Hash API Documentation


The "hash" API is designed to provide hash-cracking capabilities for end-users, the client should submit the target hash in the query parameter.

If the hash has been cracked a plain-text value will be returned, if not it will be added to the 'cracking' queue.



The leak-lookup API requires an API key to perform queries, to find your API key please click here.


All "hash" API requests should be sent as a POST request to the following endpoint:



API requests require the following parameters:

  • key - This is the clients API key, which can found here.
  • query - This is the clients search query.


API responses contain the following fields:

  • hash
  • plaintext
  • salt


Standard Response

The following response format is returned if the end-client is using a private API key.

    "error": "false",
    "message": {
        "hashkiller": [
            { "hash": "482c811da5d5b4bc6d497ffa98491e38", "plaintext":"password123", "salt":"" },
            { "hash": "482c811da5d5b4bc6d497ffa98491e38", "plaintext":"password123", "salt":"" }

Error Response

Should an error occur, the follow response will be returned.

Please see below for an expanded explanation of all provided error messages.

    "error": "true",
    "message": ""

Error Messages

  • MISSING SEARCH QUERY - Invalid search API request, the search query parameter is missing.
  • MISSING API KEY - Invalid search API request, the search key parameter is missing.
  • MISSING REQUIRED PARAMETERS - Invalid search API request, please refer to the search API documentation.
  • EMPTY VALUE DETECTED - Invalid search API request, empty parameter detected. Please refer to the search API documentation.
  • SEARCH FAILED - Search API request failed, please try again later. If the problem persists please contact support with a log of the request.
  • REQUEST LIMIT REACHED - API daily request limit has been reached, please wait until your daily allowance renews.
  • RATE LIMIT REACHED - You have performed more than 5 requests in the last minute, please wait a further minute before querying again.
  • INACTIVE API KEY - API key is inactive, please renew under API overview or contact support.
  • INVALID API KEY - API key provided is invalid, please contact support.



Here are some command line examples using CURL, please replace {API_KEY} with the provided API key.

Hash example:

curl 'https://leak-lookup.com/api/hash' -d 'key={API_KEY}&query=5f4dcc3b5aa765d61d8327deb882cf99'