API Reference

Email Verification API

Verify a single email address with one HTTP request. JSON response in under 2 seconds. 1 credit per call. Works from any language.

Quick start

Generate an API key from your dashboard, then make your first request:

# 1. Get your API key from the dashboard
# 2. Make your first request:
curl -X POST https://stopbouncing.com/api/v1/verify \
  -H "Authorization: Bearer sb_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"email": "test@example.com"}'

# Expected response:
# { "email": "test@example.com", "status": "valid", "credits_remaining": 99 }

Authentication

All requests require an Authorization header with your API key as a Bearer token. Never include your API key in client-side code.

Authorization: Bearer sb_your_api_key_here

Generate and manage keys at /dashboard/api-keys. Keys can be labelled per environment and revoked instantly.

Verify endpoint

Single endpoint, two methods. Both return the same response.

POST/api/v1/verifyJSON body
GET/api/v1/verify?email=...Query param

POST — JSON body

ParameterTypeRequiredDescription
emailstringYesThe email address to verify.
curl -X POST https://stopbouncing.com/api/v1/verify \
  -H "Authorization: Bearer sb_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"email": "jane.doe@acme.com"}'

GET — query parameter

Useful for quick tests. URL-encode the email address.

curl "https://stopbouncing.com/api/v1/verify?email=jane.doe%40acme.com" \
  -H "Authorization: Bearer sb_your_api_key_here"

Response format

All responses are JSON. A 200 status means the verification completed — check the status field for the result.

✓ Valid

{
  "email": "jane.doe@acme.com",
  "status": "valid",
  "credits_remaining": 9842
}

✗ Invalid

{
  "email": "nope@invaliddomain.xyz",
  "status": "invalid",
  "credits_remaining": 9841
}

? Unknown

{
  "email": "user@catchall-domain.com",
  "status": "unknown",
  "credits_remaining": 9840
}

⚠ Disposable

{
  "email": "temp123@mailinator.com",
  "status": "disposable",
  "credits_remaining": 9839
}

👤 Role account

{
  "email": "info@acme.com",
  "status": "role",
  "credits_remaining": 9838
}
FieldTypeDescription
emailstringThe email address that was verified.
statusstringVerification result: valid, invalid, unknown, or disposable.
credits_remainingintegerYour remaining credit balance after this request.

Status values

StatusMeaning & recommended action
validMailbox exists and is accepting messages. Safe to send.
invalidAddress does not exist, bad syntax, or domain has no MX records. Remove from your list.
unknownCannot be confirmed — catch-all domain, SMTP-blocking provider, or temporary outage. Never treat as invalid.
disposableTemporary / throw-away address (Mailinator, Guerrilla Mail, etc.). Typically inactive within hours.
roleShared inbox address (info@, support@, no-reply@, etc.). Not tied to an individual — skip unless intentional.

1 credit is charged for every request, regardless of the result. Why are unknown addresses not free?

HTTP status codes

CodeLabelMeaning
200OKVerification completed. Check the status field.
400Bad RequestMissing or malformed email parameter.
401UnauthorizedMissing, malformed, or revoked API key.
402Payment RequiredInsufficient credits. Top up at /dashboard/billing.
429Too Many RequestsRate limit exceeded (60 req/min per key). See retry_after in response.
502Bad GatewayVerification provider error. Credit is automatically refunded.

Rate limits

Each API key is limited to 60 requests per minute. The limit resets on a rolling 60-second window per key.

60

Requests / min

API key

Per

60s

Retry after

On hitting the limit you receive a 429 with:

{
  "error": "Rate limit exceeded. Maximum 60 requests per minute per API key.",
  "retry_after": 60
}

Errors

All error responses share the same shape. Always check the HTTP status code first, then the error field for a human-readable message.

401 — Invalid API key

{
  "error": "Invalid or revoked API key."
}

402 — Insufficient credits

{
  "error": "Insufficient credits. Please top up your account at stopbouncing.com/dashboard/billing.",
  "credits_remaining": 0
}

429 — Rate limit exceeded

{
  "error": "Rate limit exceeded. Maximum 60 requests per minute per API key.",
  "retry_after": 60
}

Best practices

Never hard-code your API key

Use environment variables. Your key grants access to your credit balance — treat it like a password.

Handle unknown gracefully

Never discard unknown emails as invalid. They may be real. A safe approach: send to them once and monitor delivery; remove only on hard bounce.

Verify at the point of collection

For signup forms, verify the email immediately and block submission on invalid. This costs 1 credit but saves your sender reputation.

Implement retry logic for 502 errors

A 502 means the verification provider had a transient error — the credit is automatically refunded. Retry with exponential back-off. Treat 502 differently from 400/401.

Ready to integrate?

Create a free account and start verifying in minutes. 100 free verifications when you verify your email.