API Now Requires a Paid Account

Question

API Now Requires a Paid Account

brandon-carag opened this issue 5 years ago · comments

Brandon Carag commented 5 years ago

It looks like the API will soon require users to have a paid account--Any plans to update the gem accordingly?

https://haveibeenpwned.com/API/Key

Phil Nash · Answer 1 · Sat Jul 20 2019 06:59:20 GMT+0800 (China Standard Time)

As far as I can tell, the API key doesn’t affect the Pwned Passwords section of the API. From the blog post:

One important distinction: this doesn't apply to the APIs that don't pull back information about an email address; the API listing all breaches in the system, for example, is not impacted by any of the changes outlined here. It can be requested with version 3 in the path, but also with previous versions of the API. Because it returns generic, non-personal data it doesn't need to be protected in the same fashion (plus it's really aggressively cached at Cloudflare). Same too for Pwned Passwords - there's absolutely zero impact on that service.

So I don’t believe anything needs to be done. Do you agree?

Brandon Carag · Answer 2 · Sat Jul 20 2019 08:06:11 GMT+0800 (China Standard Time)

I think you're right; the post seems to imply a distinction between the "Have I been Pwned" service and the "Pwned Password" service. Since it sounds like there's not going to be an impending deprecation of API v1 or v2 for the "Pwned Password" service, I imagine the auth requirement won't be imposed.

Thanks for the prompt response!

Phil Nash · Answer 3 · Tue Jul 23 2019 14:09:14 GMT+0800 (China Standard Time)

No worries. I'll close this issue now, but I am going to follow up with Troy just to properly confirrm this. Will open again and fix if I'm wrong.

Phil Nash · Answer 4 · Tue Jul 23 2019 14:13:42 GMT+0800 (China Standard Time)

Didn't need to ask, someone else already had!

https://twitter.com/troyhunt/status/1151806919457329153

We're all good, no work to do.