Skip to main content
The Pro API v2 has a single lookup endpoint:
GET https://leakcheck.io/api/v2/query/{query}
Requires an API key — in the X-API-Key header or as a ?key= query parameter.

Parameters

query
string
required
The value to search for — an email address, username, phone number, hash, domain, etc. Minimum 3 characters.
key
string
Your API key, as an alternative to the X-API-Key header.
type
string
Search type. When omitted, the type is detected automatically (works for email, username, phone number and hash). Other types — such as domain, keyword, origin or password — must be set explicitly. See Search types for the full list.
limit
integer
default:"100"
Maximum number of rows to return. Cannot exceed 1000.
offset
integer
default:"0"
Number of rows to skip, for pagination. Cannot exceed 2500.

Sample request

curl "https://leakcheck.io/api/v2/query/example@example.com?limit=100" \
  -H "Accept: application/json" \
  -H "X-API-Key: $LEAKCHECK_APIKEY"

Sample response

{
    "success": true,
    "found": 1,
    "quota": 400,
    "result": [
        {
            "email": "example@example.com",
            "source": {
                "name": "BreachedWebsite.net",
                "breach_date": "2019-07",
                "unverified": 0,
                "passwordless": 0,
                "compilation": 0
            },
            "first_name": "Example",
            "last_name": "Example",
            "username": "leakcheck",
            "fields": ["first_name", "last_name", "username"]
        }
    ]
}
Or, if nothing was found:
{
    "success": true,
    "found": 0,
    "quota": 400,
    "result": []
}

Response fields

found
integer
Number of rows found and returned.
quota
integer
The number of queries remaining on your account.
result
array
Array of associative arrays containing the results of the search. Each row carries a source object (breach name, breach_date, and unverified / passwordless / compilation flags) plus a fields list naming the data present in that row.
Rows can contain various data from breached databases. The list includes but is not limited to: username, password, first_name, last_name, dob, address, zip, phone, name.