> ## Documentation Index
> Fetch the complete documentation index at: https://docs.leakcheck.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Pro lookup

> Search full breach records by email, username, phone number, domain, hash and more. Requires an [API key](https://docs.leakcheck.io/authentication) passed either in the `X-API-Key` header (recommended) or as the `?key=` query parameter.



## OpenAPI

````yaml https://leakcheck.io/openapi.json get /api/v2/query/{query}
openapi: 3.1.0
info:
  title: LeakCheck API
  version: 2.0.0
  summary: Data breach search — check whether credentials appear in known leaks.
  description: >-
    LeakCheck exposes two HTTP APIs on the same origin:


    - **Pro API v2** — authenticated, returns full breach records (email,
    username, phone, domain, hash and more).

    - **Public API** — free and unauthenticated, returns only *which* breaches
    an identifier appears in and *which categories* of data were exposed, never
    the values themselves.


    Human-readable guides: https://docs.leakcheck.io
  termsOfService: https://leakcheck.io/tos
  contact:
    name: LeakCheck
    url: https://leakcheck.io/contact
    email: the@leakcheck.net
servers:
  - url: https://leakcheck.io
    description: Production
security:
  - ApiKeyHeader: []
  - ApiKeyQuery: []
tags:
  - name: Pro API v2
    description: Authenticated lookup returning full breach records.
  - name: Public API
    description: Free, unauthenticated breach-source lookup.
externalDocs:
  description: Full documentation
  url: https://docs.leakcheck.io/overview
paths:
  /api/v2/query/{query}:
    get:
      tags:
        - Pro API v2
      summary: Pro lookup
      description: >-
        Search full breach records by email, username, phone number, domain,
        hash and more. Requires an [API
        key](https://docs.leakcheck.io/authentication) passed either in the
        `X-API-Key` header (recommended) or as the `?key=` query parameter.
      operationId: proLookup
      parameters:
        - name: query
          in: path
          required: true
          description: >-
            Value to search for — an email address, username, phone number,
            hash, domain, etc. Minimum 3 characters.
          schema:
            type: string
            minLength: 3
          example: example@example.com
        - name: type
          in: query
          required: false
          description: >-
            Search type. Omit to auto-detect (works for email, username, phone
            and hash). `domain`, `keyword`, `origin`, `password` and `phash`
            must be set explicitly; `origin`, `password` and `phash` are
            Enterprise-only.
          schema:
            type: string
            enum:
              - auto
              - email
              - domain
              - keyword
              - username
              - phone
              - hash
              - phash
              - origin
              - password
        - name: limit
          in: query
          required: false
          description: Maximum number of rows to return.
          schema:
            type: integer
            default: 100
            minimum: 1
            maximum: 1000
        - name: offset
          in: query
          required: false
          description: Number of rows to skip, for pagination.
          schema:
            type: integer
            default: 0
            minimum: 0
            maximum: 2500
      responses:
        '200':
          description: >-
            Search completed. `found` is 0 with an empty `result` when nothing
            matched.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ProLookupResponse'
              examples:
                found:
                  summary: Record found
                  value:
                    success: true
                    found: 1
                    quota: 400
                    result:
                      - email: example@example.com
                        source:
                          name: BreachedWebsite.net
                          breach_date: 2019-07
                          unverified: 0
                          passwordless: 0
                          compilation: 0
                        first_name: Example
                        last_name: Example
                        username: leakcheck
                        fields:
                          - first_name
                          - last_name
                          - username
                empty:
                  summary: Nothing found
                  value:
                    success: true
                    found: 0
                    quota: 400
                    result: []
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '422':
          $ref: '#/components/responses/UnprocessableType'
        '429':
          $ref: '#/components/responses/TooManyRequests'
      security:
        - ApiKeyHeader: []
        - ApiKeyQuery: []
components:
  schemas:
    ProLookupResponse:
      type: object
      required:
        - success
        - found
        - result
      properties:
        success:
          type: boolean
        found:
          type: integer
          description: Number of rows found and returned.
        quota:
          type: integer
          description: Number of queries remaining on the account.
        result:
          type: array
          items:
            $ref: '#/components/schemas/ProResultRow'
    ProResultRow:
      type: object
      description: >-
        A single breach record. The set of populated fields varies by source;
        the `fields` array names the data present in this row. The property list
        below is representative, not exhaustive.
      additionalProperties: true
      properties:
        source:
          $ref: '#/components/schemas/Source'
        fields:
          type: array
          items:
            type: string
          description: Names of the data fields present in this row.
        email:
          type: string
        username:
          type: string
        password:
          type: string
        first_name:
          type: string
        last_name:
          type: string
        name:
          type: string
        dob:
          type: string
        address:
          type: string
        zip:
          type: string
        phone:
          type: string
    Error:
      type: object
      required:
        - success
      additionalProperties: true
      properties:
        success:
          type: boolean
          const: false
        error:
          type: string
          description: Human-readable description of the failure.
    Source:
      type: object
      description: The breach a row came from.
      properties:
        name:
          type: string
        breach_date:
          type: string
          description: Month of the breach, YYYY-MM, when known.
          examples:
            - 2019-07
        unverified:
          type: integer
          enum:
            - 0
            - 1
          description: 1 if the origin of the leak is not fully verified.
        passwordless:
          type: integer
          enum:
            - 0
            - 1
          description: 1 if the records contain no passwords.
        compilation:
          type: integer
          enum:
            - 0
            - 1
          description: 1 if the source is a compilation of multiple leaks.
  responses:
    BadRequest:
      description: >-
        Invalid request — e.g. invalid API key, invalid `type`, invalid
        email/query/domain, query shorter than 3 characters, or disallowed
        characters.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: Missing X-API-Key header.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Forbidden:
      description: >-
        An active plan is required, or the plan's usage quota/limit has been
        reached.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    UnprocessableType:
      description: >-
        The search type could not be determined automatically — pass an explicit
        `type` parameter.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    TooManyRequests:
      description: >-
        Rate limit exceeded. Pro API v2: 3 requests/second (adjustable in
        settings). Public API: 1 request/second. Back off and retry.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  securitySchemes:
    ApiKeyHeader:
      type: apiKey
      in: header
      name: X-API-Key
      description: >-
        API key in the X-API-Key header (recommended). Keys are at least 40
        characters long.
    ApiKeyQuery:
      type: apiKey
      in: query
      name: key
      description: >-
        API key as the ?key= query parameter. Prefer the header — query strings
        leak into logs, proxies and history.

````