This endpoint is deprecated.
A breached credentials check is still performed when you make a Login Request.
The result is returned in the credentialStatus field of the Login Response.
|
The username to check in our breached credentials database. |
|
The SHA256 hash of the password being used with the username, to check in our breached credentials database. This should be hex encoded and be 64 characters long. Do not send plaintext passwords. We do not store the hashed passwords, we discard them immediately after processing the request. |
POST https://api.ravelin.com/v2/lookup/credentials/check HTTP/1.1
Authorization: token ...
Content-Type: application/json
{
"username": "test@example.com",
"passwordHash": "b3a056355d187c3f8267ffcb96a277909fb9ac1eaf4ab4dbfa75636fd4eecbf5"
}
|
usernameBreached
boolean
Indicates that the username was found in our breached credentials database. |
|
passwordBreached
boolean
Indicates that the password is either associated with the given username in our breached credentials database, or that the password is one of the most commonly used passwords. |
|
numBreachedPasswords
integer
The number of breached passwords found for the given username. |
|
status
integer
If there was an error, the response HTTP status code. |
|
message
string
If there was an error, a description of the error. |
|
timestamp
integer
If there was an error, the time the error occurred. |
|
traceId
string
If there was an error, a trace ID for the request, to be used internally by Ravelin. |
{
"usernameBreached": true,
"passwordBreached": true,
"numBreachedPasswords": 251
}
Was this page helpful?