For developers

Email Validation API — Real-Time Verification for Developers

Stop invalid emails from entering your system at the source. KillBounce's Email Validation API verifies any address in real-time — at signup, checkout, or form submission — before a single bad address ever touches your database.

Get your API key
  • Single + batch endpoints, REST/JSON
  • Average response < 500ms
  • SDKs for Node.js and Python, examples for PHP/Ruby/Go
  • Webhook callbacks for async batch results
  • Bearer-token auth, full HTTPS/TLS 1.2+
Sample verification
nikhil@getkillbounce.com
Sample result · what a clean Valid looks like
Status
Deliverable
Score
95
Syntax
MX records
SMTP accepted
Catch-all
Disposable
Role address
Mailbox provider
Cloudflare Email Routing
+1 credit
01QUICK START

Quick start

One curl call away from your first verification:

curl -X POST "https://api.getkillbounce.com/api/v1/verify/single" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"email":"john@example.com"}'

Response:

{
  "email": "john@example.com",
  "status": "valid",
  "is_valid": true,
  "reason": "Email is deliverable",
  "score": 98,
  "syntax_valid": true,
  "domain_exists": true,
  "smtp_valid": true,
  "is_disposable": false,
  "is_role_based": false,
  "is_catch_all": false,
  "mx_records": ["aspmx.l.google.com"],
  "smtp_provider": "Google Workspace"
}
02RESPONSE FIELDS

Response fields explained

FieldTypeDescription
statusstringvalid · invalid · risky · unknown
is_validbooleanTrue if the address is deliverable
scoreintegerDeliverability confidence 0–100
syntax_validbooleanPasses RFC 5322 format check
domain_existsbooleanDomain has valid MX records
smtp_validbooleanMailbox confirmed via SMTP handshake
is_disposablebooleanAddress belongs to a temporary email provider
is_role_basedbooleaninfo@, sales@, abuse@ etc.
is_catch_allbooleanDomain accepts all emails unconditionally
03INTEGRATION EXAMPLES

Integration examples

  1. JavaScript / Node.js

    Validate on form submit — block the submission if status is anything other than valid.

const verifyEmail = async (email) => {
  const r = await fetch('https://api.getkillbounce.com/api/v1/verify/single', {
    method: 'POST',
    headers: {
      'Authorization': `Bearer ${process.env.KILLBOUNCE_API_KEY}`,
      'Content-Type': 'application/json',
    },
    body: JSON.stringify({ email }),
  })
  return r.json()
}

// On form submit
const result = await verifyEmail('user@example.com')
if (result.status !== 'valid') {
  showError('Please enter a valid email address.')
}

  1. Python

    Same flow, requests library:

import requests

def verify_email(email: str) -> dict:
    r = requests.post(
        "https://api.getkillbounce.com/api/v1/verify/single",
        json={"email": email},
        headers={"Authorization": f"Bearer {API_KEY}"},
        timeout=10,
    )
    return r.json()

result = verify_email("user@example.com")
if result["status"] == "valid":
    print("Safe to proceed")

  1. PHP

    Minimal cURL wrapper for legacy stacks:

function verifyEmail($email) {
    $ch = curl_init('https://api.getkillbounce.com/api/v1/verify/single');
    curl_setopt_array($ch, [
        CURLOPT_POST => true,
        CURLOPT_POSTFIELDS => json_encode(['email' => $email]),
        CURLOPT_HTTPHEADER => [
            'Authorization: Bearer ' . API_KEY,
            'Content-Type: application/json',
        ],
        CURLOPT_RETURNTRANSFER => true,
    ]);
    return json_decode(curl_exec($ch), true);
}
04USE CASES

Use cases

  1. Signup form validation

    Block disposable and invalid emails at registration. Reduce fake accounts and improve user quality from day one.

  2. Lead capture forms

    Validate emails on landing pages before leads enter your CRM. Keep your Salesforce or HubSpot database clean automatically.

  3. E-commerce checkout

    Verify customer email at checkout to ensure order confirmations, shipping updates, and receipts actually reach them.

