Guides

API integration options for your online forms

Option 1 — Server-side

The browser submits the form to your server. Your server calls the Data Checks API with a server-side API key, applies the validation result (for example accept or reject the data), then responds to the browser.

  • Best for teams that already run a backend for their forms.
  • Plug-and-play: wire your backend form with the REST Data Checks API.
  • Optional: restrict the server-side API key by allowed IPs in API Keys — those are the IPs Data Checks sees when your server calls the API.
Option 2 — Browser + Proxy

You add a small script on the page that talks to your server (proxy), for example POST /api/validate-email. That route holds a server-side API key and forwards the phone or email to Data Checks, then returns a safe subset of the result to the browser.

  • Keeps the server-side API key off the public site while still allowing live or inline validation.
  • Plug-and-play: paste a snippet on the page and a file to your server.
  • Optional: restrict the server-side API key by allowed IPs in API Keys — those are the IPs Data Checks sees when your server calls the API.

Option 2 — Browser + Proxy Integration Guide — how it works, starter code (Node, Python, PHP, Laravel), security checklist.

Option 3 — Browser + Client-side API Key

A client-side API key is not secret: you configure allowed domains and an optional daily request cap in API Keys, then call the Data Checks API from the browser. The browser automatically sets Origin (similar to many analytics or CAPTCHA widgets) with the allowed domain configured for that client-side API key. To make this integration even easier a hosted UI widget may follow later.

  • Best for teams with static HTML or a page builder and no custom backend for validation.
  • Configure the client-side API key with allowed domains and optionally set a daily request cap in API Keys.

Option 3 — Browser + Client-side API Key Integration Guide — how it works, browser call example, security checklist.

Option 4 — No-code, form builders, and CMS platforms

If you rely on tools such as Zapier, Make, n8n, native form webhooks, Webflow forms, WordPress plugins, Shopify themes, or similar, you often cannot safely embed a server-side API key in the browser or inside a third-party form configuration.

For those stacks, Option 3 is the pattern that best matches “paste a snippet, no server code”: a client-side API key with allowed domains instead of putting a server-side API key in the browser or builder config.