HaveIBeenPwned.Client is a .NET HTTP client for the "have i been pwned" API service from Troy Hunt. This library is comprised of three NuGet packages:

• HaveIBeenPwned.Client
• HaveIBeenPwned.Client.Abstractions
• HaveIBeenPwned.Client.PollyExtensions

Consumers of the API can use the abstractions for the models returned from the API, while server APIs can consume and wrap the client.

Getting started

Install from the .NET CLI:

dotnet add package HaveIBeenPwned.Client

Alternatively add manually to your consuming .csproj:

<PackageReference Include="HaveIBeenPwned.Client" Version="{VersionNumber}" />

Or, install using the NuGet Package Manager:

Install-Package HaveIBeenPwned.Client

Dependency injection

To add all of the services to the dependency injection container, call one of the AddPwnedServices overloads. From Minimal APIs for example, with using a named configuration section:

builder.Services.AddPwnedServices(
    builder.Configuration.GetSection(nameof(HibpOptions)));

From a ConfigureServices method, with an IConfiguration instance:

services.AddPwnedServices(options =>
    {
        options.ApiKey = _configuration["HibpOptions:ApiKey"];
        options.UserAgent = _configuration["HibpOptions:UserAgent"];
    });

Then you can require any of the available DI-ready types:

• IPwnedBreachesClient: Breaches API.
• IPwnedPastesClient: Pastes API.
• IPwnedPasswordsClient: Pwned Passwords API.
• IPwnedClient: Marker interface, for conveniently injecting all of the above clients into a single client.

Without dependency injection

If you're not using the DI approach, simply instaniate PwnedClient with your API key and use it as you see fit.

IPwnedClient client = new PwnedClient("<API Key>");
// TODO: Use client...

Example Minimal APIs

Configuration

To configure the HaveIBeenPwned.Client, the following table identifies the well-known configuration object:

Well-known keys

Depending on the .NET configuration provider your app is using, there are several well-known keys that map to the HibpOptions that configure your usage of the HTTP client. When using environment variables, such as those in Azure App Service configuration or Azure Key Vault secrets, the following keys map to the HibpOption instance:

Key	Data type	Default value
HibpOptions__ApiKey	string	null
HibpOptions__UserAgent	string	".NET HIBP Client/{AssemblyFileVersion}"

The ApiKey is required, to get one — sign up here: https://haveibeenpwned.com/api/key

Example appsettings.json

{
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft": "Warning",
      "Microsoft.Hosting.Lifetime": "Information"
    }
  },
  "AllowedHosts": "*",
  "HibpOptions": {
    "ApiKey": "<YourApiKey>",
    "UserAgent": "<YourUserAgent>"
  }
}

For more information, see JSON configuration provider.