Password Strength API
Score password strength (zxcvbn), check breaches via HIBP, generate strong passwords, enforce policies.
Coming soon on RapidAPI ↗Assess password security instantly with no storage of the password itself.
All checks are performed in‑memory, preserving confidentiality.
Endpoints
| Method | Path | Description |
|---|---|---|
| POST | /check | zxcvbn score + crack times |
| POST | /pwned | HIBP k‑anonymity breach check |
| POST | /generate | generate |
| POST | /policy | policy |
Quick start
cURL (via RapidAPI)
curl --request curl \
--url 'https://password-strength2.p.rapidapi.com/-X POST "https://password-strength2.p.rapidapi.com/check" -H "X-RapidAPI-Key: YOUR_KEY" -H "X-RapidAPI-Host: password-strength2.p.rapidapi.com" -H "Content-Type: application/json" -d '' \
--header 'X-RapidAPI-Key: YOUR_KEY' \
--header 'X-RapidAPI-Host: password-strength2.p.rapidapi.com' \
--header 'content-type: application/json' \
--data '{"password":"P@ssw0rd123"}''JavaScript (fetch)
const res = await fetch('https://password-strength2.p.rapidapi.com/-X POST "https://password-strength2.p.rapidapi.com/check" -H "X-RapidAPI-Key: YOUR_KEY" -H "X-RapidAPI-Host: password-strength2.p.rapidapi.com" -H "Content-Type: application/json" -d '', {
method: 'curl',
headers: {
'X-RapidAPI-Key': 'YOUR_KEY',
'X-RapidAPI-Host': 'password-strength2.p.rapidapi.com',
'content-type': 'application/json'
},
body: JSON.stringify({"password":"P@ssw0rd123"}')
});
const data = await res.json();Example response
{
"score": 1,
"guesses": 15000,
"guessesLog10": 4.18,
"crackTimesDisplay": {
"online_throttling_100_per_hour": "6 days",
"online_no_throttling_10_per_second": "25 minutes",
"offline_slow_hashing_1e4_per_second": "2 seconds",
"offline_fast_hashing_1e10_per_second": "less than a second"
},
"feedback": {
"warning": "This is similar to a commonly used password",
"suggestions": [
"Add another word or two. Uncommon words are better."
]
},
"calcTimeMs": 6
}Pricing
Subscribe on RapidAPI. Start free; upgrade as you scale.
Basic
Free
1,000 requests / mo
Pro
$5 / mo
100,000 requests / mo
Ultra
$20 / mo
1,000,000 requests / mo
Mega
$50 / mo
2,000,000 requests / mo
Frequently asked questions
Does the API store passwords?
No, passwords are never logged or stored.
What is the score range?
0 (very weak) to 4 (very strong).
Can I enforce custom policies?
Yes, use the /policy endpoint to define rules.
Ready to build with Password Strength?
Grab your key on RapidAPI and start on the free tier.
Coming soon on RapidAPI ↗