
Have I Been Pwned? API for R - michaelsbradley
https://cran.r-project.org/web/packages/HIBPwned/vignettes/HIBP.html
======
danso
> _If you get a lot of value out of this package, do consider donating to HIBP
> since Troy Hunt does not put any limits on the API and it’s a tremendous
> service._

I believe there is a rate limit: one request per 1.5 seconds from a given IP
address
[https://haveibeenpwned.com/API/v2#RateLimiting](https://haveibeenpwned.com/API/v2#RateLimiting)

For those in the R ecosystem who want to do a broader analysis of what HIBP's
encompasses, going through the API probably won't be very efficient other than
to get a listing of the metadata.

~~~
dsacco
This is correct. The author might not be aware, but Troy Hunt just recently
put a rate limit on his API (finally, in my opinion).

------
violentvinyl
It's great that they're doing this. We had kicked around the idea of signing
up all of our customers for HIBP, but decided against it for obvious reasons.
What we would really like to do is to be able to notify our custoemrs when
their email addresses show up in breaches. Besides being helpful to our
customers (who will mostly not be aware of useful services like HIBP), it
would potentially help reduce fraud on our sites.

Is anyone aware of a way to get access to sanitized dumps that we can compare
to our customer DB internally? It's unlikely we'd get approval to go out and
get the dumps and analyze them ourselves, but if there was a reliable source
like HIBP, but for bulk comparison, we could bring a lot of value to the
business and to our customers.

------
ramblenode
Always nice to see these API extensions, but what exactly is the use case for
this? According to haveibeenpwned.com there is a rate limit of 1 request per
1500 milliseconds per IP address, so this isn't efficient for analyzing
breaches. It would be easier just to download a dump of the leaked data, clean
it, and import it into R.

------
ceautery
I can't reach Troy's site right now, but I'm curious about the API itself:
Does it handle Gmail "+" aliases? E.g., joe@gmail.com and
joe+probablySpam@gmail.com route to the same mailbox. If I just search for
joe, will breaches for joe+<whatever> be found?

~~~
aefazfaqe
Sadly not - but keep asking him via Twitter etc. so he's more likely to
implement it!

[https://haveibeenpwned.uservoice.com/forums/275398-general/s...](https://haveibeenpwned.uservoice.com/forums/275398-general/suggestions/6774229-enable-
search-and-notifications-for-email-addresse)

