REST API
v1
API Documentation
Complete reference for the FlareReach Email Validation API. One endpoint, comprehensive results, simple integration.
Get Started
You can start validating emails in three steps:
1
Create an account and subscribe to a plan
Sign up, then choose a plan on the pricing page or from your dashboard. All plans include a free trial.
2
Generate an API key
Go to your dashboard and create an API key in the "API Keys" section. You can have up to 10 keys per account.
3
Make your first API call
Send a GET request to the endpoint below with your API key in the header. That's it.
curl -X GET "https://api.flarereach.com/api-base/v1/email-validation/[email protected]" \
-H "X-Authorization-Api-Key: YOUR_API_KEY"
-H "X-Authorization-Api-Key: YOUR_API_KEY"
Authentication
All requests to the Email Validation API must include an API key in the HTTP header. Requests without a valid key will receive a 401 response.
Required Header
X-Authorization-Api-Key
Your API key from the dashboard
// Example header
X-Authorization-Api-Key: YOUR_API_KEY
X-Authorization-Api-Key: YOUR_API_KEY
Never expose your API key in client-side code, public repositories, or browser requests. Always make API calls from your server.
Rate Limits
Each subscription plan includes a monthly quota of email validations. Usage resets on the 1st of every month. When you exceed your quota, the API returns 429 Too Many Requests until the next reset. You can monitor your current usage in the dashboard.
| Plan | Monthly Quota | Price from |
|---|---|---|
| Starter | 3,000 | $5.83/mo |
| Pro | 10,000 | $13.33/mo |
| Business | 50,000 | $58.33/mo |
| Scale | 200,000 | $207.58/mo |
| Enterprise | Custom | Contact sales |
Prices shown are for annual billing. See pricing page for full details.
Endpoint
GET
/api-base/v1/email-validation/
Validates a single email address and returns comprehensive information about the email, its domain, DNS configuration, TLD, and a reachability recommendation.
Full URL
https://api.flarereach.com/api-base/v1/email-validation/?email=[email protected]
Request
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
email |
string | required | The email address to validate. Must contain exactly one @ character. |
Headers
| Header | Required | Description |
|---|---|---|
X-Authorization-Api-Key |
required | Your API key generated from the dashboard. |
Response
A successful request returns 200 OK with a JSON body containing three top-level fields.
Top-level Response
| Field | Type | Description |
|---|---|---|
is_recommended_for_reaching |
boolean | Our composite recommendation on whether this email is safe to send to. Takes into account validity, MX records, spam traps, disposable domains, role addresses, and mailbox existence. |
email |
object | Detailed validation results for the email address itself. See below. |
domain |
object | Detailed analysis of the email's domain, including DNS records, WHOIS data, and security configuration. See below. |
object
email
Validation results specific to the email address.
| Field | Type | Description |
|---|---|---|
name |
string | The full email address that was validated. |
username |
string | The local part of the email (everything before @). |
is_valid |
boolean | Whether the email has valid syntax, a valid domain, and a valid TLD. |
is_email_exists |
boolean nullable | Whether the mailbox exists on the server, verified via SMTP. null if SMTP check was not possible (e.g., catch-all domain or SMTP unavailable). |
is_role_email |
boolean | Whether this is a role-based address (e.g., info@, admin@, support@). Role emails typically have lower engagement rates. |
is_subaddress |
boolean | Whether the address uses + subaddressing (e.g., [email protected]). |
is_spam_trap |
boolean nullable | Whether this specific email address is a known spam trap. Sending to spam traps severely damages sender reputation. |
object
domain
Full analysis of the email's domain, covering DNS, WHOIS/RDAP, and security posture.
