View Source

User Trust API

The User Trust API is the foundational component of the Autheona platform. It allows you to programmatically verify the trustworthiness of a user, providing essential risk assessment data to secure your application and protect your operations.

By integrating the User Trust API, you can perform real-time checks to determine if a specific user account meets your platform safety standards. This API is critical for preventing fraud, ensuring policy compliance, and maintaining a secure environment for your customers.

Use the following cURL command to initiate a trust verification request:

curl -X POST "https://api.autheona.com/v1/intelligence" \
  -H "Content-Type: application/json" \
  -H "x-api-key: <access-token>" \
  -d '{
    "email_address": "<email-address>"
  }'

Endpoint

POST https://api.autheona.com/v1/intelligence

Authentication

To authenticate your request, include your access token in the header:

HeaderValue
x-api-keyYOUR_ACCESS_TOKEN

Request Body

ParameterTypeRequiredDescription
email_addressstringYesThe email address to be validated/analyzed.

Example Request

{
  "email_address": "user@example.com"
}

Response

The API returns a JSON object containing the intelligence data for the provided email address.

Response Structure

{
  "action": "allow",
  "email": {
    "normalized": {
      "base": "string",
      "without_plus_addressing": "string",
      "without_dot_variations": "string",
      "without_punycode": "string",
      "without_typo_mismatch": "string"
    },
    "details": {
      "deliverability": "string",
      "local": {
        "fraud_pattern": "string",
        "mixed_script": "string",
        "has_fraud_pattern": "boolean",
        "has_mixed_script": "boolean",
        "has_dot_variation": "boolean",
        "has_plus_addressing": "boolean",
        "has_special_characters": "boolean",
        "has_numeric": "boolean",
        "has_hyphen": "boolean",
        "has_underscore": "boolean",
        "is_quoted": "boolean"
      },
      "domain": {
        "category": "string",
        "punycode_value": "string",
        "has_valid_tld": "boolean",
        "has_website": "boolean",
        "has_punycode": "boolean",
        "has_typo_mismatch": "boolean",
        "is_ipv4": "boolean",
        "is_ipv6": "boolean",
        "is_only_numeric": "boolean",
        "is_single_label": "boolean",
        "subdomain": {
          "count": "integer",
          "has_hyphen": "boolean",
          "has_numeric": "boolean",
          "has_uuid": "boolean",
          "has_wildcard": "boolean"
        }
      }
    }
  },
  "velocity_by_email": {
    "items": [
      {
        "base_email": "string",
        "created_at": "integer"
      }
    ],
    "count": "integer"
  }
}

