Skip to main content
The Public API tells you where an identifier was leaked and what kinds of data were exposed, without revealing the data itself. It requires no authentication and is free to use, including for commercial projects.
GET https://leakcheck.io/api/public?check={query}
The search type is detected automatically.

Accepted data

TypeSampleNotes
E-mailexample@example.com
E-mail by hash31c5543c1734d25c7206f5fdSHA256, truncated to 24 characters
Usernameexamplemin. 3 characters

Sample request

curl "https://leakcheck.io/api/public?check=example@example.com"
import requests

response = requests.get(
    "https://leakcheck.io/api/public",
    params={"check": "example@example.com"},
)
data = response.json()
if data["found"]:
    for source in data["sources"]:
        print(f"{source['name']} ({source['date']})")
from leakcheck import LeakCheckAPI_Public

public_api = LeakCheckAPI_Public()
result = public_api.lookup(query="example@example.com")
print(result)
const response = await fetch(
  "https://leakcheck.io/api/public?check=" +
    encodeURIComponent("example@example.com")
);
const data = await response.json();
if (data.found) {
  for (const source of data.sources) {
    console.log(`${source.name} (${source.date})`);
  }
}
<?php
$check = urlencode("example@example.com");
$data = json_decode(
    file_get_contents("https://leakcheck.io/api/public?check={$check}"),
    true
);
foreach ($data["sources"] ?? [] as $source) {
    echo "{$source['name']} ({$source['date']})\n";
}
package main

import (
	"encoding/json"
	"fmt"
	"net/http"
	"net/url"
)

func main() {
	resp, err := http.Get(
		"https://leakcheck.io/api/public?check=" +
			url.QueryEscape("example@example.com"))
	if err != nil {
		panic(err)
	}
	defer resp.Body.Close()

	var data struct {
		Success bool     `json:"success"`
		Found   int      `json:"found"`
		Fields  []string `json:"fields"`
		Sources []struct {
			Name string `json:"name"`
			Date string `json:"date"`
		} `json:"sources"`
	}
	json.NewDecoder(resp.Body).Decode(&data)
	for _, s := range data.Sources {
		fmt.Printf("%s (%s)\n", s.Name, s.Date)
	}
}

Sample response

{
    "success": true,
    "found": 3,
    "fields": ["username", "first_name", "address"],
    "sources": [
        {
            "name": "Evony.com",
            "date": "2016-07"
        },
        {
            "name": "I-Dressup.com",
            "date": "2016-08"
        },
        {
            "name": "Zynga.com",
            "date": "2019-09"
        }
    ]
}

Response fields

found
integer
Number of breach records that match the query.
fields
array
Categories of data exposed across the matching breaches (e.g. username, first_name, address). The values themselves are never returned — use the Pro API for full records.
sources
array
The breaches the identifier appears in, each with a name and a date (YYYY-MM).

Rate limit

The Public API is limited to 1 request per second.

Terms and conditions

The one and only thing required is to add a small “Powered by LeakCheck” link if you use the API on your website. The text can vary but should include the service name. You can also use affiliate links.