How do I get a Valid Email Checker API key?
API access on Valid Email Checker is gated behind a first credit purchase. The smallest credit pack is $5 (2,100 credits with the bonus). Once any purchase has cleared on your account — PAYG pack or monthly plan, either counts — API key generation becomes available from the Developer page in your dashboard. After that, the API stays unlocked for that account permanently.
Getting to the Developer page
The sidebar item is labeled Developer (not "API Access" or "API Keys"). It lives between Buy Credits and Account Settings in the dashboard sidebar, but it only appears to account owners — team members do not see it because they cannot generate API keys on someone else's account.
Generating a key
- Sign into the dashboard at app.validemailchecker.com.
- Click Developer in the left sidebar.
- Click Generate New API Key (or Generate Your First API Key if this is your first one).
- A 6-digit verification code is sent to your account email. Enter it in the modal to confirm you own the account. The code expires in 5 minutes; click Resend Code if it does.
- Give the new key a descriptive name — Production server, Mailchimp middleware, Local dev, etc. Helps when you have several.
- The new key appears in a one-time view. Copy it now — we hash it before storing, so you cannot retrieve it again after closing the modal.
- Paste the key into your application's secrets store (environment variable, vault, etc.). Treat it like a password.
The key format
Every key issued by Valid Email Checker has the same shape:
- Starts with the prefix `VEC` (no underscore — just the three letters).
- Followed by 32 random characters from a curated alphabet.
- The alphabet deliberately excludes confusable characters — no
O,I,o,i,l,0, or1. Makes the key safe to read aloud or type by hand if needed. - Total length: 35 characters.
A real key looks like: VECabcdefghjk23mnpqrstuvwxyz234567 (not a working key — just an illustration of the shape).
VEC, it is not a Valid Email Checker key — likely a copy-paste mistake or a key from a different service. Generate a fresh one to be safe.Why we only show the key once
We store API keys as a SHA-256 hash, not in plaintext. Even if our database were ever compromised, your keys would not be exposed as readable strings. The trade-off is that we cannot show you the key again after creation — if you lose it, generate a new one and update your application.
You can have multiple active keys simultaneously. There is no per-account limit. Common pattern: one key per environment (production, staging, local dev) or one per integration. If a key is ever exposed, revoke just that key from the Developer page without disrupting the others.
Using the key
API keys go in the Authorization header as Bearer tokens. The actual API endpoint URL is on the main app.validemailchecker.com domain:
curl -X POST https://app.validemailchecker.com/api/verify-single \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"email": "test@example.com"}'api. subdomain. We do not — the API lives at app.validemailchecker.com/api/.... If you see code samples elsewhere pointing at an api.validemailchecker.com host, those will not resolve. The actual endpoints are /api/verify-single, /api/verify-bulk, and /api/get-results/{task_id}.Managing keys after creation
The Developer page shows a table of every key on your account with these columns:
| Column | What it shows |
|---|---|
| Date Created | When the key was generated |
| Status | Active or Disabled |
| API Title | The name you gave it |
| API Key | Masked — click the eye icon to reveal a partial preview, copy icon to copy |
| Credits Used | Total credits consumed through this specific key |
| Actions | Three-dot menu: rename, regenerate, disable, delete |
- Rename — change the friendly name without touching the key value.
- Regenerate — produces a fresh key value while keeping the same title and settings. Use when a key has been exposed; the old value stops working immediately.
- Disable — temporarily deactivates without deleting. The key returns
403 API key is suspendedto any request; re-enable any time. - Delete — permanently removes the key. Cannot be undone; the row disappears from the table.
For the full walkthrough
See generating API keys — a longer guide with the screenshots, environment-variable patterns for bash/PowerShell/Node/Python, and the troubleshooting checklist.
Next steps
Related questions
Still stuck? Email support