← Integration Guides

Option 2 — Browser + Proxy Guide

Use this pattern when JavaScript on your public page should validate a phone number or email before or without a full page submit, while keeping the server-side API key only on the server (proxy) you control (never use a client-side API key in your proxy).

How it works

  1. The visitor’s browser calls only your HTTPS origin (for example POST /api/validate-email).
  2. Your small backend route adds Authorization: Bearer <SERVER_SIDE_API_KEY> (a server-side API key from API Keys) and forwards JSON request to the Data Checks API.
  3. Your route returns a JSON response to the browser (often the same fields Data Checks returns, optionally minus account metadata such as remaining_credits).

The Data Checks API is documented on the API Specs page.

What you need

Minimal browser example

Call your own path; adjust URL and CSRF token to match your site.

async function validateEmail(email) {
  const res = await fetch('/api/validate-email', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'Accept': 'application/json',
      // 'X-CSRF-TOKEN': document.querySelector('meta[name="csrf-token"]').content,
    },
    body: JSON.stringify({ email }),
  });
  const data = await res.json().catch(() => ({}));
  if (!res.ok) throw new Error(data.message || data.error || ('HTTP ' + res.status));
  return data;
}

The same snippet is in the starter packs as examples/browser-validate-email.js along with examples/browser-validate-phone.js.

Starter downloads

Download example implementations. Unpack a ZIP on your machine, set DATA_CHECKS_API_KEY to a server-side key value, and follow the README.

Starter packs (ZIP)

Each archive preserves the folder layout so you can unzip and run locally.

Node (Express) Node 18+, minimal Express server.

Download ZIP

Python (Flask) Flask + requests.

Download ZIP

PHP (cURL) Router script for PHP’s built-in server.

Download ZIP

Laravel Routes and config snippet (README).

Download ZIP

All starters Single ZIP with every file below.

Download ZIP

Individual files

Path
README.md — Overview and run instructions Download
examples/browser-validate-email.js Download
examples/browser-validate-phone.js Download
node-express/package.json Download
node-express/server.mjs Download
python-flask/requirements.txt Download
python-flask/app.py Download
php-curl/router — Downloads as router.php Download
laravel/README.md Download

Security checklist (do this on your proxy)

CORS

If your JavaScript runs on the same origin as the proxy (typical for a first-party site), you do not need CORS headers for that call.

If the browser calls your API from another subdomain or domain, configure CORS on your proxy to allow only the origins you trust, and keep preflight rules narrow.

Rate limits

The Data Checks API is rate-limited at 60 requests per minute. See the API Specs for details. Map 429 responses to a friendly message and backoff.

Troubleshooting

Support boundaries

Data Checks supports the behaviour of the public API and your account. Custom proxy code runs on your infrastructure: you maintain TLS, logging, auth, and abuse controls. Requests are checked against your key type (server-side optional IP allowlist; client-side required allowed domains). If a request reaches our API with a valid key and fails with our documented status codes, use this guide and the API Specs; if the problem persists, contact support with timestamps and the HTTP status, without full personally identifiable information (PII).