Limito.net
Contact

API

Simple endpoints for exposure checks.

The public interface uses the same server routes listed here. Responses are intended for user-facing triage, not proof of compromise.

Email scan

POST /api/scan

Send a JSON body with an email field. The response returns a masked report with risk, findings, source status, and tips.

Password check

POST /api/password

Send a SHA-1 hashPrefix and hashSuffix. The raw password should be hashed in the browser before the request.

Privacy

Email reports mask the searched address. Password checks send only hash pieces to the server and proxy the Pwned Passwords range lookup.