Introduction
SpyCloud's CAP - Password Exposure API is a programmatic interface for using k-anonymity to anonymously check if a password has ever been exposed before. This endpoint will allow users to query for exposed passwords while keeping to compliance and regulatory requirements.
K-anonymity is often referred to as the power of “hiding in the crowd.” Individuals’ data is hashed and then pooled in a larger group, meaning information in the group could correspond to any single member, thus masking the identity of the individual or individuals in question.
See API Guidelines for authentication, configuration, and error handling details.
API Reference
Hashing
Users can choose one of four hash types: sha1, sha256, sha512, or ntlm.
For example, a sha1 hash edb9b4a7ec13377a368ba4e88bb9e121c99ed425 was created from password sprinkles.
Prefixes
You must submit a hash prefix of 5 characters. For the example above you would make the following query:
https://api.spycloud.io/nist-password-v2/check/hashes/edb9b?type=sha1