DEV Community: CodeLong888 The latest articles on DEV Community by CodeLong888 (@codelong888). https://dev.to/codelong888 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3891284%2F7cd6aec6-b3b2-4745-b86e-7d2bec7fe714.png DEV Community: CodeLong888 https://dev.to/codelong888 en How to Check for Email Breaches Programmatically (Free API, No Key) CodeLong888 Tue, 21 Apr 2026 20:00:23 +0000 https://dev.to/codelong888/how-to-check-for-email-breaches-programmatically-free-api-no-key-3ib4 https://dev.to/codelong888/how-to-check-for-email-breaches-programmatically-free-api-no-key-3ib4 <h2> The Problem </h2> <p>You're building an app and need to warn users if their email has been compromised in a data breach. The options are:</p> <ul> <li> <strong>HaveIBeenPwned API</strong>: Requires a paid API key ($3.50/month)</li> <li> <strong>Build your own</strong>: You'd need to aggregate breach databases yourself</li> <li> <strong>HackMyIP Breach API</strong>: Free, no key, JSON response</li> </ul> <p>I built the third option. Here's how to use it.</p> <h2> Quick Start </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="s2">"https://hackmyip.com/api/breach?email=test@example.com"</span> </code></pre> </div> <p>Response:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"success"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"data"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"email"</span><span class="p">:</span><span class="w"> </span><span class="s2">"tes***@example.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"breaches"</span><span class="p">:</span><span class="w"> </span><span class="mi">13</span><span class="p">,</span><span class="w"> </span><span class="nl">"services"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"Adobe"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Canva"</span><span class="p">,</span><span class="w"> </span><span class="s2">"LinkedIn"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Dropbox"</span><span class="p">,</span><span class="w"> </span><span class="err">...</span><span class="p">],</span><span class="w"> </span><span class="nl">"risk"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"score"</span><span class="p">:</span><span class="w"> </span><span class="mi">71</span><span class="p">,</span><span class="w"> </span><span class="nl">"level"</span><span class="p">:</span><span class="w"> </span><span class="s2">"high"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"passwords"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"plain_text"</span><span class="p">:</span><span class="w"> </span><span class="mi">3</span><span class="p">,</span><span class="w"> </span><span class="nl">"weak_hash"</span><span class="p">:</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="w"> </span><span class="nl">"strong_hash"</span><span class="p">:</span><span class="w"> </span><span class="mi">5</span><span class="p">,</span><span class="w"> </span><span class="nl">"total"</span><span class="p">:</span><span class="w"> </span><span class="mi">10</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>No API key. No signup. No rate limits for reasonable use.</p> <h2> JavaScript Example </h2> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nf">checkBreach</span><span class="p">(</span><span class="nx">email</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span> <span class="s2">`https://hackmyip.com/api/breach?email=</span><span class="p">${</span><span class="nf">encodeURIComponent</span><span class="p">(</span><span class="nx">email</span><span class="p">)}</span><span class="s2">`</span> <span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">data</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">breaches</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`⚠️ Found in </span><span class="p">${</span><span class="nx">data</span><span class="p">.</span><span class="nx">breaches</span><span class="p">}</span><span class="s2"> breaches!`</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Risk level: </span><span class="p">${</span><span class="nx">data</span><span class="p">.</span><span class="nx">risk</span><span class="p">.</span><span class="nx">level</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Affected services: </span><span class="p">${</span><span class="nx">data</span><span class="p">.</span><span class="nx">services</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="dl">'</span><span class="s1">, </span><span class="dl">'</span><span class="p">)}</span><span class="s2">`</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">passwords</span><span class="p">?.</span><span class="nx">plain_text</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`🚨 </span><span class="p">${</span><span class="nx">data</span><span class="p">.</span><span class="nx">passwords</span><span class="p">.</span><span class="nx">plain_text</span><span class="p">}</span><span class="s2"> passwords stored in plain text!`</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">✅ No breaches found</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="nf">checkBreach</span><span class="p">(</span><span class="dl">'</span><span class="s1">user@example.com</span><span class="dl">'</span><span class="p">);</span> </code></pre> </div> <h2> Python Example </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">requests</span> <span class="k">def</span> <span class="nf">check_breach</span><span class="p">(</span><span class="n">email</span><span class="p">):</span> <span class="n">resp</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">https://hackmyip.com/api/breach?email=</span><span class="si">{</span><span class="n">email</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">data</span> <span class="o">=</span> <span class="n">resp</span><span class="p">.