Skip to main content

PHP Quick Start

Get an API Key and Secret

If you haven’t already, sign up for a free trial.

Install the Enzoic Library

The compiled library is available as a Composer package:

composer require enzoic/enzoic

NOTE: Enzoic for PHP requires the Argon2 command line utility to be installed and runnable by your PHP application. See for installation instructions.

Try Out Our Example Code

We’ve made calling the API dead simple. This sample code snippet shows you examples of calling the four supported APIs:


use Enzoic\Enzoic;
use Enzoic\PasswordType;

// Create a new Enzoic instance - this is our primary interface for making API calls
$enzoic = new Enzoic(YOUR_API_KEY, YOUR_API_SECRET);

// Check whether a password has been compromised
$passwordCompromised = $enzoic->checkPassword('password-to-test'); 

if ($passwordCompromised === true) {
    echo 'Password is compromised';
else {
    echo 'Password is not compromised';

// Check whether a specific set of credentials are compromised
$credentialsCompromised = $enzoic->checkCredentials('', 'password-to-test'); 

 if ($credentialsCompromised === true) {
    echo 'Credentials are compromised';
else {
    echo 'Credentials are not compromised';

// checkCredentials has optional parameters offering more control over performance.
// lastCheckDate: 
// A DateTime containing the timestamp of the last credentials check you performed for this user.
// If the date/time you provide for the last check is greater than the timestamp Enzoic has for the last
// breach affecting this user, the check will not be performed.  This can be used to substantially increase performance 
// after the initial call.
// excludeHashAlgorithms: 
// An array of PasswordTypes to ignore when calculating hashes for the credentials check.   
// By excluding computationally expensive PasswordTypes, such as BCrypt, it is possible to balance the performance of this
// call against security.

// should be set to the last time you checked credentials for this user for performance
$dateOfLastCredentialsCheck = new DateTime('2020-07-01T02:05:03.000Z');

// let's exclude BCrypt and PHPBB3 
$excludeHashAlgorithms = [ PasswordType::BCrypt, PasswordType::PHPBB3 ];

$credentialsCompromised = $enzoic->checkCredentials('', 'password-to-test', 
    $dateOfLastCredentialsCheck, $excludeHashAlgorithms);
if ($credentialsCompromised === true) {
    echo 'Credentials are compromised';
else {
    echo 'Credentials are not compromised';

// get all exposures for the given user
$userExposures = $enzoic->getExposuresForUser('');

echo count($userExposures).' exposures found for';
// now get the full details for the first exposure returned in the list
$exposureDetails = $enzoic->getExposureDetails($userExposures[0]);

echo 'First exposure for was '.$exposureDetails->{'title'};


Learn More

That should get you started. Check out the Github project page for more details.