mike-jg / pwned-api
PwnedApi is a PHP library to work with the API at https://haveibeenpwned.com/API/v2/
Installs: 5
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 0
Forks: 0
Open Issues: 0
pkg:composer/mike-jg/pwned-api
Requires
- php: ^7.1
- guzzlehttp/guzzle: ^6.2
Requires (Dev)
- phpunit/phpunit: ^7.0
This package is not auto-updated.
Last update: 2025-10-12 11:26:31 UTC
README
This is meant as a simple way to interface with the service at https://haveibeenpwned.com/API/v2/
Installation
$ composer require mike-jg/pwned-api
Basic Usage
The preferred way to interact with the API is to use the Client::searchByRange
method, as this protects the value of the source password being searched for.
See https://haveibeenpwned.com/API/v2/#SearchingPwnedPasswordsByRange
<?php use PwnedApi\Client; $client = new Client(); $password = sha1("P@ssw0rd"); $rangeResult = $client->searchByRange($password); // Boolean: was this password found? echo $rangeResult->wasFound(); // How many times this password was found in the database echo $rangeResult->getCount();
Alternatively you can also search by a specific password to see if it was found. See https://haveibeenpwned.com/API/v2/#SearchingPwnedPasswordsByPassword
<?php use PwnedApi\Client; $client = new Client(); $password = sha1("P@ssw0rd"); $rangeResult = $client->searchByPasswordHash($password); // Boolean: was this password found? echo $rangeResult->wasFound(); // How many times this password was found in the database echo $rangeResult->getCount();
Overriding the HTTP client
To specify a different HTTP client to use, e.g. if you need to inject proxy details.
<?php use PwnedApi\Client; $client = new Client(); $client->setHttpClient(new GuzzleHttp\Client());