> ## Documentation Index
> Fetch the complete documentation index at: https://docs.leakcheck.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Public lookup

> Free, unauthenticated lookup. Returns which breaches an identifier appears in and which data categories were exposed — never the values themselves. Use the Pro API for full records. Rate limited to 1 request per second.



## OpenAPI

````yaml https://leakcheck.io/openapi.json get /api/public
openapi: 3.1.0
info:
  title: LeakCheck API
  version: 2.0.0
  summary: Data breach search — check whether credentials appear in known leaks.
  description: >-
    LeakCheck exposes two HTTP APIs on the same origin:


    - **Pro API v2** — authenticated, returns full breach records (email,
    username, phone, domain, hash and more).

    - **Public API** — free and unauthenticated, returns only *which* breaches
    an identifier appears in and *which categories* of data were exposed, never
    the values themselves.


    Human-readable guides: https://docs.leakcheck.io
  termsOfService: https://leakcheck.io/tos
  contact:
    name: LeakCheck
    url: https://leakcheck.io/contact
    email: the@leakcheck.net
servers:
  - url: https://leakcheck.io
    description: Production
security:
  - ApiKeyHeader: []
  - ApiKeyQuery: []
tags:
  - name: Pro API v2
    description: Authenticated lookup returning full breach records.
  - name: Public API
    description: Free, unauthenticated breach-source lookup.
externalDocs:
  description: Full documentation
  url: https://docs.leakcheck.io/overview
paths:
  /api/public:
    get:
      tags:
        - Public API
      summary: Public lookup
      description: >-
        Free, unauthenticated lookup. Returns which breaches an identifier
        appears in and which data categories were exposed — never the values
        themselves. Use the Pro API for full records. Rate limited to 1 request
        per second.
      operationId: publicLookup
      parameters:
        - name: check
          in: query
          required: true
          description: >-
            An email address, a SHA-256 email hash (optionally truncated to 24
            characters), or a username (min. 3 characters). The type is
            auto-detected.
          schema:
            type: string
            minLength: 3
          example: example@example.com
      responses:
        '200':
          description: Search completed.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PublicLookupResponse'
              examples:
                found:
                  summary: Sources found
                  value:
                    success: true
                    found: 3
                    fields:
                      - username
                      - first_name
                      - address
                    sources:
                      - name: Evony.com
                        date: 2016-07
                      - name: I-Dressup.com
                        date: 2016-08
                      - name: Zynga.com
                        date: 2019-09
        '429':
          $ref: '#/components/responses/TooManyRequests'
      security: []
components:
  schemas:
    PublicLookupResponse:
      type: object
      required:
        - success
        - found
      properties:
        success:
          type: boolean
        found:
          type: integer
          description: Number of breach records that match the query.
        fields:
          type: array
          items:
            type: string
          description: >-
            Categories of data exposed across the matching breaches. The values
            themselves are never returned.
        sources:
          type: array
          items:
            $ref: '#/components/schemas/PublicSource'
    PublicSource:
      type: object
      properties:
        name:
          type: string
        date:
          type: string
          description: Month of the breach, YYYY-MM.
          examples:
            - 2016-07
    Error:
      type: object
      required:
        - success
      additionalProperties: true
      properties:
        success:
          type: boolean
          const: false
        error:
          type: string
          description: Human-readable description of the failure.
  responses:
    TooManyRequests:
      description: >-
        Rate limit exceeded. Pro API v2: 3 requests/second (adjustable in
        settings). Public API: 1 request/second. Back off and retry.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  securitySchemes:
    ApiKeyHeader:
      type: apiKey
      in: header
      name: X-API-Key
      description: >-
        API key in the X-API-Key header (recommended). Keys are at least 40
        characters long.
    ApiKeyQuery:
      type: apiKey
      in: query
      name: key
      description: >-
        API key as the ?key= query parameter. Prefer the header — query strings
        leak into logs, proxies and history.

````