</span><span class="nf">json</span><span class="p">()[</span><span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">]</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Breaches: </span><span class="si">{</span><span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">breaches</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Risk: </span><span class="si">{</span><span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">risk</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">level</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> (</span><span class="si">{</span><span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">risk</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">score</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">/100)</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">data</span><span class="p">[</span><span class="sh">"</span><span class="s">passwords</span><span class="sh">"</span><span class="p">]:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Plain text passwords: </span><span class="si">{</span><span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">passwords</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">plain_text</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">data</span> <span class="nf">check_breach</span><span class="p">(</span><span class="sh">"</span><span class="s">user@example.com</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h2> All Available Endpoints </h2> <p>HackMyIP isn't just breach checking. It's a full privacy API:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Endpoint</th> <th>Description</th> <th>Auth</th> </tr> </thead> <tbody> <tr> <td><code>GET /api/breach?email=x</code></td> <td>Email breach check (500+ databases)</td> <td>None</td> </tr> <tr> <td><code>GET /api/ip</code></td> <td>Your IP + geolocation + VPN detection + privacy score</td> <td>None</td> </tr> <tr> <td><code>GET /api/lookup?ip=x</code></td> <td>Look up any IP address</td> <td>None</td> </tr> <tr> <td><code>GET /api/score</code></td> <td>IP cleanliness grade (A-D) + VPN detection</td> <td>None</td> </tr> </tbody> </table></div> <p>All endpoints return JSON with CORS enabled. Use from any domain.</p> <h2> Comparison with Alternatives </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>HackMyIP</th> <th>HaveIBeenPwned</th> <th>LeakCheck</th> </tr> </thead> <tbody> <tr> <td>Price</td> <td>Free</td> <td>$3.50/month</td> <td>Freemium</td> </tr> <tr> <td>API Key Required</td> <td>No</td> <td>Yes</td> <td>Yes</td> </tr> <tr> <td>Breach Check</td> <td>✅</td> <td>✅</td> <td>✅</td> </tr> <tr> <td>Risk Scoring</td> <td>✅</td> <td>❌</td> <td>❌</td> </tr> <tr> <td>Password Analysis</td> <td>✅</td> <td>❌</td> <td>✅</td> </tr> <tr> <td>IP Geolocation</td> <td>✅</td> <td>❌</td> <td>❌</td> </tr> <tr> <td>VPN Detection</td> <td>✅</td> <td>❌</td> <td>❌</td> </tr> <tr> <td>Privacy Score</td> <td>✅</td> <td>❌</td> <td>❌</td> </tr> <tr> <td>CORS</td> <td>✅</td> <td>❌</td> <td>❌</td> </tr> </tbody> </table></div> <h2> npm Package </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>hackmyip </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">checkBreach</span><span class="p">,</span> <span class="nx">getMyIP</span><span class="p">,</span> <span class="nx">getPrivacyScore</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">hackmyip</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">breach</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">checkBreach</span><span class="p">(</span><span class="dl">'</span><span class="s1">user@example.com</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">ip</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getMyIP</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">score</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getPrivacyScore</span><span class="p">();</span> </code></pre> </div> <h2> Use Cases </h2> <ul> <li> <strong>User registration</strong>: Check if a new user's email has been compromised and suggest a password change</li> <li> <strong>Security dashboards</strong>: Display breach status for monitored accounts</li> <li> <strong>Compliance tools</strong>: Verify employee email exposure</li> <li> <strong>Personal projects</strong>: Build your own "Have I Been Pwned" checker</li> <li> <strong>CLI tools</strong>: Quick breach checks from the terminal</li> </ul> <h2> Links </h2> <ul> <li>🌐 Website: <a href="https://hackmyip.com" rel="noopener noreferrer">hackmyip.com</a> </li> <li>📖 API Docs: <a href="https://hackmyip.com/api" rel="noopener noreferrer">hackmyip.com/api</a> </li> <li>🔍 Email Breach Checker: <a href="https://hackmyip.com/breach" rel="noopener noreferrer">hackmyip.com/breach</a> </li> <li>📦 npm: <a href="https://www.npmjs.com/package/hackmyip" rel="noopener noreferrer">hackmyip</a> </li> <li>🐙 GitHub: <a href="https://github.com/Hackmyip/hackmyip-js" rel="noopener noreferrer">github.com/Hackmyip/hackmyip-js</a> </li> <li>📋 OpenAPI Spec: <a href="https://hackmyip.com/.well-known/openapi.json" rel="noopener noreferrer">hackmyip.com/.well-known/openapi.json</a> </li> </ul> <p><em>Built as a solo project on Cloudflare Workers. Feedback welcome!</em></p> security api privacy webdev