REST. Bearer auth. JSON in, JSON out.
Every request needs an API key. Get one from the dashboard. Two modes:
Authorization: Bearer ic_pk_XXXX.ic_sk_YYYY
X-API-Key: ic_pk_XXXX X-Timestamp: 1735689600 X-Signature: sha256=<hex> # signature = HMAC_SHA256(hmac_secret, # timestamp + "\n" + method + "\n" + path + "\n" + rawBody) # timestamp must be within 300s of server clock.
The HMAC secret is minted alongside your API key and shown once. Bearer mode is fine for most use — HMAC is for high-security integrations where you don't want the bearer token to leak in logs.
Verify one email. 1 credit. Optional webhook URL fires per-item (fire-and-forget) with the same HMAC signing as bulk callbacks.
{
"email": "jane@stripe.com",
"webhook": "https://your-app/hook" // optional
}Response:
{
"email": "jane@stripe.com",
"status": "deliverable",
"reason": "accepted",
"mxHost": "aspmx.l.google.com",
"mxProvider": "google_workspace",
"smtpCode": 250,
"_meta": { "credits_charged": 1, "credits_remaining": 49, "plan": "free" }
}Verify a professional email from name + domain. 3 credits.
{
"first": "Jane",
"last": "Doe",
"domain": "stripe.com"
}Response (verified path):
{
"verified_email": "jane.doe@stripe.com", // safe to send
"pattern_guess": null,
"found": "jane.doe@stripe.com", // legacy; same as verified_email
"status": "found",
"confidence": 0.98,
"mxProvider": "google_workspace"
}Response (unverified / catch-all path):
{
"verified_email": null, // DO NOT ship as verified
"pattern_guess": "jane.doe@catchall.com", // best guess, use at your own risk
"found": null, // legacy — not populated for guesses
"status": "catch_all",
"confidence": 0.45,
"note": "domain accepts all mail — returning top-ranked guess, unverified"
}verified_email is safe to send. pattern_guess is our best deduction — helpful for research, but shipping it as "verified" will damage your sending-domain reputation via bounces.Async batch. 1 credit / verify, 3 / find. Up to 10,000 items per job.
{
"action": "find",
"items": [
{ "first": "Jane", "last": "Doe", "domain": "stripe.com" }
],
"webhook": "https://your-app/webhook/Coalesce"
}Returns { "jobId": "job_...", "status": "processing" }. Poll GET /v1/bulk/<id>.
Report a bounce or bad match. Free. Every report trains our per-domain pattern rankings, so the next lookup in that domain is smarter.
{
"email": "jane.doe@company.com",
"first": "Jane", // optional
"last": "Doe", // optional
"outcome": "bounced" // "bounced" | "wrong_person" | "delivered"
}Push known-good addresses so we skip them next time and reinforce the domain pattern.
{
"items": [
{ "email": "jane.doe@stripe.com", "first": "Jane", "last": "Doe" }
]
}Daily credit cap by plan. _meta.credits_remaining tracks usage. 429 with retry_at when exhausted.
401 missing / invalid / revoked API key 429 rate_limit_exceeded (retry after midnight UTC) 502 worker_unavailable (SMTP node offline; retry) 400 malformed request