> ## Documentation Index
> Fetch the complete documentation index at: https://docs.encrata.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Check Breaches

> Check if an email has been exposed in known data breaches via HIBP. Free — no credits consumed.

## Authentication

Requires an API key in the `Authorization` header.

```bash theme={"dark"}
Authorization: Bearer YOUR_API_KEY
```

## Request

<ParamField body="email" type="string" required>
  The email address to check for data breaches. The legacy key `e` is still accepted.
</ParamField>

### Example request

<CodeGroup>
  ```bash cURL (API Key) theme={"dark"}
  curl -X POST "https://encrata.com/api/agent/breaches" \
    -H "Authorization: Bearer YOUR_API_KEY" \
    -H "Content-Type: application/json" \
    -d '{"email": "test@example.com"}'
  ```

  ```python Python theme={"dark"}
  import requests

  resp = requests.post(
      "https://encrata.com/api/agent/breaches",
      headers={"Authorization": "Bearer YOUR_API_KEY"},
      json={"email": "test@example.com"},
  )
  print(resp.json())
  ```

  ```javascript JavaScript theme={"dark"}
  const resp = await fetch("https://encrata.com/api/agent/breaches", {
    method: "POST",
    headers: {
      Authorization: "Bearer YOUR_API_KEY",
      "Content-Type": "application/json",
    },
    body: JSON.stringify({ email: "test@example.com" }),
  });
  const data = await resp.json();
  ```
</CodeGroup>

## Response

<ResponseField name="email" type="string">
  The email address that was checked.
</ResponseField>

<ResponseField name="count" type="number">
  Number of known data breaches the email appears in.
</ResponseField>

<ResponseField name="services" type="string[]">
  Names of breached services (e.g. `["LinkedIn", "Adobe"]`). Only present when count > 0.
</ResponseField>

<ResponseField name="exposed_data" type="string[]">
  Types of data exposed (e.g. `["Passwords", "Email addresses"]`). Only present when count > 0.
</ResponseField>

<ResponseField name="message" type="string">
  Human-readable summary.
</ResponseField>

### Example responses

```json No breaches theme={"dark"}
{
  "email": "safe@example.com",
  "count": 0,
  "message": "No known data breaches."
}
```

```json Breaches found theme={"dark"}
{
  "email": "user@example.com",
  "count": 3,
  "services": ["LinkedIn", "Adobe", "Dropbox"],
  "exposed_data": ["Email addresses", "Passwords", "Usernames"],
  "message": "Found in 3 breach(es)."
}
```

## Notes

* This endpoint is **free** — no credits are deducted.
* Data sourced from [Have I Been Pwned](https://haveibeenpwned.com/).
* Rate limited to **60 requests per minute**.
