PHPackages xposedornot/xposedornot-php - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Mail & Notifications](/categories/mail) 4. / 5. xposedornot/xposedornot-php ActiveLibrary[Mail & Notifications](/categories/mail) xposedornot/xposedornot-php =========================== PHP client library for the XposedOrNot API - check data breaches, email exposures, and password leaks v1.0.1(3mo ago)11MITPHPPHP >=8.1 Since Mar 22Pushed 3mo agoCompare [ Source](https://github.com/XposedOrNot/XposedOrNot-PHP)[ Packagist](https://packagist.org/packages/xposedornot/xposedornot-php)[ Docs](https://xposedornot.com)[ RSS](/packages/xposedornot-xposedornot-php/feed)WikiDiscussions main Synced 3w ago READMEChangelogDependencies (3)Versions (3)Used By (0) [ ![XposedOrNot](https://camo.githubusercontent.com/9eae474b374481c7712962b257de5aa864ca8d39b40eb2b2406581be174a5ec9/68747470733a2f2f78706f7365646f726e6f742e636f6d2f7374617469632f6c6f676f732f786f6e2e706e67) ](https://xposedornot.com) xposedornot-php =============== [](#xposedornot-php) Official PHP SDK for the [XposedOrNot](https://xposedornot.com) API *Check if your email has been exposed in data breaches* [![Packagist Version](https://camo.githubusercontent.com/cf9431b3f4faaf9605c4f677ca86ac0ab10671138243fa32678ee53445118062/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f78706f7365646f726e6f742f78706f7365646f726e6f742d7068702e737667)](https://packagist.org/packages/xposedornot/xposedornot-php) [![License: MIT](https://camo.githubusercontent.com/fdf2982b9f5d7489dcf44570e714e3a15fce6253e0cc6b5aa61a075aac2ff71b/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c6963656e73652d4d49542d79656c6c6f772e737667)](https://opensource.org/licenses/MIT) [![PHP Version](https://camo.githubusercontent.com/b0b6d5f16e83ecdb2339571189bb6e44a49e79db7b8e5bddf8a9530c7442eb54/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d382e312532422d3838393242462e737667)](https://www.php.net/) --- > **Note:** This SDK uses the free public API from [XposedOrNot.com](https://xposedornot.com) - a free service to check if your email has been compromised in data breaches. Visit the [XposedOrNot website](https://xposedornot.com) to learn more about the service and check your email manually. --- Table of Contents ----------------- [](#table-of-contents) - [Features](#features) - [Installation](#installation) - [Requirements](#requirements) - [Quick Start](#quick-start) - [API Reference](#api-reference) - [checkEmail](#checkemailemail) - [getBreaches](#getbreachesdomain) - [breachAnalytics](#breachanalyticsemail) - [checkPassword](#checkpasswordpassword) - [Error Handling](#error-handling) - [Rate Limits](#rate-limits) - [Configuration](#configuration) - [Contributing](#contributing) - [License](#license) - [Links](#links) --- Features -------- [](#features) - **Simple API** - Easy-to-use methods for checking email breaches, browsing breaches, and verifying passwords - **Free and Plus support** - Works with the free public API out of the box; add an API key for Plus features - **Detailed Analytics** - Get breach details, risk scores, and metrics - **Password Privacy** - Passwords are hashed locally with Keccak-512; only a 10-char prefix is sent (k-anonymity) - **Error Handling** - Typed exception classes for every failure scenario - **Configurable** - Timeout, retries, custom headers, and base URL overrides - **Secure** - HTTPS enforced, input validation, no sensitive data transmitted in plaintext Installation ------------ [](#installation) ``` composer require xposedornot/xposedornot-php ``` Requirements ------------ [](#requirements) - PHP 8.1 or higher - Composer Quick Start ----------- [](#quick-start) ``` use XposedOrNot\XposedOrNot; $client = new XposedOrNot(); // Check if an email has been breached $result = $client->checkEmail('test@example.com'); if (!empty($result->breaches)) { echo "Email found in " . count($result->breaches) . " breaches:\n"; foreach ($result->breaches as $breach) { echo " - {$breach}\n"; } } else { echo "Good news! Email not found in any known breaches.\n"; } ``` API Reference ------------- [](#api-reference) ### Constructor [](#constructor) ``` use XposedOrNot\XposedOrNot; use XposedOrNot\Configuration; // Default configuration (free API) $client = new XposedOrNot(); // Custom configuration $config = new Configuration(apiKey: 'your-api-key'); $client = new XposedOrNot($config); ``` ### Methods [](#methods) #### `checkEmail($email)` [](#checkemailemail) Check if an email address has been exposed in data breaches. Uses the free API when no API key is configured; uses the Plus API with detailed results when an API key is set. ``` // Free API - returns breach names $result = $client->checkEmail('user@example.com'); print_r($result->breaches); ``` ``` // Plus API - returns detailed breach information $config = new Configuration(apiKey: 'your-api-key'); $client = new XposedOrNot($config); $result = $client->checkEmail('user@example.com'); foreach ($result->breaches as $breach) { echo "{$breach->breachId} - {$breach->domain} ({$breach->xposedRecords} records)\n"; } ``` #### `getBreaches($domain)` [](#getbreachesdomain) Get a list of all known data breaches, optionally filtered by domain. ``` // Get all breaches $breaches = $client->getBreaches(); // Filter by domain $breaches = $client->getBreaches('adobe.com'); ``` **Returns:** Array of `BreachInfo` objects with properties such as `breachID`, `domain`, `exposedData`, `exposedRecords`, `breachedDate`, and more. #### `breachAnalytics($email)` [](#breachanalyticsemail) Get detailed breach analytics for an email address, including risk scores and metrics. ``` $analytics = $client->breachAnalytics('user@example.com'); echo "Exposed breaches: " . count($analytics->exposedBreaches) . "\n"; echo "Breach metrics:\n"; print_r($analytics->breachMetrics); ``` #### `checkPassword($password)` [](#checkpasswordpassword) Check if a password has been exposed in known data breaches. The password is hashed locally using Keccak-512 and only a 10-character prefix of the hash is sent to the API (k-anonymity). ``` $result = $client->checkPassword('mypassword'); if ($result->count > 0) { echo "Password has been exposed {$result->count} times.