HaveIBeenPwned · Authentication Profile

Haveibeenpwned Authentication

Authentication

HaveIBeenPwned secures its APIs with apiKey across 1 declared security scheme, as derived from its OpenAPI definitions.

SecurityBreach NotificationCredential StuffingStealer LogsK-AnonymityPrivacyIdentity
Methods: apiKey Schemes: 1 OAuth flows: API key in: header

Security Schemes

ApiKeyAuth apiKey
· in: header (hibp-api-key)

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/hibp-openapi.yml
summary:
  types:
  - apiKey
  api_key_in:
  - header
schemes:
- name: ApiKeyAuth
  type: apiKey
  in: header
  parameter: hibp-api-key
  description: |-
    32-character hexadecimal API key issued at https://haveibeenpwned.com/API/Key.
    Required for all account, paste, stealer log, domain search, and subscription endpoints.
  sources:
  - openapi/hibp-openapi.yml