You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Secondly, the existing API (that many people have created dependencies on!) still works just fine. It also points to the storage repository for V2 of the password set so it's now searching through the full half billion records. I'll leave this running for the foreseeable future, but if you are using it then I'd prefer you roll over to the endpoint on api.pwnedpasswords.com for the reasons mentioned above, and for these other reasons:
If you were using the original API via HTTP GET, rolling over to the new one changes absolutely nothing in your implementation other than the URL which will look like this:
GET https://api.pwnedpasswords.com/pwnedpassword/{password}
It'll still return HTTP 200 when a password is found and 404 when it's not.
But he also added new endpoint that improves user's anonymity by receiving only first 5 chars of the hash.
The text was updated successfully, but these errors were encountered:
I saw, thanks for the reminder! I’ll try to write a new check for the next release. The API is giving me some head aches though so it might not make it to 4.7.1.
Troy Hunt just launched "Pwned Passwords" V2.
He recommends switching to the new domain:
But he also added new endpoint that improves user's anonymity by receiving only first 5 chars of the hash.
The text was updated successfully, but these errors were encountered: