Features Cyber Intel Tools Pricing
// developer docs

REST API

Integrate breach intelligence into your application. Query by email, username, domain, or phone. Returns breach metadata, impact scores, and dark web signals — richer data than HIBP.

Coming Soon v1 Beta REST / JSON
On this page
Quick start Authentication
Endpoints Email lookup Domain lookup Breach list
Response schema Errors Rate limits & plans
// 01
Quick start
Make your first request in under a minute. No setup required for free tier.
cURL 
curl "https://dataleakz.com/api/v1/breach-check" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -G \
  --data-urlencode "[email protected]"
JavaScript 
const res = await fetch("https://dataleakz.com/api/v1/[email protected]", {
  headers: { "Authorization": "Bearer YOUR_API_KEY" }
});
const data = await res.json();
console.log(data.breach_count); // 3
Python 
import requests

res = requests.get(
    "https://dataleakz.com/api/v1/breach-check",
    params={"email": "[email protected]"},
    headers={"Authorization": "Bearer YOUR_API_KEY"}
)
data = res.json()
print(data["breach_count"])  # 3
// 02
Authentication
All requests require an API key passed as a Bearer token in the Authorization header.
Header
string
Authorization: Bearer dlz_YOUR_API_KEY
Key format
string
Keys are prefixed dlz_ followed by 32 random characters. Get yours from the dashboard after signup.
Key rotation
You can rotate your key at any time from the dashboard. Old keys are immediately invalidated.
// 03
Endpoints
Base URL: https://dataleakz.com/api/v1
GET /breach-check Look up an email address
ParameterTypeRequiredDescription
emailstringRequiredEmail address to check
include_detailsbooleanOptionalReturn full breach metadata (default: true)
include_scorebooleanOptionalInclude impact score per breach (Pro+)
darkwebbooleanOptionalInclude dark web signals (Pro+)
Response
{
  "email": "[email protected]",
  "found": true,
  "breach_count": 3,
  "impact_score": 72,
  "darkweb_detected": false,
  "breaches": [
    {
      "name": "Ticketmaster",
      "date": "2024-06-01",
      "records": 560000000,
      "data_classes": ["Emails", "Partial payment", "Names"],
      "severity": "critical",
      "impact_score": 88,
      "remediation": "Monitor bank statements from Jun 2024"
    }
  ]
}
GET /domain-check Scan an entire domain (Business+)
ParameterTypeRequiredDescription
domainstringRequiredDomain to scan, e.g. company.com
limitintegerOptionalMax results returned (default: 100)
Response
{
  "domain": "company.com",
  "accounts_found": 14,
  "total_breaches": 38,
  "risk_score": 61,
  "accounts": [
    {
      "email": "[email protected]",
      "breach_count": 4,
      "impact_score": 82,
      "priority": "high"
    }
  ]
}
GET /breaches List all indexed breaches
ParameterTypeRequiredDescription
pageintegerOptionalPage number (default: 1)
limitintegerOptionalResults per page, max 100 (default: 20)
sincedateOptionalFilter breaches after this date (YYYY-MM-DD)
// 04
Response schema
All responses are JSON. Every response includes a top-level success field.
found
boolean
Whether any breaches were found for the query.
breach_count
integer
Total number of breaches the email appeared in.
impact_score
integer
0–100 score. Higher = more severe exposure. Weighted by data sensitivity and recency.
darkweb_detected
boolean
Whether credentials were found on dark web sources (Pro+).
breaches[].severity
string
One of critical, high, medium, low.
breaches[].remediation
string
Plain-English action step for this specific breach.
rate_limit_remaining
integer
Requests remaining in the current window. Also available in response headers.
// 05
Error codes
All errors return a JSON body with a code and message.
HTTP Code Meaning
400 invalid_query Missing or malformed parameter
401 unauthorized Missing or invalid API key
403 plan_required Feature requires a higher plan (e.g. domain check requires Business)
429 rate_limited Request quota exceeded. Check X-RateLimit-Reset header
500 server_error Something went wrong on our end. Retry with exponential backoff
// 06
Rate limits & plans
Rate limits are per API key per rolling 30-day window.
PlanPriceRequests / moFeatures
Free $0 1,000 / mo Email lookup, basic breach data
Pro $4 / mo 50,000 / mo Impact scores, dark web signals, remediation data
Business $19 / mo 100,000 / mo Domain lookup, bulk endpoints, Slack webhooks, CSV export
Rate limit headers included on every response: X-RateLimit-Limit · X-RateLimit-Remaining · X-RateLimit-Reset
API keys coming soon
Sign up for early access and get notified when the API goes live. Pro trial users get first access.
Get early access →