Date
      • Retrieve Details for an Exposure
    • Breach Monitoring API
      • Breach Monitoring by User
        • Add Breach Alert Subscriptions for Users
        • Remove Breach Alert Subscriptions for Users
        • Query Breach Alert Subscriptions for Users
      • Breach Monitoring by Domain
        • Add Breach Alert Subscriptions for Domains
        • Remove Breach Alert Subscriptions for Domains
        • Query Breach Alert Subscriptions for Domains
      • Webhooks
        • Managing Webhooks
          • Register a Webhook
          • Update a Webhook
          • Delete a Webhook
          • Query Registered Webhooks
        • Webhook Test API
    • Identity Breach Monitoring API
      • Monitoring Identities
        • Add Identities to Monitoring
        • Update Monitored Identities
        • Remove an Identity from Monitoring
        • Query Monitored Identities
      • Retrieving Identity Exposures
      • Webhooks
        • Managing Webhooks
          • Register a Webhook
          • Update a Webhook
          • Delete a Webhook
          • Query Registered Webhooks
        • Webhook Test API
    • BIN Monitoring API
      • Monitoring BINs
        • Add Bank Identification Numbers to Monitoring
        • Remove Bank Identification Numbers from Monitoring
        • Query Monitored Bank Identification Numbers
      • Retrieving Exposed Payment Cards
      • Webhooks
        • Managing Webhooks
          • Register a Webhook
          • Update a Webhook
          • Delete a Webhook
          • Query Registered Webhooks
        • Webhook Test API
    • Payment Card Exposures API
      • Check a Card Number for Compromise
    • Account Status APIs
      • Account Status
      • Account Usage
    • Password Hash Algorithms
    • OpenAPI Specification
    • View OpenAPI Spec in Swagger UI
    • Postman Collection of API Examples
  • Password Strength Meter
    • Quick Start
    • Example
Powered by GitBook
On this page

Was this helpful?

  1. API reference
  2. Payment Card Exposures API

Check a Card Number for Compromise

PreviousPayment Card Exposures APINextAccount Status APIs

Last updated 10 months ago

Was this helpful?

Retrieve a list of recovered payment card numbers

post

Returns a list of compromised payment card numbers matching a partial card number provided to the call. The partialCardNumber field in the body should contain the first 8 digits of the card number being checked.

This call uses a k-anonymity algorithm to ensure that the complete card number being checked is not sent to the server in the clear. All compromised payment card numbers matching having a match on the first 8 digits will be returned in the cardsFound response, allowing the caller to then locally compare to determine if the full payment card number being checked is in the Enzoic database of compromised card numbers.

Authorizations
Body
partialCardNumberstringRequired

The first 8 digits of the card number being checked.

Example: 40112322
includeRawMatchSourcebooleanOptional

If this parameter is specified and true, the results will include the raw match source inline, along with the exposure IDs. The raw match source will be the snippet of text from the breach source where the card number was found, providing additional context into what else was exposed (e.g. name, CVV, expiration date, etc.).

NOTE: Including this parameter will increase the size and significantly slow the response. Do not specify this parameter unless you actually need the original source text.

Example: true
Responses
200
The response body contains the requested results.
application/json
post
POST /v1/payment-card-exposures HTTP/1.1
Host: api.enzoic.com
Authorization: Bearer Base64(your_api_key:your_api_secret)
Content-Type: application/json
Accept: */*
Content-Length: 59

{
  "partialCardNumber": 40112322,
  "includeRawMatchSource": true
}
200

The response body contains the requested results.

{
  "cardsFound": [
    {
      "cardNumber": "text",
      "exposures": [
        {
          "exposureID": "5f483321b7496d0008ae3073"
        }
      ],
      "rawMatchSource": "Jane Doe 4242424242424242 08/28 123"
    }
  ]
}