Is there a free tier for BreachDirectory?

Yes. The BASIC plan costs $0 per month and includes 10 requests per month with a rate limit of 1 request per second. It is sufficient for testing and development but not for production use.

What identifiers can I look up with BreachDirectory?

You can query by email address, username, password, or phone number to check whether any of those identifiers have appeared in a known data breach.

Where does BreachDirectory's breach data come from?

The API aggregates data from three external sources: HaveIBeenPwned, Leakcheck.io, and Vigilante.pw.

What are the rate limits across pricing tiers?

The BASIC (free) plan is limited to 1 request per second. All three paid plans — PRO, MEGA, and ULTRA — share a rate limit of 3 requests per second.

How does overage pricing work, and which plan has the best overage rate?

On the PRO plan, overage requests cost $0.10 each. On both MEGA and ULTRA, overage requests cost $0.01 each, making those two plans far more cost-effective if you regularly exceed your included quota.

What is the average latency and reliability of the BreachDirectory API?

The API has an average latency of 318 ms and a reported average success rate of 100%, indicating stable and responsive infrastructure suitable for use in real-time application flows.

BreachDirectory API Review: Check Emails, Passwords & More

What BreachDirectory does and who it is for

BreachDirectory exposes a straightforward premise: given an identifier — an email address, a username, a password, or a phone number — tell the caller whether that identifier has appeared in any known data breach. The API aggregates records from three well-known breach intelligence sources: HaveIBeenPwned, Leakcheck.io, and Vigilante.pw. Rather than querying each of those services separately and reconciling the responses yourself, BreachDirectory surfaces combined results through a single call.

The practical audience is wide. Security-conscious SaaS products use breach lookups at registration or login to warn users whose credentials are known to be compromised. Penetration testers and security researchers use them during reconnaissance. Identity-monitoring platforms and "dark web monitoring" consumer products are also natural fits. Given the 3-requests-per-second ceiling even on paid tiers, real-time, synchronous checks during a user login flow are feasible, though bulk or continuous scanning requires thoughtful queuing.

The endpoint

BreachDirectory exposes a single endpoint: GET /. The query parameters are not documented in the marketplace listing beyond the description, but the nature of the service implies you pass one of the supported identifier types — email, username, password, or phone number — and receive breach hit data back. The response will include whatever subset of breach data the aggregation layer surfaces from the three underlying sources.

With only one endpoint, the integration surface is minimal. There are no webhook variants, no batch submission endpoints, and no separate endpoints for different identifier types listed. Everything flows through the same route, which keeps the client code simple. The 318 ms average latency is reasonable for a synchronous check embedded in an auth flow, though you should account for tail latencies in any SLA you offer to end users.

The 100% average success rate across the subscriber base is notable and suggests highly stable upstream infrastructure — important when the API sits in a critical path like account registration.

Pricing breakdown

BreachDirectory follows a tiered freemium model with four plans. The table below summarises the key numbers:

Plan	Monthly fee	Included requests	Overage per request	Rate limit
BASIC	$0	10	—	1 req/sec
PRO	$7.99	1,000	$0.1000	3 req/sec
MEGA (recommended)	$29.99	50,000	$0.0100	3 req/sec
ULTRA	$49.99	200,000	$0.0100	3 req/sec

Reading the tiers practically

BASIC gives you 10 requests per month with a 1 req/sec ceiling. That is barely enough for manual testing or proof-of-concept validation — not a realistic free allocation for any production use. The rate limit drop to 1 req/sec (versus 3 on all paid tiers) is an additional constraint.

PRO at $7.99/month is sensible for low-traffic applications — a small SaaS that checks breach status once per new user registration, for example. At $0.10 per overage request, however, running over your 1,000-request allotment gets expensive fast; a single spike that adds 200 extra lookups costs $20 in overages on top of the base fee.

