Email Verification API Integration Guide

Everything you need to integrate real-time email verification into your application. Complete code examples for JavaScript, Python, PHP, and more -- with best practices for production deployments.

Get Your Free API Key View API Pricing

1. Quick Start -- Your First API Call

The VerifyEmail.io API uses a simple REST endpoint. Send a POST request with your API key and the email address you want to verify. You will receive a JSON response with a detailed verdict, confidence score, and risk indicators within seconds.

To get started, you need an API key. Create a free account to receive your key immediately. Free accounts include up to 100 verifications per month -- no credit card required.

API Endpoint

POST https://verifyemail.io/api/email?method=verifyemail&email={EMAIL_ADDRESS}

cURL Example

The simplest way to test the API is with cURL from your terminal. Replace YOUR_API_KEY with the key from your account dashboard and test@example.com with the address you want to verify.

cURL

curl -X POST "https://verifyemail.io/api/email?method=verifyemail&email=test@example.com" \
     -H "Authorization: Bearer YOUR_API_KEY"

Sample JSON Response

A successful verification returns a JSON object with the email verdict, confidence score, domain details, MX records, and all risk flags. Here is a typical response for a valid business email address:

JSON Response

{
    "EMAIL": "test@example.com",
    "VERDICT": "Valid",
    "SCORE": 95,
    "LOCAL": "test",
    "DOMAIN": "example.com",
    "DOMAIN_VERDICT": "Valid",
    "MX": "mx1.example.com, mx2.example.com",
    "HAS_SUSPECTED_BOUNCES": 0,
    "LOCAL_PART_IS_SUSPECTED_ROLE_ADDRESS": 0,
    "HAS_KNOWN_BOUNCES": 0,
    "DOMAIN_IS_SUSPECTED_DISPOSABLE_ADDRESS": 0
}

The VERDICT field is your primary indicator: Valid means the email is safe to send to, Invalid means it should be removed from your list, and Unknown means the mail server did not provide a definitive answer (often due to catch-all configurations). The SCORE field provides a numeric confidence value you can use for custom threshold logic. For a complete breakdown of every field, see the Response Fields Reference below.

2. JavaScript and Node.js Integration

Whether you are building a client-side signup form or a server-side Node.js application, integrating email verification takes only a few lines of code. Below are production-ready examples for both environments.

Browser -- Fetch API

Use the native Fetch API to verify emails directly from the browser. This is ideal for adding real-time validation to signup forms, checkout pages, or any front-end form that collects email addresses. For a working example, see our free email verifier tool.

JavaScript (Browser)

async function verifyEmail(email) {
    const response = await fetch(
        `https://verifyemail.io/api/email?method=verifyemail&email=${encodeURIComponent(email)}`,
        {
            method: 'POST',
            headers: {
                'Authorization': 'Bearer YOUR_API_KEY'
            }
        }
    );

    const data = await response.json();

    if (data.VERDICT === 'Valid') {
        console.log('Email is valid. Score:', data.SCORE);
    } else if (data.VERDICT === 'Invalid') {
        console.log('Email is invalid. Reason:', data.DOMAIN_VERDICT);
    } else {
        console.log('Email status unknown. Review manually.');
    }

    return data;
}

// Usage: verify on form submission
document.getElementById('signup-form').addEventListener('submit', async (e) => {
    e.preventDefault();
    const email = document.getElementById('email-input').value;
    const result = await verifyEmail(email);

    if (result.VERDICT !== 'Valid') {
        alert('Please enter a valid email address.');
        return;
    }

    // Proceed with form submission
    e.target.submit();
});

Node.js -- Axios

For server-side verification in Node.js, axios provides a clean interface. This approach keeps your API key secure on the server and is recommended for production applications where you do not want to expose the key in client-side code.

