[Discussion/Question] Impact of changes on HIBP API

[antonio-gil]

Hi!

Today, Troy Hunt announced via Twitter that there will be some changes on how the API of HIBP will be working on 4 weeks from today (that is, Aug. 18), and these changes are detailed on a post in his blog.

Basically, the TL;DR is that (although I recommend to read the post, as it explains the "why" in a detailed way):

• There will be an authentication process.
• There will be a cost/subscription model.

So, well, although I have a few ideas about how that will impact to several services/applications that consume the provided data, I wanted to ask if you:

1) Have already seen the post. 2) Have though about what that will mean to the project itself^[1].

Thanks in advance.

Kind regards.

---

[1] : I Know that it will be very early/premature to have something to say about this one, considering that it has been less than a day since the news broke, but nonetheless I wanted to ask (before I forget to ask, tbh)...

[Naugrimohtar]

With the new API, this plugin isn;t working as it used to. Is this still under active development? If I invest in an API key for haveibeenpwned.com, can I utilize it with this plugin?

[jakob-ledermann]

I actualy just changed it so you could use it with your own api key. But it is not yet tested... For now I decided to obtain the API Key by searching for an entry with the title "hibp-apikey" in the database and use the password of that entry as api key.

As it is my first work on an Keepass Plugin I used this mechanism so i don't have to worry with UI and persistency. Maybe you could provide some input to this question?

[jakob-ledermann]

By the way the two options "check by domain" and "check by password" still work fine as those API's were not affected by the above mentioned changes.

[andrew-schofield]

Thanks to @jakob-ledermann the latest release of the plugin now fully supports the v3 authentication mechanism :)