PHP Quick Start

1. Get an API Key and Secret

If you haven’t already, sign up for a free trial.

2. Install the Enzoic Library in Your Project

Use Nuget to install the Enzoic package in your project:

composer require enzoic/enzoic

3. Try Out Our Example Code

We’ve made calling the API dead simple. This sample code snippet shows you examples of calling the four supported APIs:


use Enzoic\Enzoic;
use Enzoic\PasswordType;

// Create a new Enzoic instance - this is our primary interface for making API calls
$enzoic = new Enzoic(YOUR_API_KEY, YOUR_API_SECRET);

// Check whether a password has been compromised
// see for more information
$passwordCompromised = $enzoic->checkPassword('password-to-test'); 

if ($passwordCompromised === true) {
    echo 'Password is compromised';
else {
    echo 'Password is not compromised';

// Check whether a specific set of credentials are compromised
// see for more information
$credentialsCompromised = $enzoic->checkCredentials('', 

 if ($credentialsCompromised === true) {
    echo 'Credentials are compromised';
else {
    echo 'Credentials are not compromised';

// checkCredentials has optional parameters offering more control over performance.
// lastCheckDate: 
// A DateTime containing the timestamp of the last credentials check you performed 
// for this user.  If the date/time you provide for the last check is greater than 
// the timestamp Enzoic has for the last breach affecting this user, the check will 
// not be performed.  This can be used to substantially increase performance 
// after the initial call.
// excludeHashAlgorithms: 
// An array of PasswordTypes to ignore when calculating hashes for the credentials 
// check.  By excluding computationally expensive PasswordTypes, such as BCrypt, it 
// is possible to balance the performance of this call against security.

// should be set to the last time you checked credentials for this user for 
// performance
$dateOfLastCredentialsCheck = new DateTime('2020-07-01T02:05:03.000Z');

// let's exclude BCrypt and PHPBB3 
$excludeHashAlgorithms = [ PasswordType::BCrypt, PasswordType::PHPBB3 ];

$credentialsCompromised = $enzoic->checkCredentials('', 
    'password-to-test', $dateOfLastCredentialsCheck, $excludeHashAlgorithms);
if ($credentialsCompromised === true) {
    echo 'Credentials are compromised';
else {
    echo 'Credentials are not compromised';

// get all exposures for the given user
// see for more information
$userExposures = $enzoic->getExposuresForUser('');

echo count($userExposures).' exposures found for';
// now get the full details for the first exposure returned in the list
// see for more 
// information
$exposureDetails = $enzoic->getExposureDetails($userExposures[0]);

echo 'First exposure for was '.$exposureDetails->{'title'};

// get all passwords for a given user - requires special approval, contact Enzoic 
// sales, see for more information
$userPasswords = $enzoic->getPasswordsForUser("");
echo "First password for was "


4. Learn More

That should get you started. Check out the GitHub project page for more details. Make sure you also review the Using the Enzoic API page.

Last updated