Disposable Armor API
Everything you need to detect disposable emails, analyze email quality, and protect your application from fraud.
Authentication
All API requests require authentication with your API key. Include it in the request headers:
Authorization: Bearer YOUR_API_KEY // OR X-API-Key: YOUR_API_KEY
API Keys Per Plan
Rate Limits
Monthly Quotas
Based on your subscription plan, resets on billing anniversary.
Technical Rate Limit
All plans are limited to protect against abuse.
Exceeding either limit returns a 429 status code with details about which limit was exceeded.
API Endpoint
/api/v1/checkThis endpoint accepts two different query parameters depending on your use case. Choose the one that fits your needs:
Use the domain parameter when you only need to check if a domain is disposable. This is useful when you already have the domain extracted or want to validate domains in bulk.
- • Disposable domain detection
- • Allowlist check (legitimate providers)
- • Advanced ML detection (paid plans)
- • Apple proxy detection (paid plans)
GET /api/v1/check?domain=mailinator.com
Use the email parameter when you have a complete email address. The domain is automatically extracted, plus you get additional email quality analysis on paid plans.
- • Everything from domain check
- • Email quality analysis (paid plans)
- • Alias detection with normalized email
- • Bot/auto-generated detection
- • Role account detection
GET /api/v1/[email protected]
Recommended: Use the email parameter to get the most comprehensive analysis, especially for signup forms and user registration flows.
Code Examples
# Check a domain only curl -X GET "https://www.disposablearmor.com/api/v1/check?domain=mailinator.com" \ -H "Authorization: Bearer YOUR_API_KEY" # Check a full email (recommended for signups) curl -X GET "https://www.disposablearmor.com/api/v1/[email protected]" \ -H "Authorization: Bearer YOUR_API_KEY"
Response Examples
Response Fields
domainis_temporarytrue if the domain is identified as disposable/temporaryis_allowedtrue, domain is on the allowlist of legitimate providers (overrides is_temporary)checks_remaininglimitreset_dateEmail Quality Analysis
Paid PlansComprehensive email analysis with confidence scores for different risk categories. Only available when using the email parameter.
overall_risklow, medium, high, or criticalrisk_scoreconfidenceindicatorsalias_detectionsummaryIndicator Codes
These codes appear in the indicators array and identify specific risk patterns.
da_alias_plus_tagEmail uses +tag aliasing (e.g., [email protected])da_alias_plus_randomPlus tag appears random/auto-generated - likely evading detectionda_alias_dot_separatedEmail uses dot-based aliasing (dots ignored by Gmail, etc.)da_alias_excessive_dotsExcessive dot usage suggests intentional aliasingda_alias_separator_patternSeparator pattern detected (e.g., u.s.e.r or u-s-e-r)Score Recommendations
Use these recommended thresholds as a starting point for your implementation. Adjust based on your specific use case and risk tolerance.
Overall Risk Score
Apple Proxy Detection
The confidence score indicates how likely the email/IP is an Apple privacy service.
| Score Range | Meaning | Recommended Action |
|---|---|---|
0-30% | Not an Apple proxy | Treat as normal email |
30-70% | Possible Apple service | Consider additional verification |
70-90% | Likely Apple proxy | Flag for review, may limit features |
90-100% | Confirmed Apple proxy | Handle as privacy-conscious user |
Note: Apple proxy users are legitimate but privacy-conscious. Consider allowing them while noting they may have limited trackability.
Email Quality Confidence Scores
Each category has its own confidence score. Here are recommended thresholds:
<40 Normal40-70 Possible alias>70 Likely alias💡 Store normalized_email and check for duplicates when alias ≥40
<40 Human-like40-60 Suspicious>60 Likely bot💡 Add CAPTCHA or phone verification when bot_generated ≥50
<50 Personal50-80 Shared inbox>80 Automated/noreply💡 Reject signups with role_account ≥70 if you require personal emails
<20 Valid format20-50 Minor issues>50 Invalid💡 Always reject emails with invalid ≥80 (malformed/RFC non-compliant)
Example Implementation
// Example: Signup validation logic
async function validateSignup(email) {
const response = await fetch(`/api/v1/check?email=${email}`, {
headers: { 'Authorization': 'Bearer YOUR_API_KEY' }
});
const data = await response.json();
// Block disposable emails
if (data.is_temporary) {
return { allowed: false, reason: 'Disposable email not allowed' };
}
// Block invalid emails
if (data.email_quality?.confidence.invalid >= 80) {
return { allowed: false, reason: 'Invalid email format' };
}
// Block likely bots
if (data.email_quality?.confidence.bot_generated >= 60) {
return { allowed: false, reason: 'Suspicious email pattern', requireCaptcha: true };
}
// Flag aliases for duplicate checking
if (data.email_quality?.confidence.alias >= 40) {
const normalizedEmail = data.email_quality.alias_detection.normalized_email;
const existingUser = await checkExistingUser(normalizedEmail);
if (existingUser) {
return { allowed: false, reason: 'Account already exists' };
}
}
// Optionally require personal emails (block role accounts)
if (data.email_quality?.confidence.role_account >= 70) {
return { allowed: false, reason: 'Please use a personal email address' };
}
return { allowed: true, riskScore: data.email_quality?.risk_score || 0 };
}Error Responses
Accuracy Disclaimer
While our service strives for high accuracy, we cannot guarantee 100% accuracy in all cases. The disposable email landscape is constantly evolving.
We recommend implementing appropriate fallback mechanisms and user verification processes. Disposable Armor should be used as one component of a comprehensive email validation strategy.
Ready to Get Started?
Sign up for a free account to get your API key and start protecting your service from disposable emails.