AtleX.HaveIBeenPwned 7.0.0

.NET 6.0 .NET Standard 2.0
dotnet add package AtleX.HaveIBeenPwned --version 7.0.0
NuGet\Install-Package AtleX.HaveIBeenPwned -Version 7.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="AtleX.HaveIBeenPwned" Version="7.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add AtleX.HaveIBeenPwned --version 7.0.0
#r "nuget: AtleX.HaveIBeenPwned, 7.0.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install AtleX.HaveIBeenPwned as a Cake Addin
#addin nuget:?package=AtleX.HaveIBeenPwned&version=7.0.0

// Install AtleX.HaveIBeenPwned as a Cake Tool
#tool nuget:?package=AtleX.HaveIBeenPwned&version=7.0.0


AtleX.HaveIBeenPwned is a client library for the website. It supports finding breaches an account was in, which pastes contained the user's email address and to check whether a password was in a breach or not.

It's highly optimized for great performance and low resource usage.

⚠️ For some actions, like getting the pastes and breaches for an account, the API requires a API key. These API keys are available on the website.

Platform support

.NET (5.0+) .NET Core (2.0+) .NET Framework (4.7.2+)
✔️ ✔️ ✔️


// Create the client
var settings = new HaveIBeenPwnedClientSettings()
    ApiKey = "APIKEY", // Get one from Necessary for getting the breaches and pastes an account is in.
    ApplicationName = "TheNameOfYourApplication",
using (var client = new HaveIBeenPwnedClient(settings))
    // Get all breaches in the system with their details
    var breaches = await client.GetAllBreachesAsync();

    // Get the breaches for an account. This returns a collection of breaches with their 
    // name. Use the response from GetAllBreachesAsync() to find the corresponding details 
    // by name
    var breaches = await client.GetBreachesAsync(""); // Requires an API key

    // Get breaches for an account, excluding unverified breaches
    var breaches = await client.GetBreachesAsync("", BreachMode.ExcludeUnverified); // Requires an API key

    // Get pastes for an email address
    var pastes = await client.GetPastesAsync(""); // Requires an API key

    // Verify whether is password is in Pwned Passwords or not
    var isPwned = await client.IsPwnedPasswordAsync("1234");

All async methods have overrides with CancellationToken support.

Product Versions
.NET net5.0 net5.0-windows net6.0 net6.0-android net6.0-ios net6.0-maccatalyst net6.0-macos net6.0-tvos net6.0-windows net7.0 net7.0-android net7.0-ios net7.0-maccatalyst net7.0-macos net7.0-tvos net7.0-windows
.NET Core netcoreapp2.0 netcoreapp2.1 netcoreapp2.2 netcoreapp3.0 netcoreapp3.1
.NET Standard netstandard2.0 netstandard2.1
.NET Framework net461 net462 net463 net47 net471 net472 net48 net481
MonoAndroid monoandroid
MonoMac monomac
MonoTouch monotouch
Tizen tizen40 tizen60
Xamarin.iOS xamarinios
Xamarin.Mac xamarinmac
Xamarin.TVOS xamarintvos
Xamarin.WatchOS xamarinwatchos
Compatible target framework(s)
Additional computed target framework(s)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
7.0.0 462 11/25/2022
6.0.1 627 10/27/2022
6.0.0 1,171 6/11/2022
5.0.3 3,429 7/11/2021
5.0.2 2,592 2/13/2021
5.0.1 2,048 9/8/2020
5.0.0 1,549 8/9/2020
5.0.0-beta3 365 6/27/2020
5.0.0-beta2 312 4/18/2020
5.0.0-beta1 310 2/2/2020
4.1.0 605 8/17/2019
4.0.0 490 7/27/2019
3.0.1 542 6/13/2019
3.0.0 539 5/19/2019
3.0.0-beta1 409 5/4/2019
2.1.0 581 3/13/2019
2.0.0 551 3/11/2019
1.1.0 761 11/3/2018
1.0.0 624 10/26/2018

- [Breaking] Throw exception when the CancellationToken is cancelled as soon as possible (#70)
- [Breaking] Wrap InvalidOperationException in HaveIBeenPwnedClientException (#71)
- [Breaking][Fix] GetPastesAsync() now returns an empty collection instead of throwing an exception when no pastes are found (#82)
- [Feature] Add .NET 6.0 target and use source generators for JSON (de)serialization (#72)
- [Feature] Add more properties to the SiteBreach model (#79)
- [Feature] Improved documentation
- [Feature] Many internal improvements to make this the best and most performant version ever (#75, #76, #77, #78, #79)

