OPEN API
This documentation outlines how to interact with 9ghz.com by RESTful API.
1. Get database breach list
GET /api/v1/breach_list This API endpoint retrieves all breaches available in our database.
# Request Parameters:
region(optional): ISO 3166 two letter country code, e.g. US, RU, CN.
If the country code is not provide, data for all regions will be returned.
# Response:
A successful response contains an array of breach objects, each containing information about a specific breach.
curl https://9ghz.com/api/v1/breach_list?region=US{
"code": 0,
"msg": "ok",
"data": [
{
"breach_date": "2024-04-08",
"domain": "nationalpublicdata.com",
"id": "373041",
"index_date": "2024-08-24",
"leaked_info": [
"Full Name",
"Address",
"Date Of Birth",
"Phone",
"Identity Number"
],
"logo": "/logo/nationalpublicdata.com.png",
"record_count": 2695681513,
"region": "US",
"source_url":
"https://web.archive.org/web/20240820043910/https://securityintelligence.com/news/national-public-data-breach-publishes-private-data-billions-us-citizens/",
"title": "National Public Data"
},
{
"breach_date": "2019-01-01",
"domain": "peopledatalabs.com",
"id": "514356",
"index_date": "2022-01-01",
"leaked_info": [
"Phone",
"Email",
"User Name",
"Full Name"
],
"logo": "/logo/peopledatalabs.com.png",
"record_count": 471014406,
"region": "US",
"source_url":
"https://web.archive.org/web/20231129144258/https://www.troyhunt.com/data-enrichment-people-data-labs-and-another-622m-email-addresses/",
"title": "PeopleDataLabs (PDL) "
}
]
}2. Query breaches for an account
POST /api/v1/query This API endpoint retrieves all breach incidents that involve the specified account. An "account" in this context typically refers to an email address or username that has been exposed in a data breach. The breaches returned by this endpoint include details about each incident, such as the site name, breach date, data types compromised, and more.
# Request Parameters:
keyword: The keywords to check for breaches
e.g. emails, usernames, phone etc.
# Response:
A successful request returns an array of breach objects, each containing information about a specific breach. If the account has not been compromised in any recorded breaches, the API returns an empty array.
curl -X POST -d '{"keyword":"[email protected]"}' \
https://9ghz.com/api/v1/query{
"code": 0,
"msg": "ok",
"data": {
"data": [
{
"breach_date": "2021-01-01",
"domain": "twitter.com",
"id": "4853",
"leaked_info": [
"Email",
"Full Name",
"Social media profiles",
"User Name"
],
"logo": "/logo/Twitter.png",
"record_count": 450682012,
"source_url": "https://web.archive.org/web/20230814125557/https://www.bbc.com/news/technology-64109777",
"title": "Twitter (400M)"
}
],
"total_count": 1
}
}3. Query breach details (Paid Plan)
POST /api/v1/query_detail This API endpoint retrieves all breach incidents that involve the specified account. The breaches returned by this endpoint include unmasked details.
# Request Parameters:
keyword: The keywords to check for breaches e.g. emails, usernames etc.
# Response:
A successful request returns an array of breach objects, each containing information about a specific breach. If the account has not been compromised in any recorded breaches, the API returns an empty array.
curl -X POST -d '{"keyword":"[email protected]"}' \
https://9ghz.com/api/v1/query_detail{
"code": 0,
"msg": "ok",
"data": {
"data": [
{
"realname": "A*****J",
"username": "s******g",
"email": "[email protected]",
"date_of_birth": "****-**-**",
"gender": "**",
"ip_address": "**.**.**.**",
"breach_source": "Twitter (400M)",
"breach_date": "2021-01-01"
},
{
"email": "[email protected]",
"username": "7****************5",
"password": "S**********M",
"breach_source": "ShareThis Database",
"breach_date": "2018-07-09"
}
],
"total_count": 2
}
}4. Batch query from file (Paid Plan)
POST /api/v1/query_file This API endpoint enables users to retrieve information on data breaches for multiple accounts in a single request by uploading a file containing a list of keywords, e.g. email addresses, usernames, phone etc.
# Request Parameters:
file: The file containing a list of email addresses, usernames or other identifier to check. Each row should only contain one identifier.
# Response:
The response will be a file containing a single JSON object on each line, which include an array of breach details for each account. Each breach includes unmasked details.
curl -X POST -F "file=@/path/to/your/file.txt" \
https://9ghz.com/api/v1/query_file{"code":0,"msg":"ok","data":{"data":[{"realname":"A*****J","username":"s******g","email":"[email protected]","date_of_birth":"****-**-**","gender":"**","ip_address":"**.**.**.**","breach_source":"Twitter
(400M)","breach_date":"2021-01-01"},{"email":"xxxxxx@example.com","username":"7****************5","password":"S**********M","breach_source":"ShareThis
Database","breach_date":"2018-07-09"}],"total_count":2}}
{"code":0,"msg":"ok","data":{"data":[{"realname":"A*****J","username":"s******g","email":"[email protected]","date_of_birth":"****-**-**","gender":"**","ip_address":"**.**.**.**","breach_source":"Twitter
(400M)","breach_date":"2021-01-01"},{"email":"xxxxxx@example.com","username":"7****************5","password":"S**********M","breach_source":"ShareThis
Database","breach_date":"2018-07-09"}],"total_count":2}}