Yes. Managed Service Providers (MSPs) can purchase a Pro or Enterprise plan to monitor the domains of the organisations they support.
Pro plans for MSPs
Pro plans are designed for monitoring at scale and include features specifically built for MSP use cases:
- Bulk domain enrolment
- Auto subdomain verification (verify the apex domain once, then add subdomains without individual verification)
- Monitoring for up to 800 domains depending on the tier
- Direct email search and k-anonymity email search
- API rate limits up to 16,000 RPM
- Access to stealer log data
All Pro plans include unlimited breached addresses per domain, so sizing is based on the number of domains you need to monitor rather than domain size. Choose the Pro tier that covers the total number of customer domains you want to manage.
If you’re unsure which tier best suits your needs, you can use the plan finder to determine the most appropriate subscription:
https://haveibeenpwned.com/Subscription
Verifying customer domains
Domains must be verified before they can be monitored. This confirms you have appropriate authorisation to access breach data for that domain. Pro subscribers have two ways to verify domains at scale via API, making it practical to onboard large numbers of customer domains without manual effort.
DNS verification
Suitable when you have access to the customer's DNS. The process can be fully scripted and run across multiple domains:
- Call the HIBP API to generate a TXT record token for the domain
- Add that token as a TXT record in the customer's DNS via your DNS provider's API
- Call the HIBP API to validate that the token is present
Step 3 can be retried automatically until DNS propagation completes. Full documentation: haveibeenpwned.com/API/v3#VerifyDomainViaDns
Email verification
Suitable when you do not control the customer's DNS. The customer only needs to click a link in an email to complete verification:
- Call the HIBP API and specify which standard admin alias to send the verification email to (for example, admin@, webmaster@, or postmaster@)
- Someone at the customer's organisation receives the email and clicks the verification link
Full documentation: haveibeenpwned.com/API/v3#VerifyDomainViaEmail
When Pro isn’t enough: Enterprise subscription options
For larger organisations and MSPs with more complex requirements, HIBP offers an Enterprise channel with bespoke commercial terms, contractual documentation, and white-label deployment options. To find out more, submit a support request including details about your organisation and how you intend to use the service.