API Specs
Use Data Checks APIs to validate phone numbers and email addresses from your backend, website forms, or CRM workflows. The setup below applies to both phone and email validation APIs.
API usage & security
Every request needs your API key in the Authorization header and a JSON body.
Authorization: Bearer <YOUR_API_KEY> Content-Type: application/json
Choosing an API key
| Key type | Best for | Guidance |
|---|---|---|
| Server-side | Backends, serverless functions, CRMs, and server-to-server integrations. | The safest choice for backend usage because the key stays on your server. Never expose a server-side key in a browser, mobile app, or public JavaScript bundle. |
| Client-side | Website forms that call Data Checks directly from approved domains. | Intended for client-side use only from domains you approve. You must set the allowed domains whitelist before using the key in production. |
For client-side keys, we recommend setting a daily limit in API Keys. Daily limits cap accidental misuse, reduce the impact of a leaked key, and protect you from unexpected traffic.
Rate limits
Rate limits protect service reliability and help prevent abuse.
If a limit is hit, the API returns 429 with {"error": "rate_limit_exceeded"} and retry headers. Slow down or retry later according to the response.
HTTP 429 Too Many Requests
{"error": "rate_limit_exceeded"}
If a client-side key daily limit is reached, the API returns 429 with {"error": "daily_limit_exceeded"}.
Bulk validation
For large datasets, upload CSV files in the dashboard. Each row uses the same validation logic as the real-time API.