API overview: endpoints, auth, response format, and rate limits at a glance

Last updated May 19, 2026API

The Valid Email Checker REST API lets you wire email verification into anything — signup forms, lead-enrichment workflows, CRM integrations, custom dashboards. This page is the high-level map: base URL, the three endpoints, authentication, response shape, and rate limits. The endpoint-specific articles drill into each one.

What you can do

Verify single emails in real time — ideal for signup-form validation and lead capture.
Verify lists asynchronously — submit a batch, poll for results.
Drive workflows — power CRM imports, marketing automation, or any pipeline that touches contact data.
Build custom UIs — your own verifier on top of our infrastructure.

Base URL

All requests go to:

https://app.validemailchecker.com/api/

The three endpoints

Method	Path	What it does
`POST`	`/verify-single`	Verify one email address synchronously
`POST`	`/verify-bulk`	Submit a list — get back a `task_id`
`GET`	`/get-results/{task_id}`	Retrieve bulk-verification results by task ID

Single verification returns the result in the same response. Bulk is a two-step asynchronous flow: create a task, then poll for results.

Authentication

Every request needs an API key passed as a Bearer token in the Authorization header:

Authorization: Bearer YOUR_API_KEY

Treat your API key like a password

Never commit it to a public repo. Never share it. Use environment variables. If a key is exposed, regenerate it immediately from the Developer page.

Example request

bash

curl -X POST https://app.validemailchecker.com/api/verify-single \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"email": "user@example.com"}'

Before you start

1. Make a credit purchase

API access unlocks after your first credit purchase — any PAYG package or any monthly plan qualifies. This keeps automated abuse of the free signup credits off the platform while leaving the dashboard fully usable on the free tier. See pricing and bonus credits.

2. Generate an API key

Open the Developer page from the sidebar of your dashboard. Click Generate, confirm a 6-digit code sent to your email, and copy the key. The full key is shown exactly once — store it somewhere safe immediately.

See generating API keys for the full walkthrough.

How credits work over the API

1 credit per email, whether single or bulk.
Credits are deducted as verification completes.
`unknown` results are auto-refunded — you never pay for an answer we could not produce.
API and dashboard share one credit pool. There is no separate "API credits" balance.

See the credit system explained for buckets and consumption order.

Response format

All responses are JSON.

Successful single verification

json

{
  "email": "user@example.com",
  "status": "safe",
  "is_valid": true,
  "is_disposable": false,
  "is_role_account": false,
  "is_catch_all": false,
  "is_free_email": true,
  "mx_found": true,
  "domain": "example.com",
  "risk_score": 15,
  "deliverability": "high",
  "credits_used": 1,
  "verified_at": "2026-05-19T10:30:00.000Z",
  "reason": "Valid mailbox"
}

Error response

json

{
  "error": "Invalid or inactive API key"
}

Status values

Status	Description	Safe to send?
`safe`	Valid, deliverable mailbox	Yes
`risky`	Deliverable but flagged (uncommon in practice)	Use caution
`invalid`	Mailbox does not exist	No
`disposable`	Throwaway/temporary email service	No
`catch_all`	Domain accepts mail to any address	Use caution
`role_account`	Team address (info@, support@, etc.)	Depends
`spamtrap`	Honeypot — sending will hurt your reputation	Never
`inbox_full`	Mailbox at capacity right now	Retry later
`disabled`	Account was deactivated	No
`unknown`	Couldn't complete verification (auto-refunded)	Retry later

For the full breakdown of what each status means and what to do with it, see result types explained.

Response fields

Field	Type	Description
`email`	string	The address that was verified
`status`	string	Verification result (see table above)
`is_valid`	boolean	Whether the email is deliverable
`is_disposable`	boolean	Throwaway/temporary email?
`is_role_account`	boolean	Team email (info@, admin@)?
`is_catch_all`	boolean	Domain accepts everything?
`is_free_email`	boolean	Free provider (Gmail, Yahoo, etc.)?
`mx_found`	boolean	Domain has MX records?
`domain`	string	Domain portion of the email
`risk_score`	integer	0–100 (lower = safer)
`deliverability`	string	`high`, `medium`, `low`, or `unknown`
`credits_used`	integer	Credits consumed (usually 1)
`verified_at`	string	ISO 8601 timestamp
`reason`	string	Human-readable explanation

Rate limits

Endpoint	Per-minute limit	Daily limit
`/verify-single`	60	10,000
`/verify-bulk`	60	10,000
`/get-results/{task_id}`	120	10,000

Exceed either limit and you get a 429 Too Many Requests with a Retry-After header. See rate limits and error handling for the full error matrix and code patterns.

Security features

SHA-256 hashed key storage — the plain-text key is never stored. We can only show it once at creation.
Email verification on new keys — a 6-digit code confirms account ownership.
Per-minute and per-day rate limits with rolling windows.
Automatic IP blocking on repeated authentication failures or abuse patterns.
Per-key lifecycle controls — disable, regenerate, or delete any key from the dashboard.

Quick start

Generate a key on the Developer page (after your first credit purchase).
Make a test request to /verify-single with a known-good address.
Check the JSON response — status: "safe" means everything is wired up.

Next steps

Generate and manage API keys Single verification endpoint Bulk verification endpoint Rate limits and error handling