| Field | Type | Description |
|---|---|---|
name |
string | The domain name extracted from the email address. |
is_valid |
boolean | Whether the domain has valid syntax and a recognized TLD. |
domain_level |
integer nullable | The nesting level of the domain. For example, example.com is level 2, sub.example.com is level 3. |
created_at |
integer nullable | Domain registration date as a Unix timestamp (from RDAP). Useful for detecting recently registered domains, which are often used for spam. |
updated_at |
integer nullable | Last RDAP update timestamp for the domain registration. |
expires_at |
integer nullable | Domain registration expiry date as a Unix timestamp. Domains nearing expiry may become unreliable. |
is_dnssec_enabled |
boolean nullable | Whether DNSSEC is enabled for the domain, protecting against DNS spoofing. |
is_free |
boolean nullable | Whether this is a free email provider domain (e.g., gmail.com, yahoo.com, outlook.com). |
is_temporary |
boolean nullable | Whether the domain belongs to a known disposable/temporary email provider. These addresses are typically short-lived. |
is_spam_trap |
boolean nullable | Whether the domain is associated with known spam traps. |
is_smtp_available |
boolean nullable | Whether the domain's mail server responded to SMTP connection attempts. |
is_accepts_all |
boolean nullable | Whether the server is a catch-all that accepts mail for any address. When true, individual mailbox verification is unreliable. |
is_website_exists |
boolean nullable | Whether the domain has a reachable website (responds with HTTP 2xx/3xx). |
is_mx_exists |
boolean | Whether the domain has MX (Mail Exchange) DNS records. Required for receiving email. |
is_spf_exists |
boolean | Whether the domain has an SPF (Sender Policy Framework) record, which prevents email spoofing. |
is_spf_strict |
boolean | Whether the SPF record uses a strict policy (-all) that rejects unauthorized senders. |
is_dkim_exists |
boolean | Whether the domain has DKIM (DomainKeys Identified Mail) records for message authentication. |
is_dmarc_exists |
boolean | Whether the domain has a DMARC policy, coordinating SPF and DKIM to fight email fraud. |
dns_records |
array | List of discovered DNS records (A, AAAA, MX, SPF, DKIM, DMARC). See below. |
name_servers |
string[] | List of authoritative name server hostnames for the domain. |
tld |
object nullable | Information about the top-level domain. See below. |
object
domain.tld
Information about the top-level domain (.com, .org, .io, etc.).
| Field | Type | Description |
|---|---|---|
name |
string | The TLD string (e.g., com, org, io). |
is_valid |
boolean | Whether the TLD is registered in the IANA root zone database. |
is_rdap_available |
boolean | Whether RDAP (Registration Data Access Protocol) is available for this TLD, enabling domain registration lookups. |
is_country_specific |
boolean | Whether this is a country-code TLD (ccTLD), such as .uk, .de, .jp. |
is_dnssec_available |
boolean | Whether the TLD registry supports DNSSEC signing. |
is_idn_available |
boolean | Whether the TLD supports Internationalized Domain Names (non-ASCII characters). |
is_open_accessibility |
boolean | Whether the TLD is open for public registration without restrictions. |
is_suspicious |
boolean | Whether the TLD is commonly associated with spam or abuse. Emails from suspicious TLDs are penalized in the reachability recommendation. |
is_public_suffix |
boolean | Whether the TLD is listed as a public suffix (e.g., multi-level public suffixes like co.uk when applicable). |
type |
string nullable | Local classification: generic, country_code, sponsored, brand, idn, and others. |
iana_type |
string nullable | IANA root-zone type when known (e.g., generic, country-code, sponsored). |
administrator |
string nullable | Registry or sponsoring organization. |
operator |
string nullable | Technical operator of the TLD zone. |
entity |
string nullable | Registry entity label from source metadata. |
dns_name |
string nullable | DNS name of the TLD zone. |
alternatives |
