Skip to main content

Welcome to the Vouch API

The Vouch API provides real-time email validation and fraud detection through a simple REST API. Built on Cloudflare Workers, our API delivers sub-second response times from 275+ global data centers.

Base URL

https://api.vouch.expert

Quick Example

curl -X POST https://api.vouch.expert/validate \
  -H "Authorization: Bearer your_api_key" \
  -H "X-Project-Id: your_project_id" \
  -H "Content-Type: application/json" \
  -d '{"email": "[email protected]"}'

API Versioning

Vouch supports both versioned and unversioned endpoints:
  • Latest (recommended): /validate - Always uses the current stable version
  • Versioned: /v1/validate - Locked to API version 1
We recommend using the latest endpoint for new integrations. Versioned endpoints are available for backward compatibility.

Authentication

All API requests require authentication via API keys:

Headers

Authorization
string
required
Bearer token with your API key
Authorization: Bearer your_api_key_here
X-Project-Id
string
required
Your project ID
X-Project-Id: your_project_id

API Key Types

Client Keys

For browser and mobile apps
  • Restricted to allowed domains
  • 1,000 requests/hour
  • Safe to expose publicly
  • Includes device fingerprinting

Server Keys

For backend services
  • No domain restrictions
  • 5,000 requests/hour
  • Must be kept secret
  • Can override IP/User-Agent
Server keys are automatically blocked when used from browsers to prevent accidental exposure.

Rate Limiting

Key TypeLimitWindow
Client Key1,000 requestsPer hour
Server Key5,000 requestsPer hour
Rate limits are tracked per project. Exceeding the limit returns a 429 Too Many Requests response with a retryAfter header.

Quota Management

Each subscription includes a monthly validation quota. Monitor your usage via response headers: 
X-Quota-Limit: 10000
X-Quota-Used: 2345
X-Quota-Remaining: 7655
X-Quota-Reset: 2024-01-01T00:00:00Z
When quota is exceeded, you’ll receive a 402 Payment Required response.

Endpoints

POST /validate

Validate an email address with fraud detection

Response Format

Validation Response

The /validate endpoint returns a structured response: 
{
  "checks": {
    "syntax": { "pass": true, "latency": 2 },
    "disposable": { "pass": true, "latency": 15 },
    "mx": { "pass": true, "latency": 45 }
  },
  "message": null,
  "metadata": {
    "fingerprintHash": "abc123...",
    "previousSignups": 0,
    "totalLatency": 62
  },
  "recommendation": "allow",
  "signals": []
}

Error Response

Error responses return an error object with an HTTP status code: 
{
  "error": "Human-readable error message"
}

Error Codes

CodeStatusDescription
INVALID_EMAIL400Email address is required or invalid format
INVALID_REQUEST400Request body is malformed
UNAUTHORIZED401Invalid or missing API key
FORBIDDEN403API key doesn’t have access to project
QUOTA_EXCEEDED402Monthly validation quota exceeded
RATE_LIMITED429Too many requests
INTERNAL_ERROR500Server error (contact support)

Complete Error Reference

View all error codes and handling strategies

SDKs

We provide official SDKs for popular platforms:

JavaScript

React

Node.js

Next.js

iOS

Android

Support

Need help with the API?

Email Support

[email protected]

Dashboard

Manage your projects and API keys

Next Steps

Validate Endpoint

Learn about the main validation endpoint

Authentication Guide

Deep dive into API authentication

Error Handling

Handle errors gracefully

Quickstart

Get started in 5 minutes