Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I wish the post made more clear, ideally right at the top, that the new fee applies only to third-party apps that access the HIBP API, not to end users whose email addresses are being checked against the API. You have to read through the post a bit before that becomes clear.

Individual users who just want to figure out whether they've been pwned will not have to pony up the cash. They can still visit https://haveibeenpwned.com and get that information for free.



Perhaps it could be made more clear, but from the post I thought it was very apparent he was only talking about API abuse; most of the introductory text was concerning rate-limiting.


It would also be great to emphasize that this only applies to the HIBP API, and the Pwned Passwords API will still be free. (It's mentioned about half-way through the article.)


I completely missed this because of skimming. Almost jumped the gun on subscribing. Use the pwned password API a lot. (I use the email-based one not at all.)


Hm, I didn't actually realize there was a separate Pwned Passwords API. Having trouble finding docs on it (could be becuase I'm a horrible googler).


Pwned Passwords is detailed towards the bottom of the API page - https://haveibeenpwned.com/API/v3


Domain wide breach searches for a domain you control still appears to work for free as well.


Bury the lede.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: