Email Verification API

REST API for real-time and bulk email verification. Validate addresses on signup, clean lists in batch, or build verification into your own product.

Quick start

Verify an email address in a single HTTP request. Replace YOUR_API_KEY with the key from your dashboard.

Request

curl https://api.inboxsure.io/v1/validate \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -d 'email=someone@example.com'

Response

{
  "email": "someone@example.com",
  "status": "deliverable",
  "reason": "mailbox_exists",
  "score": 95,
  "is_disposable": false,
  "is_role": false,
  "is_catch_all": false
}

Authentication

All requests require a Bearer token in the Authorization header. Generate API keys from the dashboard. Treat them like passwords — never commit them to source control.

Authorization: Bearer sk_live_xxxxxxxxxxxxxxxxxxxx

Endpoints

POST/v1/validate

Verify a single email address in real time. Returns deliverability, risk flags, and a confidence score.

POST/v1/validate/bulk

Submit a batch of email addresses for verification. Returns a job ID for polling.

GET/v1/jobs/{job_id}

Check the status of a bulk verification job and download results when complete.

Response fields

Field	Type	Description
`email`	string	The email address that was verified.
`status`	string	One of: deliverable, risky, undeliverable, disposable.
`reason`	string	Specific reason code: mailbox_exists, no_mx_record, smtp_rejected, catch_all, role_based, disposable.
`score`	number	Confidence score from 0–100. Higher means more confident in the status.
`is_disposable`	boolean	True if the address belongs to a known disposable / temporary email provider.
`is_role`	boolean	True if the address is role-based (info@, support@, admin@, etc.).
`is_catch_all`	boolean	True if the domain accepts mail to any address (deliverability of this specific mailbox uncertain).

For a deeper explanation of is_role and is_catch_all, see Role-Based Email Addresses and What Is a Catch-All Email Address?.

Status codes

Code	Meaning
`200`	OK — request succeeded.
`400`	Invalid request body — missing or malformed parameters.
`401`	Authentication failed — missing or invalid API key.
`402`	Plan limit exceeded — upgrade or contact support.
`429`	Rate limit exceeded — back off and retry.
`5xx`	Internal error — retry with exponential backoff.

Rate limits & security

Rate limits: Free plans support up to 60 requests/min. Pro plans support up to 600 requests/min with burst capacity. Contact support for higher limits.
Encryption: All requests must be made over HTTPS (TLS 1.2+). Plain HTTP requests are rejected.
Data handling: Email addresses are processed for verification only. We don't store the addresses you submit unless you opt in to list management features. See our privacy policy.
Idempotency: Validation requests are inherently idempotent — verifying the same address twice returns the same result without double-charging.

Common use cases

Sign-up form validation: verify addresses in real time before they enter your CRM, preventing typos and disposable addresses at the source.
Bulk list cleaning: clean existing lists before campaigns. See platform-specific guides for Mailchimp, HubSpot, and Klaviyo.
Sender reputation protection: reduce bounce rates before sending. Critical during email warmup on a new domain or IP.

Ready to clean your list?

Join thousands of teams using InboxSure to improve deliverability