Ship Breach Detection in Hours, Not Months
REST API with <100ms response. Python & Node.js SDKs included. Plans from $5/mo.
curl -H "x-api-key: YOUR_KEY" https://plus-api.xposedornot.com/v3/check-email/user@example.comWant to test the data first? Try a free domain check
The Breach Data Behind the API
Time to build breach detection from scratch
Source: Ponemon Institute, 2024
The Engineering Burden
Your users expect you to detect compromised accounts. But sourcing breach data is legally complex, parsing breach dumps requires specialized infrastructure, and maintaining a real-time index of 11B+ records is a full-time engineering project.
The Opportunity Cost
Building it in-house takes 3-6 months and a dedicated team. Buying from legacy vendors means $5K+/mo and a sales cycle longer than your sprint. Meanwhile, account takeover attacks hit your users every day you wait.
xonPlus API gives you a single endpoint, <100ms response, and full breach coverage. Ship breach detection in hours, not months.
Your Devs Will Love It. Your Legal Team Will Approve It.
Production-ready breach detection: fast to integrate, safe to deploy, priced to scale
Deploy in Under 5 Minutes
One endpoint, one header, plug-and-play SDKs for Python and Node.js. No SDK quirks, no proprietary protocols. Just HTTPS and JSON.
Privacy by Design
Stateless lookups. We never store or log submitted emails. TLS 1.3, US-based infrastructure, audit-ready for SOC 2 conversations.
Complete Breach Data
Each match returns the breach source, date, exposed fields, record count, and password-risk classification. Not just a yes/no.
Built for Scale
From 50 requests/min prototypes to 25,000 requests/min production workloads, with flat monthly pricing and no surprise overage fees.
See the API in Action
Live request examples, response formats, and your usage dashboard
API Documentation
cURL Request
curl -X GET "https://plus-api.xposedornot.com/v3/check-email/email@domain.com?detailed=true" \
-H "x-api-key: APIKEY" \
-H "Content-Type: application/json"Python Request
import requests
url = "https://plus-api.xposedornot.com/v3/check-email/email@domain.com"
headers = {
"x-api-key": "APIKEY",
"Content-Type": "application/json"
}
params = {
"detailed": "true"
}
response = requests.get(url, headers=headers, params=params)
result = response.json()
print(result)What customers are saying
Verified reviews from G2
Sundar Kumar
IT and Product Head, Corent Technology
"Xposedornot is a useful tool for data breach alerting systems. Every organization requires this tool to verify domain ownership and receive relevant alerts. It empowers organizations to stay ahead of cyber threats. Its user-friendly design and seamless integration make it a valuable asset for proactive data security."
Miguel Mendes
IT Security Lead, Bluecom
"What I like most about ExposedOrNot is its real-time dashboard that allows you to monitor the security status of our data at a glance. Email alerts, as well as integration with Slack and Teams, are very practical features for being immediately informed in case of a breach. Moreover, the dashboard presents various important data, such as the history of violations and potential exposure, which helps to better understand and manage the security of our information."
Bertold Kolics
VP Engineering, Verosint
"I have been working with XposedOrNot from the early days. My experience could not have been better. The service scales well, performs well under high load and it has a large set of breach data dating back to several years."
Senthil K
Information Security Officer, Invicara
"The CXO dashboard gives our board a clear picture of breach trends and risk reduction over time. We use the monthly reports directly in our ISO 27001 audit evidence. Setup was live in under 15 minutes."
Three Lines of Code. That's It.
Get your API key, make a request, use the data
const res = await fetch('https://plus-api.xposedornot.com/v3/check-email/user@example.com?detailed=true', { headers: { 'x-api-key': 'YOUR_API_KEY' } });
const { breaches } = await res.json();
// breaches: [{ breach_id: 'Wanelo', breached_date: '2018-12-01...', xposed_data: 'Emails;Passwords', ... }]Pick a Plan & Get Your API Key
Subscribe to any plan from $5/mo. Your API key is provisioned instantly in the console.
Make a Request
Query by email, domain, or phone. Get results in under 100ms from any region.
Use the Data
Receive structured JSON with breach names, dates, exposed fields, and risk scores.
Works With Every Stack
Python, Node.js, Go, Java. If it speaks HTTP, it works with xonAPI+
Developer-First Integration
One API key. One endpoint. Full breach data in a single GET request. Python and Node.js SDKs included.
our quick start guide
What makes integration simple
Multiple Language Support
JavaScript, Python, Go, Java, and more
Complete Documentation
Detailed Swagger docs, and interactive examples
Production Ready
Per-key rate limits, key rotation, and request-level audit logging
Pay for What You Use, Starting at $5/mo
No query surprises. No overage fees. Upgrade or cancel anytime.
Basic
Growth
Ultimate
UltimatePlus
| Compare plans | Basic $5.00 /mo | Growth $21.00 /mo | MOST POPULAR Ultimate $73.00 /mo | UltimatePlus $147.00 /mo |
|---|---|---|---|---|
| Rate limit | 50 req/min | 250 req/min | 1,250 req/min | 2,500 req/min |
| Approx peak throughput | ~1 req/sec | ~4 req/sec | ~21 req/sec | ~42 req/sec |
| Priority support | — | — | ||
| Webhook notifications | — | — | ||
| Batch endpoint access | — | — | ||
| Dedicated account manager | — | — | — | |
All plans include: JSON + structured responses, Python & Node.js SDKs, cancel anytime, 30-day money-back guarantee
All plans include a 30-day money-back guarantee
High-Volume Plans
For large-scale integrations. All include priority support.
Questions Developers Ask Before Integrating
Authentication, rate limits, data formats, and privacy
Your First API Call Is 15 Minutes Away
Live in 15 minutes. 30-day money-back guarantee.