I suggest you ...

Add domain search capability to the API functions

I've been subscribing to the alerts for breaches related to our corporate domain, which is fantastic, but now that we have Splunk in house, I was hoping to connect directly to the API from a forwarder.

133 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    6 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • AdminTroy Hunt (Admin, Have I been pwned?) commented  ·   ·  Flag as inappropriate

        I'm keeping this idea open but also still under consideration. The main reason is that the present model of searching domains ensures the requestor still has control of the domain at the point of search. A persistent API key could still be used by someone who leaves the organisation and should no longer be authorised to access the data.

        That's the background, there's a few things in the pipeline that *may* make this more feasible, but there's no timeline as of now.

      • Sean commented  ·   ·  Flag as inappropriate

        I would love to be able to do a domain search for breaches and pastes using the API as well.

        It would decrease the load on your (already very efficient from the cloudflare caching and Azure functions) system(s) and processing time on mine. What I have to do now is iterate over my active accounts and aliases, then send each one to the API with a 1600 ms delay in between so I can collect breach information about my organizations accounts. If there were 3487 accounts/aliases, that would take about 1.5 hours. And I miss out on breach and paste data about no longer active accounts in my domain.

        If I could make an API call with the key you send me when you notify me of one of my active domain accounts showing up in a breach, I could get the data in one shot or two (one for pastes, one for breaches).
        ex: https://haveibeenpwned.com/DomainSearch/abc123def345ghi678jkl901mno234pqr5
        Where abc123def345ghi678jkl901mno234pqr5 is the key.

        Using the key you send in the "Run another domain search" link button along with the domain, I'd be using a key that's already been created during the domain control verification process. I could send the domain as a second factor.

        Possible? Likely?

      • KM commented  ·   ·  Flag as inappropriate

        This would be really appreciated. Even without SPLUNK I'd like the ability to check a domain against this database. Even if that means the results are partially anonymized. For example returning the amount of found mail addresses and in how many breaches total. Without returning the actual mail addresses would be great already.

      Feedback and Knowledge Base