I checked it and as you said, whenever it can’t find the username or email in the DB it’ll 404.
Fixed by being less lazy and handling 404s myself, API works great now.
What I did (Future ref for Delphi/Pascal devs):
HTTPClient := TIdHTTP.Create(nil);
try
HTTPClient.Request.UserAgent := 'Mozilla/5.0 (compatible; <App name>/<Version>; Windows NT 6.0;)';
HTTPClient.ConnectTimeout := 7000; // 7 seconds, just to be sure
HTTPClient.ReadTimeout := 5000; // 5 seconds as mashape can have a delay from time to time
HTTPClient.Request.CustomHeaders.AddValue('X-Mashape-Key', '<API key>');
HTTPClient.Request.CustomHeaders.AddValue('Accept', 'application/json');
HTTPClient.HTTPOptions := HTTPClient.HTTPOptions + [hoNoProtocolErrorException]; // Indy should not handle protocol exceptions
try
try
JSONStr := HTTPClient.Get('https://troyhunt-have-i-been-pwned.p.mashape.com/v2/breachedaccount/' + URLSafeText);
except
on E: EIdHTTPProtocolException do
begin
if E.ErrorCode = 404 then // The API couldn't fine a breach
begin
WriteLn('No breaches found');
Exit;
end else // Something went horribly wrong
begin
WriteLn('API derped' + sLineBreak + 'Message: ' + E.Message);
Exit;
end;
end;
end;
{ Add your JSON stuff here }
except
on E: Exception do // If anything else goes wrong, raise a proper exception.
raise Exception.Create('Error: ' + E.Message);
end;
finally
FreeAndNil(HTTPClient);
end;
Edit: I also noticed I made a slight mistake when cropping the string. (Removed 2 chars too much, whoops)
It basically sent ‘st@test.com’ instead of ‘test@test.com’
I’m seeing 200 on the test endpoint, which account are you testing it with? You’ll see 404 if the account doesn’t exist in HIBP which is the correct semantic HTTP response.
Participez à la discussion - ajoutez un commentaire ci-dessous:
Connectez-vous / Inscrivez-vous pour publier de nouveaux commentaires
I checked it and as you said, whenever it can’t find the username or email in the DB it’ll 404.
Fixed by being less lazy and handling 404s myself, API works great now.
What I did (Future ref for Delphi/Pascal devs):
Edit: I also noticed I made a slight mistake when cropping the string. (Removed 2 chars too much, whoops)
It basically sent ‘st@test.com’ instead of ‘test@test.com’
Not too sure about the Mashape side of things, but this works perfectly: https://haveibeenpwned.com/api/v2/breachedaccount/test@test.com
Well, for ‘test’ and ‘example’ I get a 200
Whenever I use test@test.com it throws a 404.
I do use Delphi, though. But that shouldn’t be an issue.
I mean, the code is a bit messy but…
I’m seeing 200 on the test endpoint, which account are you testing it with? You’ll see 404 if the account doesn’t exist in HIBP which is the correct semantic HTTP response.