API Documentation Current API Version: 2.0 Last Updated: 10/04/2017 Gener

1. API Documentation
2. Current API Version: 2.0
3. Last Updated: 10/04/2017
4. General
5. The We Leak Info API is written entirely in PHP without using any framework. The API will always respond in JSON and will always format the JSON for the end user. There is only one API key generated per user. To receive a API key, you will need to make a purchase for the API. After the purchase is complete, a API key will be generated to your account.
6.  
7. The API system logs all API requests. The API system uses a IP address based rate limiting system, so it is recommended that you use a dedicated IP address instead of a shared IP address. The API may not be used on any public facing website or service. The same Terms of Service for the website applies to the API.
8.  
9. Version Control
10. The We Leak Info API, like many other APIs, use version control. At the top of the page, you can see the current API version being used. Our API documentation will also change based on the API version and we will close older versions of the API as we move on in the future.
11.  
12. Cloudflare
13. We Leak Info uses Cloudflare to protect the site against DDoS attacks and hacking attempts. However, the Cloudflare protection system has been lowered on the API. There will be no captchas or browser check for the API through the Cloudflare network. However, the API will remain behind the Cloudflare network to stop DDoS attacks and hacking attempts.
14.  
15. Any IP Address ban or ASN ban that is put on Cloudflare will be shared on the entire "weleakinfo.com" domain. Any IP address from the Tor network will be served a captcha when accessing the API through Cloudflare, and the API system will also block the request afterwards.
16.  
17. Bans
18. The We Leak Info API system will automatically block all requests from the Tor network. This is done by using Tor's own tool to check if the incoming IP address is from the Tor network. All publicly known IP addresses from the Tor network have been banned from accessing the API.
19.  
20. We Leak Info bans IP addresses that are causing harm to the system, potential to do harm, or violate our Terms of Service. Any IP address banned by the system will not be lifted automatically. You can appeal through our ticket support system by reaching out to our technical department.
21.  
22. Any IP address ban place through the API system will not carry over to the site.
23.  
24. Rate Limiting
25. The We Leak Info API is currently only accepting 3 requests per second. If you exceed this limit, your IP address will be given a 190 second cooldown.
26.  
27. If you do receive a cooldown, you will see the response down below.
28.  
29. Rate limiting response example:
30.  
31. HTTP Response Code: 429
32. {
33. "Error 429": "You are being rate limited",
34. "Cooldown": "190 Seconds"
35. }
36. Rate limiting is done to protect We Leak Info's API from abuse and DDoS attacks. Any bans on IP addresses through the rate limiting system will not be lifted by staff.
37.  
38. Session
39. The We Leak Info API is written entirely in PHP. Therefore, we utilize PHP sessions to keep track of users. Each session is valid for 1 hour. When users start using the API, they will need to request a new session from the API using the POST method to https://api.weleakinfo.com/v2/session/new with the POST body authentication_key => "API Key".
40.  
41. Session request example:
42.  
43. URL: https://api.weleakinfo.com/v2/session/new
44. POST Data: authentication_key => 5d7d7054a8ca229654658358aa8711fd
45. HTTP Request Method: POST
46. HTTP Response Code: 200
47. {
48. "Token": "33acc7464a1e62456ba619693787e1e8"
49. }
50. This token is valid for 1 hour and will automatically expire afterwards. You will need this token to access any other feature on the API. After receiving this token, you will not need your API key to make any further calls on the API.
51.  
52. You can only have 1 session activated per API key. You cannot share this token with anyone else or with another program as the system will detect this and revoke the token and rate limit your IP address for 190 seconds. You can also revoke tokens in the API master panel.
53.  
54. Statistics
55. The statistics feature allows users to see the site's record count and their account credit in more detail. As with all features on the API, you need a token to access this. This feature can be reached at https://api.weleakinfo.com/v2/stats with the POST body token => "Token".
56.  
57. Statistics request example:
58.  
59. URL: https://api.weleakinfo.com/v2/stats
60. POST Data: token => 33acc7464a1e62456ba619693787e1e8
61. HTTP Request Method: POST
62. HTTP Response Code: 200
63. {
64. "Record Count": "4,545,955,572",
65. "Total Search Queries": "24",
66. "Search Query Limit": "100",
67. "Total Hash Queries": "50",
68. "Hash Query Limit": "100"
69. }
70. Search
71. The search feature allows you to use our search engine. You can only search the following types of data: username, email, hash, IP address, first and last name. When you use this feature, you must have a token and a session started.
72.  
73. This feature can be reached at https://api.weleakinfo.com/v2/search/<type>/<query>. The search feature also utilizes pagination through the API. Each callback will only give back a maximum of 100 results. This is to prevent your browser or application from crashing. Pagination can be used as such https://api.weleakinfo.com/v2/search/<type>/<query>/page/1. By default the API will show the first page of results if there is no page specified.
74.  
75. Username search example:
76.  