Node.js

const axios = require('axios');

async function verifyEmail(email) {
    try {
        const response = await axios.post(
            'https://verifyemail.io/api/email',
            null,
            {
                params: {
                    method: 'verifyemail',
                    email: email
                },
                headers: {
                    'Authorization': 'Bearer YOUR_API_KEY'
                }
            }
        );

        const data = response.data;

        return {
            isValid: data.VERDICT === 'Valid',
            score: data.SCORE,
            isDisposable: data.DOMAIN_IS_SUSPECTED_DISPOSABLE_ADDRESS === 1,
            isRoleAddress: data.LOCAL_PART_IS_SUSPECTED_ROLE_ADDRESS === 1,
            hasKnownBounces: data.HAS_KNOWN_BOUNCES === 1,
            raw: data
        };
    } catch (error) {
        console.error('Verification failed:', error.message);
        throw error;
    }
}

// Example: Add email verification to your signup endpoint
const express = require('express');
const app = express();
app.use(express.json());

app.post('/api/signup', async (req, res) => {
    const { email, name, password } = req.body;

    // Verify email before creating account
    const verification = await verifyEmail(email);

    if (!verification.isValid) {
        return res.status(400).json({
            error: 'Invalid email address. Please check and try again.'
        });
    }

    if (verification.isDisposable) {
        return res.status(400).json({
            error: 'Disposable email addresses are not allowed.'
        });
    }

    // Email is valid -- proceed with account creation
    // createUser(email, name, password);
    res.json({ success: true, message: 'Account created.' });
});

3. Python Integration

Python is one of the most popular languages for data processing and backend development. The examples below show how to verify a single email and how to process an entire CSV file of email addresses for bulk list cleaning.

Single Email Verification with Requests

The Python requests library makes API calls straightforward. Install it with pip install requests if you have not already.

Python

import requests

API_KEY = 'YOUR_API_KEY'
BASE_URL = 'https://verifyemail.io/api/email'

def verify_email(email):
    """Verify a single email address and return the result."""
    response = requests.post(
        BASE_URL,
        params={
            'method': 'verifyemail',
            'email': email
        },
        headers={
            'Authorization': f'Bearer {API_KEY}'
        }
    )

    response.raise_for_status()
    data = response.json()

    return {
        'email': data['EMAIL'],
        'verdict': data['VERDICT'],
        'score': data['SCORE'],
        'is_disposable': data.get('DOMAIN_IS_SUSPECTED_DISPOSABLE_ADDRESS') == 1,
        'is_role_address': data.get('LOCAL_PART_IS_SUSPECTED_ROLE_ADDRESS') == 1,
        'has_bounces': data.get('HAS_KNOWN_BOUNCES') == 1,
        'domain_verdict': data['DOMAIN_VERDICT'],
        'mx': data.get('MX', '')
    }

# Usage
result = verify_email('test@example.com')
print(f"Email: {result['email']}")
print(f"Verdict: {result['verdict']}")
print(f"Score: {result['score']}")

Bulk Verification -- Process a CSV File

If you have a list of email addresses in a CSV file, you can verify them programmatically and write the results to a new file. This is useful for cleaning your mailing list before an email campaign. For very large lists with more than 10,000 addresses, consider using our bulk upload tool which processes over 1,000 emails per second.

Python

import csv
import time
import requests

API_KEY = 'YOUR_API_KEY'
BASE_URL = 'https://verifyemail.io/api/email'

def verify_email(email):
    """Verify a single email and return the API response."""
    response = requests.post(
        BASE_URL,
        params={'method': 'verifyemail', 'email': email},
        headers={'Authorization': f'Bearer {API_KEY}'}
    )
    response.raise_for_status()
    return response.json()

def process_csv(input_file, output_file):
    """Read emails from a CSV, verify each, and write results."""
    with open(input_file, 'r') as infile, open(output_file, 'w', newline='') as outfile:
        reader = csv.DictReader(infile)
        fieldnames = [
            'email', 'verdict', 'score', 'domain',
            'domain_verdict', 'mx', 'is_disposable',
            'is_role_address', 'has_known_bounces'
        ]
        writer = csv.DictWriter(outfile, fieldnames=fieldnames)
        writer.writeheader()

