Skip to main content

Use Breach Intel

Use the user/breached endpoint to make an API call and return user details

You can create an API request to retrieve as few or as many details as you need.

note

In the API requests below, “provider” does not appear in the request because it has already been configured in the Pangea Console. To configure a default provider, visit Select a provider as default.

Look up a breached user

To retrieve details about a user and check if their personal data has been breached, construct an API call with an email, phone_number, ip, username, or domain. All other parameters are optional.

Available parameters:

  • Email - Check for a user in known breaches via email address.
  • Phone Number - Search if a specific phone number is found in known breaches.
  • Username - Check if a username is in known breaches.
  • IP Address - Search known breaches for a specific IP address.
  • Domain - Verify if a domain is found in known breaches.
  • (optional) Start - Only include breaches that occurred after a specific date/time.
  • (optional) End - Only include breaches that occurred before a specific date/time.
  • (optional) Severity - Filter results by only including breaches with a specific severity.
  • (optional) Verbose - Include the API parameters in the provided response.
  • (optional) Raw - Add all raw data from the provider to the response.
  • (optional) Provider - Set the provider to request the breach data.
  • (optional) Cursor - Token used to paginate through results when the results are > 1000. Each page includes a maximum of 1000 total results.

Your API request might look like the example below. For more information on the available parameters and schemas for this API, check out the API reference docs .

For your app to communicate with the Pangea service, you must put the values of the following Configuration Details into the PANGEA_INTEL_TOKEN and PANGEA_DOMAIN environment variables:

  • token
  • domain

These Configuration Details are created when you enable User Intel and can be found in the Overview section under User Intel.

Set environment variables

To set each variable in bash:

export PANGEA_DOMAIN="yourServiceDomain"
export PANGEA_INTEL_TOKEN="yourAccessToken"
POST/v1/user/breached
curl -sSLX POST 'https://user-intel.'"$PANGEA_DOMAIN"'/v1/user/breached' \
-H 'Authorization: Bearer '"$PANGEA_INTEL_TOKEN" \
-H 'Content-Type: application/json' \
-d '{"email":"test@example.com"}'

Look up a breached password

To find out if a password has been exposed in security breaches, provide a 5-character hash_prefix of the password and the hash_type. All other parameters are optional. Your API request might look like the example below:

POST/v1/user/breached
curl -sSLX POST 'https://user-intel.'"$PANGEA_DOMAIN"'/v1/password/breached' \
-H 'Authorization: Bearer '"$PANGEA_INTEL_TOKEN" \
-H 'Content-Type: application/json' \
-d '{"hash_type":"sha256","hash_prefix":"5baa6"}'

Was this article helpful?

Contact us