Response Fields

Root Level
FieldTypeDescription
actionstringThe final verdict: allow, block, or ignore.
emailobjectContains email analysis results.
velocity_by_emailobjectContains velocity tracking data for fraud detection.
Email Object
FieldTypeDescription
normalizedobjectContains normalized versions of the email address.
detailsobjectContains detailed analysis of the email address.
Normalized Emails Object
FieldTypeDescription
basestringThe normalized base email address.
without_plus_addressingstringEmail address with plus addressing removed.
without_dot_variationsstringEmail address with dot variations removed (Gmail only).
without_punycodestringEmail address with punycode converted to Unicode.
without_typo_mismatchstringEmail address with common typos corrected.
Email Details Object
FieldTypeDescription
deliverabilitystringEmail deliverability status: deliverable, undeliverable, or unknown.
localobjectAnalysis of the email local part (before @).
domainobjectAnalysis of the email domain part (after @).
Email Local Details Object
FieldTypeDescription
fraud_patternstringDetected fraud pattern identifier (e.g., high_entropy:0.95).
mixed_scriptstringDetected mixed script characters.
has_fraud_patternbooleanIndicates if a fraud pattern was detected.
has_mixed_scriptbooleanIndicates if mixed scripts were detected.
has_dot_variationbooleanIndicates if the local part contains dots.
has_plus_addressingbooleanIndicates if plus addressing is used.
has_special_charactersbooleanIndicates if special characters are present.
has_numericbooleanIndicates if numeric characters are present.
has_hyphenbooleanIndicates if hyphens are present.
has_underscorebooleanIndicates if underscores are present.
is_quotedbooleanIndicates if the local part is quoted.
Email Domain Details Object
FieldTypeDescription
categorystringDomain category: business, free, education, government, disposable, or unknown.
punycode_valuestringThe punycode representation of the domain if applicable.
has_valid_tldbooleanIndicates if the top-level domain is valid.
has_websitebooleanIndicates if the domain has an active website.
has_punycodebooleanIndicates if the domain contains punycode.
has_typo_mismatchbooleanIndicates if a typo was detected in the domain.
is_ipv4booleanIndicates if the domain is an IPv4 address.
is_ipv6booleanIndicates if the domain is an IPv6 address.
is_only_numericbooleanIndicates if the domain contains only numeric characters.
is_single_labelbooleanIndicates if the domain has only one label (no subdomains).
subdomainobjectSubdomain analysis details.
Email Subdomain Details Object
FieldTypeDescription
countintegerNumber of subdomain levels.
has_hyphenbooleanIndicates if subdomain contains hyphens.
has_numericbooleanIndicates if subdomain contains numeric characters.
has_uuidbooleanIndicates if subdomain contains a UUID pattern.
has_wildcardbooleanIndicates if subdomain contains a wildcard pattern.
Velocity By Email Object
FieldTypeDescription
itemsarrayList of historical email occurrences for the base email.
countintegerTotal count of occurrences.
Velocity Item Object
FieldTypeDescription
base_emailstringThe base email address for this occurrence.
created_atintegerUnix timestamp of when this occurrence was recorded.

Example Response

{
  "action": "allow",
  "email": {
    "normalized": {
      "base": "john.doe@example.com",
      "without_plus_addressing": "john.doe@example.com",
      "without_dot_variations": null,
      "without_punycode": "john.doe@example.com",
      "without_typo_mismatch": "john.doe@example.com"
    },
    "details": {
      "deliverability": "deliverable",
      "local": {
        "fraud_pattern": null,
        "mixed_script": null,
        "has_fraud_pattern": false,
        "has_mixed_script": false,
        "has_dot_variation": true,
        "has_plus_addressing": false,
        "has_special_characters": false,
        "has_numeric": false,
        "has_hyphen": false,
        "has_underscore": false,
        "is_quoted": false
      },
      "domain": {
        "category": "business",
        "punycode_value": null,
        "has_valid_tld": true,
        "has_website": true,
        "has_punycode": false,
        "has_typo_mismatch": false,
        "is_ipv4": false,
        "is_ipv6": false,
        "is_only_numeric": false,
        "is_single_label": false,
        "subdomain": {
          "count": 0,
          "has_hyphen": false,
          "has_numeric": false,
          "has_uuid": false,
          "has_wildcard": false
        }
      }
    }
  },
  "velocity_by_email": {
    "items": [],
    "count": 0
  }
}

Status Codes

Status CodeDetails
200Results returned successfully
400Invalid request parameters
401Invalid or missing API key
500Internal server error

Test With Custom Policy

For testing and development purposes, you may include an optional custom_policy parameter in your request body to define specific validation rules.

Caution

This parameter is intended for testing environments only and is not required for standard API usage.

ParameterTypeRequiredDescription
custom_policyjsonNoA JSON object used to override default validation behavior during testing.

Example Request with Custom Policy

{
  "email_address": "user@example.com",
  "custom_policy": {
    "parent_rules": [
      {
        "action": "block",
        "field": "domain_disposable",
        "operator": "==",
        "target": {
          "bool": true
        }
      },
      {
        "action": "block",
        "field": "email_deliverable",
        "operator": "==",
        "target": {
          "bool": false
        }
      },
      {
        "action": "ignore",
        "field": "domain_free",
        "operator": "==",
        "target": {
          "bool": true
        }i
      }
    ],
    "stop_on_block": true,
    "version": "1.0"
  }
}