…and here is the link to the reference for how to use that particular API endpoint with HTTP requests:
To be clear this is the function used, I didn’t just find something that looks like its named correctly.
Following from here in the users service it goes to this 
server call → native-rpc / core.clj → a function named signup-with-email → a call to is-password-pwned from runtime-util / util.clj → contains the HTTP endpoint code referenced in the above post.