Once your payment is confirmed, you'll receive a receipt from Stripe. Your subscription is immediately active. Here's how to get up and running:
1. Sign in to your dashboard
Go to haveibeenpwned.com/Dashboard and enter the email address you used to purchase. A magic link will be sent to that address — click it to sign in. No password is required.
2. Retrieve your API key
Once signed in, navigate to Business → API Key. Your key is displayed here and can be rotated at any time. Keep it secure — it should never be exposed in client-side code or public repositories.
3. Make your first API call
Pass your key in the hibp-api-key request header. Full endpoint documentation is at haveibeenpwned.com/API/v3. A free test key (00000000000000000000000000000000) is available for testing against the hibp-integration-tests.com domain before using your real key.
4. Add and verify your domains (if using Domain Search)
Go to Business → Domain Search and add the domains you want to monitor. Each domain must be independently verified — see How do I verify my domain? for the available verification methods.
If you have any trouble signing in, see Why do I keep getting "verification failed" when attempting to sign in?