[sah2ed]

Troy Hunt explained how to find out if your password is pwned using the API in a comment [0]:

You need to look at the request being generated. Here's how to do it:

1) The SHA-1 of P@ssw0rd is 21BD12DC183F740EE76F27B78EB39C8AD972A757: https://passwordsgenerator.net/sha1-hash-generator/

2) Pass the first 5 chars to the API here: https://api.pwnedpasswords.com/range/21BD1

3) Find the suffix in the response and it has the count next to it: 2DC183F740EE76F27B78EB39C8AD972A757:51259

[0]: https://www.troyhunt.com/the-773-million-record-collection-1...