        for row in reader:
            email = row.get('email', '').strip()
            if not email:
                continue

            try:
                data = verify_email(email)
                writer.writerow({
                    'email': data['EMAIL'],
                    'verdict': data['VERDICT'],
                    'score': data['SCORE'],
                    'domain': data['DOMAIN'],
                    'domain_verdict': data['DOMAIN_VERDICT'],
                    'mx': data.get('MX', ''),
                    'is_disposable': data.get('DOMAIN_IS_SUSPECTED_DISPOSABLE_ADDRESS', 0),
                    'is_role_address': data.get('LOCAL_PART_IS_SUSPECTED_ROLE_ADDRESS', 0),
                    'has_known_bounces': data.get('HAS_KNOWN_BOUNCES', 0)
                })
                print(f"Verified: {email} -> {data['VERDICT']}")
            except requests.exceptions.RequestException as e:
                print(f"Error verifying {email}: {e}")

            # Respect rate limits
            time.sleep(0.5)

# Usage
process_csv('emails.csv', 'verified_emails.csv')
print('Verification complete. Results saved to verified_emails.csv')

4. PHP Integration

PHP powers a large percentage of the web, and integrating the VerifyEmail.io API into your PHP application is straightforward using cURL. These examples cover both standalone verification and real-time form validation.

Single Email Verification with cURL

PHP

<?php

function verifyEmail($email, $apiKey) {
    $url = 'https://verifyemail.io/api/email?'
         . http_build_query([
               'method' => 'verifyemail',
               'email'  => $email
           ]);

    $ch = curl_init();
    curl_setopt_array($ch, [
        CURLOPT_URL            => $url,
        CURLOPT_POST           => true,
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_HTTPHEADER     => [
            'Authorization: Bearer ' . $apiKey
        ],
        CURLOPT_TIMEOUT        => 30
    ]);

    $response = curl_exec($ch);
    $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    curl_close($ch);

    if ($httpCode !== 200) {
        throw new Exception("API request failed with status $httpCode");
    }

    return json_decode($response, true);
}

// Usage
$apiKey = 'YOUR_API_KEY';
$result = verifyEmail('test@example.com', $apiKey);

echo "Verdict: " . $result['VERDICT'] . "\n";
echo "Score: "   . $result['SCORE']   . "\n";

?>

Verify on Form Submission

A common pattern is to verify the email address when a user submits a registration or contact form. This prevents invalid addresses from entering your database and reduces bounce rates when you later send transactional emails from your application.

PHP

<?php

$apiKey = 'YOUR_API_KEY';

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
    $errors = [];

    // Basic format check
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        $errors[] = 'Please enter a valid email format.';
    }

    // API verification
    if (empty($errors)) {
        try {
            $result = verifyEmail($email, $apiKey);

            if ($result['VERDICT'] === 'Invalid') {
                $errors[] = 'This email address does not appear to be deliverable.';
            }

            if (!empty($result['DOMAIN_IS_SUSPECTED_DISPOSABLE_ADDRESS'])
                && $result['DOMAIN_IS_SUSPECTED_DISPOSABLE_ADDRESS'] == 1) {
                $errors[] = 'Disposable email addresses are not accepted.';
            }

            if ($result['SCORE'] < 50) {
                $errors[] = 'This email address has a low confidence score.';
            }
        } catch (Exception $e) {
            // Log the error but allow the form through
            error_log('Email verification API error: ' . $e->getMessage());
        }
    }

    if (empty($errors)) {
        // Email verified -- proceed with registration
        // saveUser($email, $_POST['name']);
        header('Location: /thank-you');
        exit;
    }
}

?>

5. Response Fields Reference

Every API response includes a consistent set of fields. The table below describes each field, its data type, and how to interpret the values in your application logic. Understanding these fields is critical for building robust email verification workflows.

