Valid Email Checker

How do I get a Valid Email Checker API key?

API access on Valid Email Checker is gated behind a first credit purchase. The smallest credit pack is $5 (2,100 credits with the bonus). Once any purchase has cleared on your account — PAYG pack or monthly plan, either counts — API key generation becomes available from the Developer page in your dashboard. After that, the API stays unlocked for that account permanently.

Why the paywall on API access?
It is an abuse-prevention measure. The dashboard, bulk uploads, and integrations all work on the free 150-credit tier — but programmatic API access stays gated behind a real payment so bots and scrapers cannot hammer the platform with throwaway accounts. Once you have purchased once, the API stays unlocked for that account permanently, no matter how often you top up or whether your subscription is currently active.

Getting to the Developer page

The sidebar item is labeled Developer (not "API Access" or "API Keys"). It lives between Buy Credits and Account Settings in the dashboard sidebar, but it only appears to account owners — team members do not see it because they cannot generate API keys on someone else's account.

Generating a key

  1. Sign into the dashboard at app.validemailchecker.com.
  2. Click Developer in the left sidebar.
  3. Click Generate New API Key (or Generate Your First API Key if this is your first one).
  4. A 6-digit verification code is sent to your account email. Enter it in the modal to confirm you own the account. The code expires in 5 minutes; click Resend Code if it does.
  5. Give the new key a descriptive name — Production server, Mailchimp middleware, Local dev, etc. Helps when you have several.
  6. The new key appears in a one-time view. Copy it now — we hash it before storing, so you cannot retrieve it again after closing the modal.
  7. Paste the key into your application's secrets store (environment variable, vault, etc.). Treat it like a password.

The key format

Every key issued by Valid Email Checker has the same shape:

  • Starts with the prefix `VEC` (no underscore — just the three letters).
  • Followed by 32 random characters from a curated alphabet.
  • The alphabet deliberately excludes confusable characters — no O, I, o, i, l, 0, or 1. Makes the key safe to read aloud or type by hand if needed.
  • Total length: 35 characters.

A real key looks like: VECabcdefghjk23mnpqrstuvwxyz234567 (not a working key — just an illustration of the shape).

A key that does not start with VEC is not ours
If you have a key that does not start with VEC, it is not a Valid Email Checker key — likely a copy-paste mistake or a key from a different service. Generate a fresh one to be safe.

Why we only show the key once

We store API keys as a SHA-256 hash, not in plaintext. Even if our database were ever compromised, your keys would not be exposed as readable strings. The trade-off is that we cannot show you the key again after creation — if you lose it, generate a new one and update your application.

You can have multiple active keys simultaneously. There is no per-account limit. Common pattern: one key per environment (production, staging, local dev) or one per integration. If a key is ever exposed, revoke just that key from the Developer page without disrupting the others.

Using the key

API keys go in the Authorization header as Bearer tokens. The actual API endpoint URL is on the main app.validemailchecker.com domain:

bash
curl -X POST https://app.validemailchecker.com/api/verify-single \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"email": "test@example.com"}'
No separate API subdomain
Some services use an api. subdomain. We do not — the API lives at app.validemailchecker.com/api/.... If you see code samples elsewhere pointing at an api.validemailchecker.com host, those will not resolve. The actual endpoints are /api/verify-single, /api/verify-bulk, and /api/get-results/{task_id}.

Managing keys after creation

The Developer page shows a table of every key on your account with these columns:

ColumnWhat it shows
Date CreatedWhen the key was generated
StatusActive or Disabled
API TitleThe name you gave it
API KeyMasked — click the eye icon to reveal a partial preview, copy icon to copy
Credits UsedTotal credits consumed through this specific key
ActionsThree-dot menu: rename, regenerate, disable, delete
  • Rename — change the friendly name without touching the key value.
  • Regenerate — produces a fresh key value while keeping the same title and settings. Use when a key has been exposed; the old value stops working immediately.
  • Disable — temporarily deactivates without deleting. The key returns 403 API key is suspended to any request; re-enable any time.
  • Delete — permanently removes the key. Cannot be undone; the row disappears from the table.

For the full walkthrough

See generating API keys — a longer guide with the screenshots, environment-variable patterns for bash/PowerShell/Node/Python, and the troubleshooting checklist.

Next steps