User Trust API The User Trust API is the foundational component of the Autheona platform. It allows you to programmatically verify the trustworthiness of a user, providing essential risk assessment data to secure your application and protect your operations.
By integrating the User Trust API, you can perform real-time checks to determine if a specific user account meets your platform safety standards. This API is critical for preventing fraud, ensuring policy compliance, and maintaining a secure environment for your customers.
Use the following cURL command to initiate a trust verification request:
curl -X POST "https://api.autheona.com/v1/intelligence" \
-H "Content-Type: application/json" \
-H "x-api-key: <access-token>" \
-d '{
"email_address": "<email-address>"
}'Endpoint POST https://api.autheona.com/v1/intelligence
Authentication To authenticate your request, include your access token in the header:
Header Value x-api-keyYOUR_ACCESS_TOKEN
Request Body Parameter Type Required Description email_addressstringYes The email address to be validated/analyzed.
Example Request {
"email_address": "user@example.com"
}Response The API returns a JSON object containing the intelligence data for the provided email address.
Response Structure {
"action": "allow",
"email": {
"normalized": {
"base": "string",
"without_plus_addressing": "string",
"without_dot_variations": "string",
"without_punycode": "string",
"without_typo_mismatch": "string"
},
"details": {
"deliverability": "string",
"local": {
"fraud_pattern": "string",
"mixed_script": "string",
"has_fraud_pattern": "boolean",
"has_mixed_script": "boolean",
"has_dot_variation": "boolean",
"has_plus_addressing": "boolean",
"has_special_characters": "boolean",
"has_numeric": "boolean",
"has_hyphen": "boolean",
"has_underscore": "boolean",
"is_quoted": "boolean"
},
"domain": {
"category": "string",
"punycode_value": "string",
"has_valid_tld": "boolean",
"has_website": "boolean",
"has_punycode": "boolean",
"has_typo_mismatch": "boolean",
"is_ipv4": "boolean",
"is_ipv6": "boolean",
"is_only_numeric": "boolean",
"is_single_label": "boolean",
"subdomain": {
"count": "integer",
"has_hyphen": "boolean",
"has_numeric": "boolean",
"has_uuid": "boolean",
"has_wildcard": "boolean"
}
}
}
},
"velocity_by_email": {
"items": [
{
"base_email": "string",
"created_at": "integer"
}
],
"count": "integer"
}
}Response Fields Root Level Field Type Description actionstringThe final verdict: allow, block, or ignore. emailobjectContains email analysis results. velocity_by_emailobjectContains velocity tracking data for fraud detection.
Email Object Field Type Description normalizedobjectContains normalized versions of the email address. detailsobjectContains detailed analysis of the email address.
Normalized Emails Object Field Type Description basestringThe normalized base email address. without_plus_addressingstringEmail address with plus addressing removed. without_dot_variationsstringEmail address with dot variations removed (Gmail only). without_punycodestringEmail address with punycode converted to Unicode. without_typo_mismatchstringEmail address with common typos corrected.
Email Details Object Field Type Description deliverabilitystringEmail deliverability status: deliverable, undeliverable, or unknown. localobjectAnalysis of the email local part (before @). domainobjectAnalysis of the email domain part (after @).
Email Local Details Object Field Type Description fraud_patternstringDetected fraud pattern identifier (e.g., high_entropy:0.95). mixed_scriptstringDetected mixed script characters. has_fraud_patternbooleanIndicates if a fraud pattern was detected. has_mixed_scriptbooleanIndicates if mixed scripts were detected. has_dot_variationbooleanIndicates if the local part contains dots. has_plus_addressingbooleanIndicates if plus addressing is used. has_special_charactersbooleanIndicates if special characters are present. has_numericbooleanIndicates if numeric characters are present. has_hyphenbooleanIndicates if hyphens are present. has_underscorebooleanIndicates if underscores are present. is_quotedbooleanIndicates if the local part is quoted.
Email Domain Details Object Field Type Description categorystringDomain category: business, free, education, government, disposable, or unknown. punycode_valuestringThe punycode representation of the domain if applicable. has_valid_tldbooleanIndicates if the top-level domain is valid. has_websitebooleanIndicates if the domain has an active website. has_punycodebooleanIndicates if the domain contains punycode. has_typo_mismatchbooleanIndicates if a typo was detected in the domain. is_ipv4booleanIndicates if the domain is an IPv4 address. is_ipv6booleanIndicates if the domain is an IPv6 address. is_only_numericbooleanIndicates if the domain contains only numeric characters. is_single_labelbooleanIndicates if the domain has only one label (no subdomains). subdomainobjectSubdomain analysis details.
Email Subdomain Details Object Field Type Description countintegerNumber of subdomain levels. has_hyphenbooleanIndicates if subdomain contains hyphens. has_numericbooleanIndicates if subdomain contains numeric characters. has_uuidbooleanIndicates if subdomain contains a UUID pattern. has_wildcardbooleanIndicates if subdomain contains a wildcard pattern.
Velocity By Email Object Field Type Description itemsarrayList of historical email occurrences for the base email. countintegerTotal count of occurrences.
Velocity Item Object Field Type Description base_emailstringThe base email address for this occurrence. created_atintegerUnix timestamp of when this occurrence was recorded.
Example Response {
"action": "allow",
"email": {
"normalized": {
"base": "john.doe@example.com",
"without_plus_addressing": "john.doe@example.com",
"without_dot_variations": null,
"without_punycode": "john.doe@example.com",
"without_typo_mismatch": "john.doe@example.com"
},
"details": {
"deliverability": "deliverable",
"local": {
"fraud_pattern": null,
"mixed_script": null,
"has_fraud_pattern": false,
"has_mixed_script": false,
"has_dot_variation": true,
"has_plus_addressing": false,
"has_special_characters": false,
"has_numeric": false,
"has_hyphen": false,
"has_underscore": false,
"is_quoted": false
},
"domain": {
"category": "business",
"punycode_value": null,
"has_valid_tld": true,
"has_website": true,
"has_punycode": false,
"has_typo_mismatch": false,
"is_ipv4": false,
"is_ipv6": false,
"is_only_numeric": false,
"is_single_label": false,
"subdomain": {
"count": 0,
"has_hyphen": false,
"has_numeric": false,
"has_uuid": false,
"has_wildcard": false
}
}
}
},
"velocity_by_email": {
"items": [],
"count": 0
}
}Status Codes Status Code Details 200Results returned successfully 400Invalid request parameters 401Invalid or missing API key 500Internal server error
Test With Custom Policy For testing and development purposes, you may include an optional custom_policy parameter in your request body to define specific validation rules.
Caution
This parameter is intended for testing environments only and is not required for standard API usage.
Parameter Type Required Description custom_policy json No A JSON object used to override default validation behavior during testing.
Example Request with Custom Policy {
"email_address": "user@example.com",
"custom_policy": {
"parent_rules": [
{
"action": "block",
"field": "domain_disposable",
"operator": "==",
"target": {
"bool": true
}
},
{
"action": "block",
"field": "email_deliverable",
"operator": "==",
"target": {
"bool": false
}
},
{
"action": "ignore",
"field": "domain_free",
"operator": "==",
"target": {
"bool": true
}i
}
],
"stop_on_block": true,
"version": "1.0"
}
}