string nullable | Alternative or related TLD labels. |
restrictions |
string nullable | Registration restrictions summary. |
notes |
string nullable | Additional registry notes. |
language |
string nullable | Primary language label for IDN TLDs. |
script |
string nullable | Writing script for IDN TLDs (e.g., Latin, Cyrillic). |
idn_display |
string nullable | Unicode display form of an IDN TLD. |
idn_languages |
array nullable | List of { "name", "code" } objects for supported IDN languages. |
translation |
string nullable | English translation of the TLD label when applicable. |
transliteration |
string nullable | Latin transliteration of the TLD label. |
ipv6 |
boolean nullable | Whether the TLD zone supports IPv6 glue at the registry level. |
sld |
boolean nullable | Whether registrations require a second-level domain under this TLD. |
iso_alpha2 |
string nullable | ISO 3166-1 alpha-2 country code for ccTLDs. |
iso_alpha2_secondary |
string nullable | Secondary ISO alpha-2 code when applicable. |
iso_3166_3 |
string nullable | ISO 3166-3 country code when applicable. |
iso_current_code |
string nullable | Current ISO code assignment for the territory. |
iso_year |
integer nullable | Year associated with the ISO assignment. |
iso_reservation |
string nullable | ISO 3166 reservation status: transitional, exceptional, deleted, etc. |
iso_reservation_from |
string nullable | Start of ISO reservation period. |
iso_reservation_until |
string nullable | End of ISO reservation period. |
array
domain.dns_records[]
Each element in the dns_records array represents a single DNS record found for the domain.
| Field | Type | Description |
|---|---|---|
host |
string | The hostname this record belongs to. |
type |
string | DNS record type: A, AAAA, MX, SPF, DKIM, or DMARC. |
content |
string | The record value (e.g., IP address for A records, mail server hostname for MX records). |
priority |
integer nullable | Record priority. Primarily relevant for MX records, where lower values indicate higher priority. |
Example
Request
curl -X GET "https://api.flarereach.com/api-base/v1/email-validation/[email protected]" \
-H "X-Authorization-Api-Key: YOUR_API_KEY"
-H "X-Authorization-Api-Key: YOUR_API_KEY"
Response
200 OK{
"is_recommended_for_reaching": true,
"email": {
"name": "[email protected]",
"username": "john",
"is_valid": true,
"is_email_exists": true,
"is_role_email": false,
"is_subaddress": false,
"is_spam_trap": false
},
"domain": {
"name": "gmail.com",
"is_valid": true,
"domain_level": 2,
"created_at": 904867200,
"updated_at": 1725408000,
"expires_at": 1756944000,
"is_dnssec_enabled": false,
"is_free": true,
"is_temporary": false,
"is_spam_trap": false,
"is_smtp_available": true,
"is_accepts_all": false,
"is_website_exists": true,
"is_mx_exists": true,
"is_spf_exists": true,
"is_spf_strict": true,
"is_dkim_exists": true,
"is_dmarc_exists": true,
"dns_records": [
{
"host": "gmail.com",
"type": "MX",
"content": "gmail-smtp-in.l.google.com",
"priority": 5
}
],
"name_servers": ["ns1.google.com", "ns2.google.com"],
"tld": {
"name": "com",
"is_valid": true,
"type": "generic",
"iana_type": "generic",
"is_open_accessibility": true,
"is_suspicious": false,
"is_public_suffix": false,
"is_country_specific": false,
"is_dnssec_available": true,
"is_idn_available": true,
"is_rdap_available": true
}
}
}
Error Responses
Errors are returned with the appropriate HTTP status code and a JSON body containing a detail field with a human-readable message.
| Status | Meaning | What to do |
|---|---|---|
| 400 | Bad Request | The email parameter is missing or has invalid format. Ensure it contains exactly one @. |
| 401 | Unauthorized | Missing or invalid API key. Check the X-Authorization-Api-Key header value. |
| 429 | Too Many Requests | Monthly validation quota exceeded. Upgrade your plan or wait for the next billing cycle reset on the 1st of the month. |
Error Response Format
{
"detail": "Invalid email format"
}
Ready to integrate?
Create an account, generate an API key, and start validating emails in minutes. Every plan includes a free trial.