Create TeamAdd Your APIDocs
Log In
Sign Up

Have I been pwned

FREE
By troyhunt | Updated 15 days ago | Other
Popularity

8.7 / 10

Latency

2,588ms

Service Level

100%

Health Check

N/A

Back to All Discussions

API returns 404 on test

Rapid account: Nuclearcat
nuclearcat
8 years ago

This API doesn’t work seems ,at least on test endpoint

Rapid account: Thibmo
Thibmo Commented 8 years ago

I checked it and as you said, whenever it can’t find the username or email in the DB it’ll 404.
Fixed by being less lazy and handling 404s myself, API works great now.
What I did (Future ref for Delphi/Pascal devs):

HTTPClient := TIdHTTP.Create(nil);

try
  HTTPClient.Request.UserAgent := 'Mozilla/5.0 (compatible; <App name>/<Version>; Windows NT 6.0;)';
  HTTPClient.ConnectTimeout    := 7000; // 7 seconds, just to be sure
  HTTPClient.ReadTimeout       := 5000; // 5 seconds as mashape can have a delay from time to time
  HTTPClient.Request.CustomHeaders.AddValue('X-Mashape-Key', '<API key>');
  HTTPClient.Request.CustomHeaders.AddValue('Accept', 'application/json');
  HTTPClient.HTTPOptions := HTTPClient.HTTPOptions + [hoNoProtocolErrorException]; // Indy should not handle protocol exceptions

  try
    try
      JSONStr := HTTPClient.Get('https://troyhunt-have-i-been-pwned.p.mashape.com/v2/breachedaccount/' + URLSafeText);
    except
      on E: EIdHTTPProtocolException do
      begin
        if E.ErrorCode = 404 then // The API couldn't fine a breach
        begin
          WriteLn('No breaches found');
          Exit;
        end else // Something went horribly wrong
        begin
          WriteLn('API derped' + sLineBreak + 'Message: ' + E.Message);
          Exit;
        end;
      end;
    end;

    { Add your JSON stuff here }

  except
    on E: Exception do // If anything else goes wrong, raise a proper exception.
      raise Exception.Create('Error: ' + E.Message);
  end;
finally
  FreeAndNil(HTTPClient);
end;

Edit: I also noticed I made a slight mistake when cropping the string. (Removed 2 chars too much, whoops)
It basically sent ‘st@test.com’ instead of ‘test@test.com’

Rapid account: Troyhunt
troyhunt Commented 8 years ago

Not too sure about the Mashape side of things, but this works perfectly: https://haveibeenpwned.com/api/v2/breachedaccount/test@test.com

Rapid account: Thibmo
Thibmo Commented 8 years ago

Well, for ‘test’ and ‘example’ I get a 200
Whenever I use test@test.com it throws a 404.

I do use Delphi, though. But that shouldn’t be an issue.
I mean, the code is a bit messy but…

HTTPClient := TIdHTTP.Create(nil);

try
  HTTPClient.Request.UserAgent := 'Mozilla/5.0 (compatible; DOSBot/0.1a; Windows NT 6.0;)'; // Funny name as it's an IRC bot for HackThis
  HTTPClient.ConnectTimeout    := 7000;
  HTTPClient.ReadTimeout       := 5000;
  HTTPClient.Request.CustomHeaders.AddValue('X-Mashape-Key', '<API key here>');
  HTTPClient.Request.CustomHeaders.AddValue('Accept', 'application/json');

  try
    NormalText := HTTPEncode(aMessage.Substring(6));
    try
      JSONStr := HTTPClient.Get('https://troyhunt-have-i-been-pwned.p.mashape.com/v2/breachedaccount/' + NormalText);
    except
      on E: EIdHTTPProtocolException do
      begin
        MessageLog.Lines.add('API derped');
        MainIRCSocket.Say(aTarget, 'API derped');
        Exit;
      end;
    end;
    . . . // SNIP
  except
    on E: Exception do
      raise Exception.Create('Error: ' + E.Message);
  end;
finally
  FreeAndNil(HTTPClient);
end;
Rapid account: Troyhunt
troyhunt Commented 8 years ago

I’m seeing 200 on the test endpoint, which account are you testing it with? You’ll see 404 if the account doesn’t exist in HIBP which is the correct semantic HTTP response.

Join in the discussion - add comment below:

Login / Signup to post new comments