TODAY: 1 NEW BREACH·LAST 30 DAYS: 4·RECORDS THIS YEAR: 5.6M·MOST TARGETED: GOVERNMENT·TOP ORIGIN: France·LARGEST BREACH: MedCore Systems — S3 Bucket Exposure (4.2M)·GLOBAL THREAT LEVEL: NORMAL·TODAY: 1 NEW BREACH·LAST 30 DAYS: 4·RECORDS THIS YEAR: 5.6M·MOST TARGETED: GOVERNMENT·TOP ORIGIN: France·LARGEST BREACH: MedCore Systems — S3 Bucket Exposure (4.2M)·GLOBAL THREAT LEVEL: NORMAL
DOC_ID_REF: API_REST_V1

API Documentation

The BreachRegistry REST API provides programmatic access to our indexed breach intelligence database. All endpoints return JSON and require a valid API key. Base URL: https://breachregistry.com/api/public/v1

SYSTEM STATUS & UPTIME

Check operational status, API endpoint health, and latency metrics.

Authentication

All requests to the /api/public/v1/* endpoints must include a valid API key in the Authorization header. API keys can be generated from your dashboard — you must have member status or higher.

Authorization: Bearer YOUR_API_KEY

HOW TO GET A KEY

  1. Log in at /login
  2. Go to /dashboard/api
  3. Click GENERATE KEY (requires member status)
  4. Copy your key — it is displayed only once
  5. Pass it as Authorization: Bearer br_live_...

Rate Limits

Each API key is limited to 100 requests per 60 seconds (rolling window). When you exceed the limit, requests return HTTP 429 until the window resets. All responses include rate limit headers.

HEADERDESCRIPTION
X-RateLimit-LimitTotal allowed requests per window (100)
X-RateLimit-RemainingRequests remaining in current window
X-RateLimit-ResetUnix timestamp when the window resets
Retry-AfterSeconds to wait before retrying (on 429)

Endpoints

Error Codes

All errors follow a consistent envelope format with a machine-readable code field.

{ "success": false, "error": { "code": "RATE_LIMITED", "message": "Rate limit exceeded. Max 100 requests per 60 seconds." } }
STATUSCODEDESCRIPTION
401UNAUTHORIZEDMissing, malformed, or invalid API key
403FORBIDDENKey exists but is revoked or lacks permission
400INVALID_IDThe provided :id is not a valid UUID or breach ID
404NOT_FOUNDNo published breach found for that identifier
429RATE_LIMITEDRate limit exceeded — wait 60 seconds before retrying
500QUERY_ERRORInternal server error — please try again

Security

CORS RESTRICTIONS

All /api/public/* routes enforce strict CORS. Only requests from authorized origins are accepted. Do not attempt to call the API directly from a browser on a foreign domain — preflight requests will be rejected.

KEY STORAGE

API keys are stored as SHA-256 hashes. We cannot recover your key if lost — only regenerate. Never commit keys to source control. Treat them like passwords.

RATE LIMITING

100 requests per 60-second window per key. Automated scraping will trigger rate limiting. Repeated violations may result in key revocation.

BEST PRACTICES

Set keys as environment variables (BREACHREGISTRY_API_KEY). Never expose in client-side code. Rotate regularly. Monitor your usage in /dashboard/api.