Field	Type	Description
`EMAIL`	string	The email address that was verified. This is the normalized version of the address you submitted.
`VERDICT`	string	The overall verification result. Possible values: Valid (safe to send), Invalid (do not send), or Unknown (mail server did not provide a definitive answer, often due to catch-all domain configurations).
`SCORE`	integer	Confidence score from 0 to 100. Higher values indicate greater confidence that the email is deliverable. Use this for custom threshold logic -- for example, accept scores above 70 and flag anything below for manual review.
`LOCAL`	string	The local part of the email address (the portion before the @ symbol). For example, in "user@example.com", the local part is "user".
`DOMAIN`	string	The domain portion of the email address (after the @ symbol). Use this with our domain checker tool for additional DNS analysis.
`DOMAIN_VERDICT`	string	The verification status of the domain itself. Indicates whether the domain is registered, has valid DNS records, and is configured to receive email. Values include Valid, Invalid, or Unknown.
`MX`	string	A comma-separated list of MX (Mail Exchange) records for the domain. These are the mail servers responsible for accepting inbound email. An empty or missing value typically means the domain cannot receive email.
`HAS_SUSPECTED_BOUNCES`	integer	Returns 1 if the address has suspected bounce history in our database, or 0 if not. Suspected bounces are based on pattern analysis and heuristic data rather than confirmed bounce records.
`LOCAL_PART_IS_SUSPECTED_ROLE_ADDRESS`	integer	Returns 1 if the local part matches a known role-based pattern (such as info@, admin@, support@, sales@, webmaster@), or 0 if it does not. Role addresses often have lower engagement rates and higher complaint rates because they are managed by multiple people or automated systems.
`HAS_KNOWN_BOUNCES`	integer	Returns 1 if the address has confirmed bounce records in our database, or 0 if not. This is a stronger signal than suspected bounces and indicates the address has definitively failed delivery in the past.
`DOMAIN_IS_SUSPECTED_DISPOSABLE_ADDRESS`	integer	Returns 1 if the domain belongs to a known disposable or temporary email service (such as Guerrilla Mail, Mailinator, or Temp Mail), or 0 if not. Disposable addresses are commonly used for one-time signups and should be blocked in most registration flows. Use our disposable email checker for standalone domain checks.
`MONTHLY_REQUEST_MAX_API`	string	Present only when your account has reached its monthly verification limit. Contains a message indicating that the limit has been reached. When this field appears, upgrade your plan on the pricing page to continue verifying.

6. Common Use Cases

Email verification is a versatile tool that fits into many parts of your technology stack. Below are the most common integration patterns used by our customers, from startups to enterprise teams managing millions of contacts.

1

Real-Time Signup Form Validation

Verify email addresses the moment a user submits your registration form. This prevents typos, fake addresses, and disposable emails from entering your database. Users get immediate feedback to correct mistakes, which improves conversion rates and ensures your user base contains real, reachable people from day one. Combine this with our email verifier to see it in action.

2

Bulk List Cleaning Before Campaigns

Before launching an email marketing campaign, run your entire mailing list through the verification API or our bulk upload tool. This removes invalid addresses, reduces bounce rates, and protects your sender reputation with ISPs. Industry best practice is to verify your list every two weeks for active senders, or before every major campaign. Clean lists mean better inbox placement and higher ROI on every send.

3

CRM Data Hygiene

Email addresses decay over time as people change jobs, switch providers, or abandon accounts. Run periodic verification against your CRM or customer database to identify and flag stale contacts. This keeps your sales team focused on reachable leads and prevents your automated email sequences from bouncing. Integrate the API into your CRM's data pipeline to verify new contacts as they enter the system.

4

E-Commerce Checkout Verification

Verify the email address at checkout before processing an order. This ensures that order confirmations, shipping notifications, and receipts will reach the customer. It also reduces fraud by catching orders placed with throwaway or non-existent email addresses. A quick verification call adds minimal latency to the checkout flow while significantly improving your post-purchase communication reliability.

For additional strategies and implementation guides, explore our blog where we publish detailed tutorials on email deliverability, list management, and developer integrations.

