Skip to main content
Every Pro API v2 endpoint requires an API key. The Public API needs no authentication.

Getting an API key

You can obtain your personal API key in your account settings on leakcheck.io. Keys are at least 40 characters long.

Passing the key

There are two ways to authenticate a request:
  1. Header (recommended) — send the key in the X-API-Key header:
Accept: application/json
X-API-Key: 8cb2237d0679ca88db6464eac60da96345513964
  1. Query parameter — pass it as ?key=:
curl "https://leakcheck.io/api/v2/query/example@example.com?key=$LEAKCHECK_APIKEY"
Prefer the header: query strings tend to end up in access logs, proxies and browser history, so ?key= is best kept for quick tests and environments where setting headers is inconvenient.
curl "https://leakcheck.io/api/v2/query/example@example.com" \
  -H "Accept: application/json" \
  -H "X-API-Key: $LEAKCHECK_APIKEY"
Keep the key out of your source code — read it from an environment variable (the official Python wrapper picks up LEAKCHECK_APIKEY automatically).
Requests without the header are rejected with 401 Missing X-API-Key, and requests with a wrong key with 400 Invalid X-API-Key — see Errors for the full list.