Higher Supporting the Have I Been Pwned API with Zendesk | Elevate Tech

I have been spending numerous time on Have I Been Pwned (HIBP) these days, from every thing ordinary (ie monitoring plenty of information breaches) to every thing new, particularly increasing and enhancing the general public API. The API is definitely fairly easy: enter an electronic mail handle, get a end result, and that is a clearly documented course of. However the place issues get extra nuanced is when individuals pay cash for it as a result of abruptly, there are totally different expectations. For instance, how do you cancel a subscription as soon as it has began? You may learn the directions when registering for a key, however who remembers what they learn months in the past? There’s additionally the next expectation of help for every thing from methods to construct an API request to what to do once you hold getting 429 responses since you’re (supposedly) making too many requests. And sure, a few of these queries are, um, “fundamental”, however they’re nonetheless issues that folks need help with.

Initially, all HIBP emails got here from [email protected] as a result of they had been merely not ready to offer help. In my naivety, I assumed that folks would see “no reply” and never reply. As a substitute, they’d ship an electronic mail to that handle, get annoyed when there was no response (from the “no response” handle…) and search for my private contact data. Or they’d file a dispute with Stripe as a result of they despatched an electronic mail to [email protected] requesting that their subscription be unsubscribed and it was not. So in September I began on the lookout for a greater answer:

I’m considering of building a extra formal help course of for @talking, particularly for individuals who purchase API keys and have questions on billing or implementation. Any ideas on a service? One thing that may classify requests, perhaps even have FAQs. Ideas?

—Troy Hunt (@troyhunt) September 29, 2022

This was a non-trivial train. We have all used help providers earlier than, so we have now an thought of ​​what to anticipate from an end-user perspective, but it surely’s a distinct story when you dive into all of the admin bits behind them. Frankly, I discover this type of stuff boring, however fortunately it is a chore. my amazing wife charlotte gladly collected. Recently he has grow to be increasingly concerned in all issues troyhunt.com and HIBP because it brings order, calm and admittedly the sanity I so desperately want in my in any other case loopy and demanding skilled life. We additionally realized that if we obtained this proper, she would have the ability to deal with numerous the help queries that I beforehand did myself, so she would at all times play an enormous position in selecting the help platform.

Primarily based closely on Charlotte’s work, we settled on Zendesk and quietly printed help.haveibeenpwned.com a couple of week in the past:

There’s an FAQ that covers a bunch of often requested questions, troubleshooting that addresses frequent issues, and naturally the flexibility to submit a request if you happen to nonetheless need assistance. These are all a piece in progress, and we’ll be including much more content material in response to queries, so long as it is the best factor to do. Talking of which:

This service is for public enterprise API key customers solely, not for normal HIBP queries.

Why? As a result of I continually get queries like this:

Uh… and why am I sleeping through the day?! pic.twitter.com/BUGTJtgl7t

—Troy Hunt (@troyhunt) November 1, 2022

Is that even a question? I dont know! However I do know that somebody took the time to search for my private electronic mail handle this week and despatched it to me, and it is No the form of issues we’ll be responding to at Zendesk. They’re additionally not queries of the next sort:

I have been pwned, now what?

EITHER:

How do I take away my information from information breaches?

Or one in every of my private favorites:

I demand that you just take away all my information from information breaches or you’ll obtain a letter from my lawyer!

This entire information breach situation is a overseas idea to lots of people, and I perceive there are questions, however Charlotte and I am unable to run a free service and concurrently reply queries like this from the plenty. However queries coming by means of Zendesk are one thing we are able to handle because it has a transparent scope, there are numerous supporting paperwork and for probably the most half we’re coping with tech professionals who perceive this world a little bit higher than the typical punter within the first place.

As I introduced in final week’s weblog put up, we’re transferring ahead with new annual billing and price caps for the API key, and getting this half out first was at all times an necessary prerequisite. It is all a part of getting ready for greater issues to return for HIBP 😊

They’ve cheated me?