  4. Newsletter subscribe

    Prevent bad emails from inflating your subscriber count and damaging your ESP sender score.

05RATE LIMITS

Rate limits & quotas

API rate limits are designed to be generous for production traffic and tight enough to prevent runaway loops or abuse. Authenticated requests scale with your account's credit balance:

EndpointAuthenticated limitAnonymous limit
POST /verify/single30 / minute / userN/A (auth required)
POST /verify/publicN/A3 / day / IP, 10 / week
POST /verify/bulk10 / hour / userN/A
GET /jobs/{id}60 / minute / userN/A

Exceeded limits return HTTP 429 with a standard Retry-After header. The header tells you how many seconds to wait before retrying — use it for exponential backoff rather than blind retries.

06ERROR HANDLING

Error handling

Every error response follows the same shape so your error handler stays simple. Status codes map to real failure modes — none of this 'everything is 200 with status:error inside the body' nonsense:

StatusMeaningRecommended action
200Verification successfulUse the verdict in result.status
400Malformed request (invalid email syntax in body)Show inline form error
401Missing or invalid API keyCheck Bearer token / regenerate key
402Out of creditsPrompt user to top up
429Rate limit exceededRespect Retry-After header
500Verifier infrastructure errorRetry once with backoff
503Upstream SMTP timeoutTreat as "unknown" verdict
{
  "error": {
    "code": 402,
    "message": "Insufficient credits. You have 0 credits remaining.",
    "type": "PaymentRequiredException",
    "path": "/api/v1/verify/single"
  }
}
07WEBHOOK CALLBACKS

Webhook callbacks for bulk jobs

Bulk verification jobs run asynchronously — they can take minutes to hours depending on list size. Instead of polling, register a webhook URL and KillBounce will POST to it the moment a job completes:

// You POST this to /verify/bulk
{
  "file_url": "https://your-cdn.com/list.csv",
  "webhook_url": "https://yourapp.com/webhooks/killbounce"
}

// We POST this to your webhook when it's done
{
  "event": "job.completed",
  "job_id": "job_a1b2c3d4",
  "status": "completed",
  "total_emails": 50000,
  "valid": 42150,
  "invalid": 5230,
  "catch_all": 1620,
  "disposable": 480,
  "unknown": 520,
  "download_url": "https://api.getkillbounce.com/jobs/job_a1b2c3d4/download"
}

Webhook payloads are signed with HMAC-SHA256 (Svix-compatible) — verify the signature before trusting the data. The download URL is signed and expires in 24 hours.

08AUTHENTICATION &

Authentication & security

  • Bearer token authentication via Authorization header
  • X-API-Key header accepted as an alternative
  • Keys generated, rotated, and revoked from the dashboard
  • All traffic encrypted over HTTPS / TLS 1.2+
  • SOC 2-compliant infrastructure (Tier IV datacenter)
  • Email payloads never logged or retained beyond response time
  • Webhooks signed with HMAC-SHA256 for verification

API keys are prefixed with "kb_" so they're easy to spot in code reviews and incident logs. If a key leaks, rotate it from the dashboard and the old one is revoked instantly.

Frequently asked

Answers to the questions teams ask first

Does the API work in real-time on forms?

Yes. Average response time is under 2 seconds — fast enough to validate on blur or submit without noticeable UX delay.

What happens if the API is down?

We maintain 99.9% uptime. If a request times out, your application can fail-open (allow the email) or fail-closed (block until verified). We recommend fail-open with async re-verification for production forms.

Is there an SDK?

Plain HTTP works in every language. Official Node.js and Python wrappers are in development. The endpoint is fully RESTful so any HTTP client integrates in a few lines.

Can I test in sandbox mode?

Use any throwaway address with the @example.com domain to trigger predictable verdicts during development. No credits are charged for invalid syntax checks.

No card. No trial timer.

Verify your first 100 emails free.

Sign up in under 30 seconds. Paste your first list, hit verify, see the real SMTP-level result in seconds.

Get your API key

Related: explore more of what KillBounce does