POSTEmail Verification
Verify an email address in real time — confirm the domain has live mail infrastructure, detect disposable addresses, and retrieve domain age as a trust signal.
Validates whether an email address is genuine and deliverable by checking MX (mail exchange) records for the domain. Returns domain age in days, the resolved MX record list, and flags for validity and disposability — giving you the signals needed to block fake signups, catch typos, and assess account trust during onboarding.
Body parameters
| Field | Type | Required | Description |
|---|---|---|---|
initiator_id | string | required | Registered mobile number of the API user (see Platform Credentials).e.g. 9962981729 |
user_code | string | required | User code of the retailer/agent the service is run for.e.g. 20810200 |
client_ref_id | string | optional | Unique reference id per API call, generated by your system.e.g. REQ-20260101-001 |
email | string | required | The email address to verify, e.g. rajesh.kumar@example.com.e.g. rajesh.kumar@example.com |
initiator_idstringRequiredRegistered mobile number of the API user (see Platform Credentials).
example: 9962981729
user_codestringRequiredUser code of the retailer/agent the service is run for.
example: 20810200
client_ref_idstringoptionalUnique reference id per API call, generated by your system.
example: REQ-20260101-001
emailstringRequiredThe email address to verify, e.g. rajesh.kumar@example.com.
example: rajesh.kumar@example.com
Headers
| Field | Type | Required | Description |
|---|---|---|---|
developer_key | string | required | Static API key issued to your account after KYC. |
secret-key | string | required | Dynamic per-request signature: base64(HMAC-SHA256(timestamp, base64(access_key))). |
secret-key-timestamp | string | required | Current time in milliseconds since UNIX epoch, used to compute secret-key. Must match server time. |
content-type | string | required | application/jsone.g. application/json |
developer_keystringRequiredStatic API key issued to your account after KYC.
secret-keystringRequiredDynamic per-request signature: base64(HMAC-SHA256(timestamp, base64(access_key))).
secret-key-timestampstringRequiredCurrent time in milliseconds since UNIX epoch, used to compute secret-key. Must match server time.
content-typestringRequiredapplication/json
example: application/json
Responses
statusnumberPrimary success indicator (0 = success).
messagestringHuman-readable response / error message.
response_status_idnumberGranular status id; see the shared error-codes table.
response_type_idnumberA unique id for every possible response shape (success or error) — useful for client logic branching and analytics.
dataobjectAPI-specific response payload.
emailstringThe email address that was checked, echoed back for confirmation.
domainstringDomain portion of the email address (part after @). Used to anchor all domain-level checks.
is_validbooleanWhether the email address is valid and deliverable. true = domain has live MX records and can receive mail; false = domain has no mail server or is otherwise undeliverable.
is_disposablebooleanWhether the email domain belongs to a known disposable / temporary email provider. true = disposable (high fraud risk); false = regular email domain.
domain_age_daysnumberAge of the email domain in days since registration. Newly created domains (< 30 days) are a strong fraud signal; legitimate email providers have domains that are years old.
mx_recordsarrayList of MX (mail exchange) hostnames discovered for the domain, ordered by priority. An empty array means the domain cannot receive email.