- [Feature] Performance improvement when (de)serializing requests and responses (#74)
- [Fix] RateLimitExceededException no longer throws an exception when the retry-after value is 0 seconds or less (#73)
- [Fix] Internal improvements (#69)

- [Breaking] Removed SerializeAttribute from exceptions (#50)
- [Breaking] Removed obsolete and no longer used settings from HaveIBeenPwnedClientSettings (#60)
- [Feature] Add support for padded pwned password checks (Enabled by default, #55)
- [Feature] Improved IntelliSense documentation (#61)
- [Feature] Internal improvements (#56, #57, #58)

- Internal refactoring, build improvements and code simplification

- [Fix] In RateLimitExceededException, only construct the message when it's needed (#49)
- [Fix] Standardize IEquatable<T> implementations (#52)

- [Fix] Drastically reduced memory usage in HaveIBeenPwnedClient.IsPwnedPasswordAsync() (#47)

- [Feature] Enabled deterministic builds (43)
- [Feature] Implement IEquatable<T> on Paste, Breach and SiteBreach (#46)
- [Feature] Performance optimizations (#36, #44)
- [Feature] Replace NewtonSoft.Json with System.Text.Json (#25)
- [Feature] Add C#8 Nullable Reference Types support (#31)
- [Feature] Calling ToString() on Breach now returns the value of the Name property instead of the type name (#41)
- [Feature] Calling ToString() on Paste now returns the value of the Title property instead of the type name (#41)
- [Feature] Calling ToString() on SiteBreach now returns the value of the Name property instead of the type name (#41)
- [Breaking] Mark HaveIBeenPwnedClientSettings.TimeOut as obsolete (#37)
- [Breaking] Throw InvalidApiKeyException instead of InvalidOperationException when no API key is supplied (#34)
- [Breaking] HaveIBeenPwnedClientSettings.ApplicationName should default to an empty string and an exception must be thrown when it's not set (#30)
- [Breaking] AtleX.HaveIBeenPwned is now strong named (#32)

- [Feature] Introduce specialized API interfaces for specific functionality (#33)
- [Feature] Throw custom exception when an invalid or expired API key is used (#28)

- [Breaking] Changed the API to V3. An API key is now mandatory for retrieving pastes and breaches (#27)
- [Breaking] Changed BreachMode.IncludeUnverified to BreachMode.ExcludeUnverified because the V3 API now returns unverifed breaches by default (#27)
- [Breaking] Fold HaveIBeenPwnedClient and HttpHaveIBeenPwnedClient into one (#26)
- [Breaking] Change RetryAfter property of RateLimitException from int to TimeSpan (#24)

- [Fix] HttpHaveIBeenPwnedClient.GetAsync(Uri, CancellationToken) no longer resets the output stream when no data was loaded (#20)
- [Fix] HttpHaveIBeenPwnedClient.GetAsync(Uri, CancellationToken) no longer creates a new MemoryStream when no data was loaded (#21)
- [Fix] HttpHaveIBeenPwnedClient.GetBreachesInternalAsync(string, BreachMode, CancellationToken) no longer returns null instead of an empty enumerable when no data was loaded (#23)

- [Feature] Moved from SourceLink with embedded PDB to a .snupkg on for debugging (#8)
- [Breaking] Removed the ClientSettings from the HaveIBeenPwnedClient (#12)
- [Breaking] Removed IDisposable from IHaveIBeenPwnedClient (#10)
- [Breaking] Renamed HttpServiceClient to HttpHaveIBeenPwnedClient (#13)
- [Breaking] Reorganised classes and namespaces (#16)
- [Breaking] Renamed BreachMode.None to BreachMode.Default (#15)
- [Breaking] Removed KAnonimityHelper from public API (#18)
- [Fix] HaveIBeenPwnedClient no longer disposes an injected IHaveIBeenPwnedClient (#11)

- [Fix] An injected HttpClient is no longer disposed by the HttpServiceClient (#6)
- [Fix] The initial HTTP requests is no longer performed outside of error-handling code in HttpServiceClient (#7)
- [Feature] When using the HttpServiceClient directly, it's no longer necessary to inject a HttpClient
- [Feature] General code cleanup

- [Feature] Added support for cancellation tokens (#4)
- [Feature] Add injecting a HttpClient in the HttpServiceClient (#2)
- [Breaking] Changed base interface name from IServiceClient to IHaveIBeenPwnedClient (#5)
- Various performance optimizations and reliability improvements

- [Fix] Marked built-in exceptions as serializable (fixes #1)

- [Feature] Added support for getting the breaches for an account
- [Feature] Added support for getting the pastes for an email address
- [Feature] Added support for checking a password against the Pwned Passwords API