Cleartext Credentials API
Previously named the "Raw Passwords API" - retrieve all compromised passwords in cleartext for a username
The Cleartext Credentials API allows you to lookup all the compromised passwords Enzoic has for a given user. The passwords are returned in cleartext, if available, or in the raw hash format that was recovered if not (e.g. MD5, SHA1, BCrypt, etc.). This API is extremely sensitive and restricted to organizations that pass extensive vetting. Please contact sales if you believe you have an appropriate use case for this API.
Query all cleartext passwords for a given email address.
Returns a list of passwords in the Enzoic database for a given email address.
Passwords for the user were found in the Enzoic database and are included in the response
An array of passwords which were found for this user.
A string containing the date/time of the last credentials exposure found for this account. This can be used to more intelligently check credentials for a user, i.e. if the lastBreachDate is less than the last time you performed a credentials check, you can skip the remaining steps.
Query all cleartext passwords for a users in a given email domain.
Returns a paginated list of credentials in the Enzoic database for all users under a given email domain. This variant of the call takes a domain (e.g. enzoic.com) and returns a list of emails and recovered passwords for any email address we've found credentials for in that domain.
The call was successful and all matching credentials are in the response
The total number of users exposed for the requested domain. If this exceeds the requested page size, the results are paginated and a pagingToken will be present in the response.
Present when there are additional pages of results available. Pass this token in on a subsequent call to fetch the next page of results.
An array of credentials found under this domain, grouped by email address.
Query all cleartext passwords for a user by providing a partial hash of their email address.
Returns a list of passwords in the Enzoic database for a given email address. This variant of the call takes a partial SHA-256 hash of the email being checked and returns passwords for all possible candidate matches. Unless you need to pass only partial hashes for compliance purposes, we recommend using the exact match /cleartext-credentials variant for better performance.
The call was successful and any matching candidate users are in the response
An array of possible matching users for the partial hash provided. Check the usernameHash property in each candidate to determine if it was a full match.
Last updated