Password Strength API Documentation

Everything you need to integrate password strength analysis and quantum resistance estimates into your application.

🚀 Overview

MyPasswordChecker.com provides a powerful REST API for password security analysis. Our API enables you to:

🔍 Password Analysis

Real-time strength scoring, entropy calculation, and crack time estimation using industry-standard algorithms.

⚛ī¸ Quantum Estimates

Theoretical quantum computing resistance analysis using Grover's algorithm across multiple scenarios.

✨ Password Generation

Transform memorable phrases into quantum-resistant passwords with phonetic substitution techniques.

🔑 Authentication

All API requests require authentication using your API key. You can obtain an API key from the Developer Dashboard.

API Key Format

API keys follow the format: mpc_{32_hex_characters}

Including Your API Key

Add your API key to request headers using one of these methods:

X-API-Key: mpc_27adf42267ca40a88b37d3a7388dd085

Or using Bearer token format:

Authorization: Bearer mpc_27adf42267ca40a88b37d3a7388dd085
⚠ī¸ Security Warning: Never expose your API key in client-side code or public repositories. Always call the API from your backend server.

⚡ Quick Start

Make your first API request in seconds:

1. Get Your API Key

Sign up at the Developer Dashboard to receive your free API key with 25 requests per month.

2. Make Your First Request

curl -X POST https://mypasswordchecker.com/api/v1/check-password \ -H "Content-Type: application/json" \ -H "X-API-Key: YOUR_API_KEY" \ -d '{"password":"MyP@ssw0rd123"}'

3. Parse the Response

{ "strength": "medium", "score": 2, "entropy": 45.6, "crack_time": { "display": "3 months", "seconds": 7889400 }, "feedback": { "warning": "This is a commonly used pattern", "suggestions": ["Add more unique characters"] } }

📊 Rate Limits

Rate limits vary by plan tier. All responses include rate limit headers:

Header Description
X-RateLimit-Limit Total requests allowed this month
X-RateLimit-Remaining Requests remaining this month
X-RateLimit-Reset Unix timestamp when quota resets

See our Pricing page for detailed quota information per plan.

🔍 Password Check API

POST /api/v1/check-password

Analyze password strength using advanced pattern detection and entropy calculation.

Request Parameters

Parameter Type Required Description
password string Yes The password to analyze

Response Fields

Field Type Description
strength string Strength category: "very weak", "weak", "medium", "strong", "very strong"
score integer Numeric score from 0 (worst) to 4 (best)
entropy float Entropy in bits (higher is better)
crack_time object Estimated time to crack with modern hardware
feedback object Warnings and suggestions for improvement

⚛ī¸ Quantum Estimate API

POST /api/v1/estimate-quantum

Calculate theoretical quantum computing resistance using Grover's algorithm.

ℹī¸ Note: This endpoint requires a Standard plan or higher. Free tier users can try it once for $1 on the Premium page.

Request Parameters

Parameter Type Required Description
password string Yes The password to analyze

Response Structure

{ "entropy_bits": 45.6, "classical": { "time_display": "3 months", "time_seconds": 7889400 }, "quantum": { "pessimistic": { "time_display": "12 seconds", "scenario": "Early quantum computers (2025-2030)" }, "plausible": { "time_display": "2.4 hours", "scenario": "Mid-term quantum systems (2030-2040)" }, "optimistic": { "time_display": "1.5 days", "scenario": "Mature quantum computers (2040+)" } }, "quantum_resistant": false, "recommendation": "Password should have 80+ bits..." }

✨ Phonetic Generator API

POST /api/v1/generate-phonetic

Transform memorable phrases into strong, quantum-resistant passwords.

Request Parameters

Parameter Type Required Description
phrase string Yes Memorable phrase to convert
aggressiveness string No "low", "medium" (default), or "high"
count integer No Number of variations (1-5, default: 5)

Example Response

{ "variations": [ { "password": "1L0v3&H1k1ng^In+Y0s3m1t3!7", "entropy": 84.3, "length": 27, "quantum_resistant": true, "classical_time": "803.73 million years", "quantum_time": "1.60 years" } ] }

🔍 Breach Check API

POST /api/v1/breach-check

Check if a password appears in known data breaches using the Have I Been Pwned database with k-anonymity privacy protection.

🔒 Privacy Protection: This endpoint uses k-anonymity - only the first 5 characters of the SHA-1 hash are sent to HIBP, ensuring 99.9875% of your password hash remains private. Neither we nor HIBP ever see the actual password.

