Direct API Access

Solution Information

A RESTful web API that is simple to use!
Password RBL strives to make deploying and using password blacklisting easy. Our API is RESTful and there are no complicated session keys to manage. In just a few lines of code, you can be using the Password RBL password blacklist to prevent the use of bad passwords that lead to unauthorized access and data loss

Easy API guide and sample code
If deploying Password RBL on your site wasn’t easy enough, we have an API guide written in plain English that is easy to understand. And, we even provide sample code so you can see just how to implement Password RBL on your site or app.

Custom Blacklisted Passwords
The curated Password RBL database contains over 75 million bad password combinations, but there are many password choices that would be bad choices for one particular company, but not necessarily another. For example, any publicly accessible information about a business shouldn’t be used – things like the company address or slogan. Use our API for managing your custom blacklist, or use our provided PowerShell-based utility that runs on any Windows computer.

Layers of Security
Password RBL was designed with security first. Passwords are salted and hashed 30,000 times with the industry standard PBKDF2 algorithm before being sent to the Password RBL API. Customers can also choose to submit only a portion of the hashvalue for additional security assurances. Furthermore, all communications with the API are secured with TLS connections and can be anonymous, too. And Password RBL has a zero-logging policy so query strings sent to the service never get written to disk.

Lightweight Solution
Password RBL can be implemented in just a few lines of code on your authenticating server, and there is nothing for you to download and manage on your systems or that end-users download as part of the login process that slows them down or eats up their allocated bandwidth on metered connections.