77. URL: https://api.weleakinfo.com/v2/search/username/weleakinfo
78. POST Data: token => 33acc7464a1e62456ba619693787e1e8
79. HTTP Request Method: POST
80. HTTP Response Code: 200
81. {
82. "Total": 1,
83. "Search Time": 0.00034,
84. "Current Page": 1,
85. "Total Pages": 1,
86. "Results": [
87. {
88. "Database": "Weleakinfo.com",
89. "Username": "weleakinfo",
90. "Email": "admin@weleakinfo.com",
91. "Hash": "0192023a7bbd73250516f069df18b500"
92. },
93. ]
94. }
95. First and last name search example:
96.  
97. URL: https://api.weleakinfo.com/v2/search/name/brian_krebs
98. POST Data: token => 33acc7464a1e62456ba619693787e1e8
99. HTTP Request Method: POST
100. HTTP Response Code: 200
101. {
102. "Total": 1,
103. "Search Time": 0.00048,
104. "Current Page": 1,
105. "Total Pages": 1,
106. "Results": [
107. {
108. "Database": "Weleakinfo.com",
109. "Username": "brainkrebs",
110. "Email": "admin@krebsonsecurity.com",
111. "Hash": "d033e22ae348aeb5660fc2140aec35850c4da997",
112. "First": "Brian",
113. "Last": "Krebs"
114. },
115. ]
116. }
117. If you account has at least 100 hash queries available, you will be able to request cracking while searching. However, this will slow down the search since all the hashes found are being cracked. It will add around 5-10 seconds to your request. You can use this feature by adding crack after the query but before the pagination as such: https://api.weleakinfo.com/v2/search/<type>/<query>/crack/page/1. When a hash has been cracked, it will add a additional cracked field to the result set.
118.  
119. Every hash that is passed on to our hash API will count towards your hash queries, even if they fail to crack. If a hash it no crackable, it will simply not return a Cracked field.
120.  
121. Username search with hash cracking example:
122.  
123. URL: https://api.weleakinfo.com/v2/search/username/weleakinfo/crack
124. POST Data: token => 33acc7464a1e62456ba619693787e1e8
125. HTTP Request Method: POST
126. HTTP Response Code: 200
127. {
128. "Total": 1,
129. "Search Time": 0.00047,
130. "Current Page": 1,
131. "Total Pages": 1,
132. "Results": [
133. {
134. "Database": "Weleakinfo.com",
135. "Username": "weleakinfo",
136. "Email": "admin@weleakinfo.com",
137. "Hash": "0192023a7bbd73250516f069df18b500",
138. "Cracked": "admin123"
139. },
140. ]
141. }
142. To state the obvious, the hash API can also crack hash and salt combos.
143.  
144. Currently there is no wildcard function for the search API as we didn't see a need for it.
145.  
146. Hash
147. The hash feature allows you to query our hash API used at We Leak Info. When you use this feature, you must have a token and a session started. You can only request one hash or one hash and salt combo at a time.
148.  
149. This feature can be reached at https://api.weleakinfo.com/v2/hash/<query>.
150.  
151. Hash only request example
152.  
153. URL: https://api.weleakinfo.com/v2/hash/0192023a7bbd73250516f069df18b500
154. POST Data: token => 33acc7464a1e62456ba619693787e1e8
155. HTTP Request Method: POST
156. HTTP Response Code: 200
157. {
158. "Query Time": 0.0834,
159. "Query": "0192023a7bbd73250516f069df18b500",
160. "Result": "admin123"
161. }
162. Hash and salt combo request example
163.  
164. URL: https://api.weleakinfo.com/v2/hash/0343c88c4e3560b99e7209504a1e3074:FaS9gm{;V<T5
165. POST Data: token => 33acc7464a1e62456ba619693787e1e8
166. HTTP Request Method: POST
167. HTTP Response Code: 200
168. {
169. "Query Time": 0.0933,
170. "Query": "0343c88c4e3560b99e7209504a1e3074:FaS9gm{;V<T5",
171. "Result": "gay2"
172. }
173. Common Responses
174. Account credit response example:
175.  
176. HTTP Response Code: 400
177. {
178. "Error 400": "Not enough credit on account"
179. }
180. Server error response example:
181.  
182. HTTP Response Code: 400
183. {
184. "Error 400": "Server error, please contact support"
185. }
186. Unauthorized access response example:
187.  
188. HTTP Response Code: 401
189. {
190. "Error 401": "Unauthorized access denied"
191. }
192. Forbidden response example:
193.  
194. HTTP Response Code: 403
195. {
196. "Error 403": "Forbidden"
197. }
198. Banned IP address example:
199.  
200. HTTP Response Code: 403
201. {
202. "Error 403": "This IP address has been banned"
203. }
204. Method not allowed response example:
205.  
206. HTTP Response Code: 405
207. {
208. "Error 405": "Method not allowed"
209. }