7. Error Handling Best Practices

Building a reliable integration requires handling edge cases gracefully. Below are the key principles and patterns to follow when integrating the VerifyEmail.io API into production systems.

Always Handle HTTP Errors

Check the HTTP status code before parsing the response body. A 200 status indicates success. A 401 means your API key is invalid or missing. A 429 indicates you have exceeded your rate limit. A 500 or 503 means a temporary server issue. Wrap every API call in a try-catch block and log failures for debugging.

Implement Retry Logic with Backoff

For transient errors (5xx responses or network timeouts), implement exponential backoff. Wait 1 second before the first retry, 2 seconds before the second, and 4 seconds before the third. Cap your retries at 3 attempts to avoid overwhelming the API. This pattern handles temporary network blips without losing verification results.

Check for Rate Limit Responses

When your account reaches its monthly verification limit, the API returns a response containing the MONTHLY_REQUEST_MAX_API field instead of verification data. Always check for this field before processing results. If present, pause your verification pipeline and notify your team. Upgrade your plan on the pricing page to increase your monthly limit.

Fail Open for User-Facing Flows

In registration or checkout forms, if the verification API is unreachable or returns an error, allow the user to proceed rather than blocking them. Log the failed verification and retry it asynchronously. Blocking users due to a third-party API outage creates a poor experience. You can always verify the email later and follow up if it turns out to be invalid.

Error Handling Example

JavaScript

async function verifyEmailSafe(email) {
    const MAX_RETRIES = 3;

    for (let attempt = 1; attempt <= MAX_RETRIES; attempt++) {
        try {
            const response = await fetch(
                `https://verifyemail.io/api/email?method=verifyemail&email=${encodeURIComponent(email)}`,
                {
                    method: 'POST',
                    headers: { 'Authorization': 'Bearer YOUR_API_KEY' }
                }
            );

            if (response.status === 401) {
                throw new Error('Invalid API key. Check your credentials.');
            }

            if (response.status === 429) {
                throw new Error('Rate limit exceeded. Upgrade your plan.');
            }

            if (!response.ok && response.status >= 500) {
                throw new Error(`Server error: ${response.status}`);
            }

            const data = await response.json();

            // Check for rate limit message in body
            if (data.MONTHLY_REQUEST_MAX_API) {
                console.warn('Monthly limit reached:', data.MONTHLY_REQUEST_MAX_API);
                return { verdict: 'unknown', limitReached: true };
            }

            return { verdict: data.VERDICT, score: data.SCORE, data: data };

        } catch (error) {
            if (attempt === MAX_RETRIES) {
                console.error('All retries exhausted:', error.message);
                // Fail open: allow the email through
                return { verdict: 'unknown', error: error.message };
            }
            // Exponential backoff
            await new Promise(r => setTimeout(r, Math.pow(2, attempt) * 1000));
        }
    }
}

Additional Recommendations

Cache verification results -- Store results for 24 to 48 hours to avoid re-verifying the same address. Email validity does not change minute to minute, and caching reduces your API usage and speeds up your application.
Validate format client-side first -- Before calling the API, perform a basic regex check on the email format. This catches obvious typos without consuming an API credit and reduces unnecessary network requests.
Keep your API key secure -- Never expose your API key in client-side JavaScript on production sites. Route verification requests through your backend server to keep the key private. If you suspect your key has been compromised, rotate it immediately from your account dashboard.
Set reasonable timeouts -- Configure a 30-second timeout on your HTTP client. Most verifications complete in under 5 seconds, but complex domains with slow mail servers may take longer. A timeout prevents your application from hanging indefinitely.
Log everything -- Record every verification request and response in your application logs. This helps you debug integration issues, track usage patterns, and identify domains that consistently return unknown results.

Ready to Integrate?

Get your free API key and start verifying emails in minutes.

Free accounts include 100 verifications per month. No credit card required. Upgrade anytime as your volume grows.

Get Your Free API Key View Pricing Plans

Try the Email Verifier Try the Domain Checker Read the Blog More Guides