Searching individual breached accounts via the API depends on how many requests you want to make per minute (RPM). The higher the RPM you require, the higher the subscription tier you’ll need.
If you’re unsure which subscription tier best fits your usage, you can use the plan finder to estimate the most suitable subscription:
https://haveibeenpwned.com/Subscription
For example, if you need to search 1,000,000 email addresses:
- A Core 1 subscription at 10 requests per minute (RPM) would take approximately 100,000 minutes (~69 days)
- A Pro 1 subscription can search up to 1,000 requests per minute, significantly reducing the total time required
- A High RPM 12000 subscription could complete the same task in approximately 1.4 hours
(Assumes you can sustain requests at the maximum rate)
Note: The rate limit represents the maximum allowed request rate. In practice, it’s best to stay slightly below this to avoid HTTP 429 (rate limit) responses.
Pro and High RPM tiers also include access to k-anonymity, allowing you to query data without sending full identifiers. Only a partial value is shared with the API, and the final matching happens on your side.
If you already have a subscription and need to upgrade, you can do so via the Subscription link in your dashboard.