\n"; } else { echo "Password not found in any known breaches.\n"; } ``` Error Handling -------------- [](#error-handling) The library provides typed exception classes for different failure scenarios: ``` use XposedOrNot\Exceptions\{ XposedOrNotException, ValidationException, AuthenticationException, NotFoundException, RateLimitException, NetworkException, ApiException, }; try { $result = $client->checkEmail('invalid-email'); } catch (ValidationException $e) { echo "Invalid input: " . $e->getMessage(); } catch (AuthenticationException $e) { echo "Invalid or missing API key: " . $e->getMessage(); } catch (NotFoundException $e) { echo "Email not found in any breaches."; } catch (RateLimitException $e) { echo "Rate limit exceeded. Try again later."; } catch (NetworkException $e) { echo "Network error: " . $e->getMessage(); } catch (ApiException $e) { echo "API error: " . $e->getMessage(); } catch (XposedOrNotException $e) { echo "General error: " . $e->getMessage(); } ``` ### Exception Classes [](#exception-classes) Exception ClassDescription`XposedOrNotException`Base exception class for all errors`ValidationException`Invalid input (e.g., malformed email address)`AuthenticationException`Invalid or missing API key`NotFoundException`Resource not found (e.g., email not in any breach)`RateLimitException`API rate limit exceeded after retries`NetworkException`Network connectivity issues`ApiException`General API errorRate Limits ----------- [](#rate-limits) The XposedOrNot API has the following rate limits: - 2 requests per second - 50-100 requests per hour - 100-1000 requests per day The client includes automatic client-side rate limiting (1 request per second for the free API) and retry with exponential backoff (1s, 2s, 4s) for HTTP 429 responses. Configuration ------------- [](#configuration) All configuration is handled through the `Configuration` class: ``` use XposedOrNot\Configuration; $config = new Configuration( baseUrl: 'https://api.xposedornot.com', // Free API base URL plusBaseUrl: 'https://plus-api.xposedornot.com', // Plus API base URL passwordBaseUrl: 'https://passwords.xposedornot.com/api', // Password API base URL timeout: 30, // Request timeout in seconds maxRetries: 3, // Max retries on 429 (rate limit) apiKey: null, // API key for Plus API headers: [], // Custom headers ); $client = new XposedOrNot($config); ``` ### Configuration Options [](#configuration-options) OptionTypeDefaultDescription`baseUrl``string``'https://api.xposedornot.com'`Base URL for the free API`plusBaseUrl``string``'https://plus-api.xposedornot.com'`Base URL for the Plus API`passwordBaseUrl``string``'https://passwords.xposedornot.com/api'`Base URL for the password API`timeout``int``30`Request timeout in seconds`maxRetries``int``3`Maximum retry attempts on rate limit (429)`apiKey``string|null``null`API key for Plus API access`headers``array``[]`Custom headers to include in all requestsContributing ------------ [](#contributing) Contributions are welcome! Please feel free to submit a Pull Request. 1. Fork the repository 2. Create your feature branch (`git checkout -b feature/amazing-feature`) 3. Commit your changes (`git commit -m 'Add some amazing feature'`) 4. Push to the branch (`git push origin feature/amazing-feature`) 5. Open a Pull Request ### Development Setup [](#development-setup) ``` # Clone the repository git clone https://github.com/XposedOrNot/XposedOrNot-PHP.git cd XposedOrNot-PHP # Install dependencies composer install # Run tests ./vendor/bin/phpunit # Run static analysis (if configured) composer analyse ``` License ------- [](#license) MIT - see the [LICENSE](LICENSE) file for details. Links ----- [](#links) - [XposedOrNot Website](https://xposedornot.com) - [API Documentation](https://xposedornot.com/api_doc) - [Packagist Package](https://packagist.org/packages/xposedornot/xposedornot-php) - [GitHub Repository](https://github.com/XposedOrNot/XposedOrNot-PHP) - [XposedOrNot API Repository](https://github.com/XposedOrNot/XposedOrNot-API) --- Made with care by [XposedOrNot](https://xposedornot.com) ### Health Score 36 — LowBetter than 79% of packages Maintenance82 Actively maintained with recent releases Popularity4 Limited adoption so far Community6 Small or concentrated contributor base Maturity44 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 2 Last Release 93d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/5f43563bd49960012a6063be04c0d04cd99c6616d93ca10871cc090dc6a39a2a?d=identicon)[xposedornot](/maintainers/xposedornot) --- Top Contributors [![DevaOnBreaches](https://avatars.githubusercontent.com/u/42059413?v=4)](https://github.com/DevaOnBreaches "DevaOnBreaches (2 commits)") --- Tags apisecurityemailpasswordbreachdata breachxposedornot ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/xposedornot-xposedornot-php/health.svg) ``` [![Health](https://phpackages.com/badges/xposedornot-xposedornot-php/health.svg)](https://phpackages.com/packages/xposedornot-xposedornot-php) ``` ### Alternatives [erag/laravel-disposable-email A Laravel package to detect and block disposable email addresses. 252143.0k](/packages/erag-laravel-disposable-email)[martian/spammailchecker A laravel package that protect users from entering non-existing/spam email addresses. 422.1k](/packages/martian-spammailchecker) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)