MEGA is marked as the recommended plan for good reason. The jump from PRO's 1,000 to MEGA's 50,000 requests is enormous, and the overage rate drops tenfold to $0.01 per request. At $29.99/month, this is the inflection point where the per-request cost becomes economical for applications with real user volume. A product with 40,000 monthly active users who each trigger one check costs comfortably within the included quota.

ULTRA extends the ceiling to 200,000 requests for $49.99/month. The overage rate stays at $0.01. If your application needs more than 50,000 checks a month — high-traffic consumer identity products or security platforms scanning large user bases — ULTRA's included quota may push you past a month without any overage charges at all.

All paid tiers share the same 3 req/sec rate limit, so there is no throughput advantage to upgrading beyond PRO. If your workload is bursty or queue-driven rather than continuous, you will want to manage request pacing on your end regardless of the tier.

Practical use cases

User registration hardening — Check whether a submitted email or password appears in known breaches before creating an account. Warn the user or enforce a stronger password. One API call per signup is low volume and fits even the PRO tier.

Continuous credential monitoring — Products that promise ongoing monitoring need to re-check identifiers periodically. Depending on the monitoring cadence and user count, MEGA or ULTRA becomes necessary quickly.

Penetration testing tooling — Security professionals can integrate BreachDirectory lookups into automated recon scripts. The rate limit at 3 req/sec is modest for bulk lookups, but the ULTRA tier's 200,000 included requests give reasonable headroom for larger engagements.

Fraud and account-takeover detection — A login attempt with a known-breached credential pair can be a signal worth flagging or challenging. Embedding a breach check in the authentication pipeline adds a lightweight but meaningful signal to risk scoring.

Limitations and things to check before integrating

Single endpoint, limited documentation in the listing. The marketplace listing describes one GET / route without detailing query parameters, response schema, or error codes. You should verify the full API documentation on the BreachDirectory website before building against it to avoid surprises around response structure or identifier formatting requirements.

Rate limit ceiling. Three requests per second is the maximum across all paid tiers. For applications that need to scan large datasets quickly, this ceiling will slow batch jobs significantly. Plan your queuing strategy accordingly.

Overage cost asymmetry on PRO. The $0.10 overage on the PRO plan is ten times higher than on MEGA and ULTRA. If your usage is at all unpredictable, staying on PRO and incurring overages can become more expensive than simply upgrading to MEGA.

Aggregated data freshness. BreachDirectory draws from third-party sources (HaveIBeenPwned, Leakcheck.io, Vigilante.pw). Coverage and recency depend on what those sources index. A breach that none of the three sources have incorporated yet will not appear in results. This is inherent to aggregated breach databases and worth communicating to end users.

Free tier is for testing only. With 10 requests per month, the BASIC plan cannot support any real production use case. Budget at minimum for the PRO tier if you plan to ship something.

Getting started

You can subscribe through the marketplace and start with the BASIC tier at no cost to explore the response format. Once you understand the query and response shapes, evaluate your monthly lookup volume against the plan table above to choose the right tier before going to production. The BreachDirectory website at breachdirectory.org is worth consulting alongside the marketplace listing for any additional authentication details and full parameter documentation.

Plan	Price	Rate limit	Quotas
BASIC	Free	1 / second	Requests: 10 / monthly
PRO	$7.99 / month	3 / second	Requests: 1,000 / monthly (then $0.1000 each)
ULTRA	$49.99 / month	3 / second	Requests: 200,000 / monthly (then $0.0100 each)
MEGA Recommended	$29.99 / month	3 / second	Requests: 50,000 / monthly (then $0.0100 each)

BreachDirectory API Review: Check Emails, Passwords & More

What BreachDirectory does and who it is for

The endpoint

Pricing breakdown

Reading the tiers practically

Practical use cases

Limitations and things to check before integrating

Getting started

BreachDirectory endpoints

BreachDirectory pricing

Frequently asked questions

More Data APIs

vin-decoder

Currency Exchange

WordsAPI

Whois Lookup

Weather

GeoDB Cities