PHP Quick Start

1. Get an API Key and Secret

If you haven’t already, sign up for a free trial.

2. Install the Enzoic Library in Your Project

Use Nuget to install the Enzoic package in your project:

composer require enzoic/enzoic

3. Try Out Our Example Code

We’ve made calling the API dead simple. This sample code snippet shows you examples of calling the four supported APIs:

<?php

use Enzoic\Enzoic;
use Enzoic\PasswordType;

// Create a new Enzoic instance - this is our primary interface for making API calls
$enzoic = new Enzoic(YOUR_API_KEY, YOUR_API_SECRET);

// Check whether a password has been compromised
// see https://www.enzoic.com/docs-passwords-api/ for more information
$passwordCompromised = $enzoic->checkPassword('password-to-test'); 

if ($passwordCompromised === true) {
    echo 'Password is compromised';
}
else {
    echo 'Password is not compromised';
}

// Check whether a specific set of credentials are compromised
// see https://www.enzoic.com/docs-credentials-api/ for more information
$credentialsCompromised = $enzoic->checkCredentials('test@enzoic.com', 
    'password-to-test'); 

 if ($credentialsCompromised === true) {
    echo 'Credentials are compromised';
}
else {
    echo 'Credentials are not compromised';
}

// checkCredentials has optional parameters offering more control over performance.
//
// lastCheckDate: 
// A DateTime containing the timestamp of the last credentials check you performed 
// for this user.  If the date/time you provide for the last check is greater than 
// the timestamp Enzoic has for the last breach affecting this user, the check will 
// not be performed.  This can be used to substantially increase performance 
// after the initial call.
//
// excludeHashAlgorithms: 
// An array of PasswordTypes to ignore when calculating hashes for the credentials 
// check.  By excluding computationally expensive PasswordTypes, such as BCrypt, it 
// is possible to balance the performance of this call against security.
//

// should be set to the last time you checked credentials for this user for 
// performance
$dateOfLastCredentialsCheck = new DateTime('2020-07-01T02:05:03.000Z');

// let's exclude BCrypt and PHPBB3 
$excludeHashAlgorithms = [ PasswordType::BCrypt, PasswordType::PHPBB3 ];

$credentialsCompromised = $enzoic->checkCredentials('test@enzoic.com', 
    'password-to-test', $dateOfLastCredentialsCheck, $excludeHashAlgorithms);
    
if ($credentialsCompromised === true) {
    echo 'Credentials are compromised';
}
else {
    echo 'Credentials are not compromised';
}

// get all exposures for the given user
// see https://www.enzoic.com/docs-exposures-api/#get-exposures for more information
$userExposures = $enzoic->getExposuresForUser('eicar_1@enzoic.com');

echo count($userExposures).' exposures found for eicar_1@enzoic.com';
    
// now get the full details for the first exposure returned in the list
// see https://www.enzoic.com/docs-exposures-api/#get-exposure-details for more 
// information
$exposureDetails = $enzoic->getExposureDetails($userExposures[0]);

echo 'First exposure for test@enzoic.com was '.$exposureDetails->{'title'};

// get all passwords for a given user - requires special approval, contact Enzoic 
// sales, see https://www.enzoic.com/docs-raw-passwords-api/ for more information
$userPasswords = $enzoic->getPasswordsForUser("eicar_0@enzoic.com");
echo "First password for eicar_0@enzoic.com was "
    .$userPasswords->{'passwords'}[0]->{'password'};

?>

4. Learn More

That should get you started. Check out the GitHub project page for more details. Make sure you also review the Using the Enzoic API page.

Last updated

Was this helpful?