API Documentation

Integrate breach detection into your applications with our simple REST API.

Overview

The Dohrnii API allows you to programmatically check email addresses against our aggregated breach database. All endpoints return JSON responses and support CORS for browser-based applications.

Base URL

https://dohrnii.org/api

Rate Limits

To ensure fair usage, the API implements the following rate limits:

TierRequestsWindow
Free10 requestsper hour

Rate limit information is included in response headers: X-RateLimit-Remaining

Search Email

POST/search

Check if an email address has been found in known data breaches.

Request Body

{
  "email": "user@example.com",
  "preview": false
}
emailRequired. The email address to check.
previewOptional. If true, returns only breach count (faster).

Response

{
  "success": true,
  "data": {
    "breaches": [
      {
        "breachName": "ExampleBreach",
        "breachDate": "2023-01-15",
        "dataTypes": ["email", "password"],
        "recordsCount": 1000000,
        "riskLevel": "high"
      }
    ],
    "analytics": {
      "riskScore": 7,
      "riskLabel": "High",
      "totalBreaches": 3,
      "passwordsExposed": true
    }
  }
}

Quick Preview

GET/search?email=user@example.com

A simpler endpoint that returns a quick preview with breach count and risk level.

Response

{
  "success": true,
  "preview": true,
  "data": {
    "breachCount": 3,
    "riskLevel": "medium"
  }
}

Error Responses

All errors follow a consistent format:

{
  "success": false,
  "error": "Error message describing the issue"
}

HTTP Status Codes

200Success
400Bad Request - Invalid email format
429Too Many Requests - Rate limit exceeded
500Internal Server Error

Code Examples

JavaScript (Fetch)

const response = await fetch('https://dohrnii.org/api/search', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ email: 'user@example.com' })
});

const data = await response.json();
console.log(data.data.analytics.riskScore);

Python (Requests)

import requests

response = requests.post(
    'https://dohrnii.org/api/search',
    json={'email': 'user@example.com'}
)

data = response.json()
print(f"Risk Score: {data['data']['analytics']['riskScore']}")

cURL

curl -X POST https://dohrnii.org/api/search \
  -H "Content-Type: application/json" \
  -d '{"email": "user@example.com"}'

Data Sources

Dohrnii aggregates breach data from multiple reputable security research sources:

  • XposedOrNot - Comprehensive breach analytics
  • LeakCheck - Public breach database
  • Have I Been Pwned - Password exposure via k-anonymity
  • Ahmia.fi - Security research index

API Terms of Use

  • • Only check email addresses you own or have explicit permission to check
  • • Do not use the API for bulk enumeration or scraping
  • • Respect rate limits - excessive requests may result in IP blocking
  • • Attribution appreciated but not required
  • • No warranty - data is provided "as-is" from third-party sources