Request Parameters

Parameter Type Required Description
password_hash string Yes SHA-1 hash of password (40 hex characters)

Example Request

// Hash password client-side using SHA-1 const encoder = new TextEncoder(); const data = encoder.encode(password); const hashBuffer = await crypto.subtle.digest('SHA-1', data); const hashArray = Array.from(new Uint8Array(hashBuffer)); const passwordHash = hashArray.map(b => b.toString(16).padStart(2, '0')).join(''); // Send to API const response = await fetch('https://mypasswordchecker.com/api/v1/breach-check', { method: 'POST', headers: { 'Content-Type': 'application/json', 'X-API-Key': 'YOUR_API_KEY' }, body: JSON.stringify({ password_hash: passwordHash }) });

Example Response (Password Found in Breaches)

{ "success": true, "pwned": true, "breach_count": 3861493, "message": "⚠ī¸ Password found in 3,861,493 data breaches. Change immediately!", "privacy_details": { "method": "k-anonymity", "prefix_sent": "5BAA6", "anonymity_set_size": 584, "data_shared": "5 characters of hash (99.9875% kept private)" }, "usage": { "breach_checks_used": 15, "breach_checks_quota": 50, "breach_checks_remaining": 35 } }

Example Response (Password Not Found)

{ "success": true, "pwned": false, "breach_count": 0, "message": "✅ Password not found in known data breaches.", "privacy_details": { "method": "k-anonymity", "prefix_sent": "8F3A2", "anonymity_set_size": 612, "data_shared": "5 characters of hash (99.9875% kept private)" }, "usage": { "breach_checks_used": 16, "breach_checks_quota": 50, "breach_checks_remaining": 34 } }

Response Fields

Field Type Description
pwned boolean Whether password appears in breaches
breach_count integer Number of times password found in breaches
message string User-friendly message about breach status
privacy_details object Information about k-anonymity protection used
usage object Your current breach check quota usage

Quota Limits by Tier

Tier Monthly Breach Checks
Free API 50
Standard 2,500
Basic Quantum 10,000
Standard Quantum 25,000
Large Quantum 50,000
Super Quantum 200,000

💡 Best Practices

Security Recommendations

  • Never send passwords from client-side: Always call our API from your backend to protect API keys
  • Use HTTPS: Our API only accepts HTTPS connections for secure data transmission
  • Implement rate limit handling: Check response headers and handle 429 errors gracefully
  • Rotate API keys: Periodically regenerate keys if you suspect compromise

Integration Tips

  • Cache responses: Password strength doesn't change; cache results for identical passwords
  • Set timeouts: Configure reasonable request timeouts (recommended: 5 seconds)
  • Monitor usage: Track your API usage in the Dashboard
  • Verify domains: Add your domains in Domain Verification for fraud protection

đŸ’ģ Code Examples

JavaScript (Node.js)

const response = await fetch('https://mypasswordchecker.com/api/v1/check-password', { method: 'POST', headers: { 'Content-Type': 'application/json', 'X-API-Key': process.env.MPC_API_KEY }, body: JSON.stringify({ password: userPassword }) }); const data = await response.json(); console.log('Strength:', data.strength); console.log('Crack time:', data.crack_time.display);

Python

import requests import os response = requests.post( 'https://mypasswordchecker.com/api/v1/check-password', headers={ 'Content-Type': 'application/json', 'X-API-Key': os.environ.get('MPC_API_KEY') }, json={'password': user_password} ) data = response.json() print(f"Strength: {data['strength']}") print(f"Crack time: {data['crack_time']['display']}")

cURL

curl -X POST https://mypasswordchecker.com/api/v1/check-password \ -H "Content-Type: application/json" \ -H "X-API-Key: $MPC_API_KEY" \ -d '{"password":"MyP@ssw0rd123"}'

⚠ī¸ Error Handling

The API uses standard HTTP status codes:

Status Code Description Action
200 Success Request processed successfully
400 Bad Request Check request parameters
401 Unauthorized Verify your API key is correct
403 Forbidden Domain not verified or tier access denied
429 Rate Limit Exceeded Wait until quota resets or upgrade plan
500 Server Error Retry with exponential backoff

Error Response Format

{ "error": "Rate limit exceeded", "message": "You have used all 25 requests for this month", "quota_reset": 1730419200 }

🛟 Support

Need help? Here are your options:

📚 Documentation

Review our API Reference for detailed endpoint specifications

📊 Dashboard

Monitor usage and manage your account in the Developer Dashboard

💰 Pricing

View plans and features on our Pricing page

🔒 Security

Read our Privacy Policy and Terms of Service

Last updated: October 26, 2025