Check Email Risk - Stytch Docs

// POST /v1/email/risk
const stytch = require('stytch');

const client = new stytch.B2BClient({
  project_id: '${projectId}',
  secret: '${secret}',
});

const params = {
  email_address: "${email}",
};

client.Fraud.Email.Risk(params)
  .then(resp => { console.log(resp) })
  .catch(err => { console.log(err) });

{
  "request_id": "<string>",
  "address_information": {
    "has_known_bounces": true,
    "has_valid_syntax": true,
    "is_suspected_role_address": true,
    "normalized_email": "<string>",
    "tumbling_character_count": 123
  },
  "domain_information": {
    "has_mx_or_a_record": true,
    "is_disposable_domain": true
  },
  "action": "ALLOW",
  "risk_score": 123,
  "status_code": 123
}

POST

risk

// POST /v1/email/risk
const stytch = require('stytch');

const client = new stytch.B2BClient({
  project_id: '${projectId}',
  secret: '${secret}',
});

const params = {
  email_address: "${email}",
};

client.Fraud.Email.Risk(params)
  .then(resp => { console.log(resp) })
  .catch(err => { console.log(err) });

{
  "request_id": "<string>",
  "address_information": {
    "has_known_bounces": true,
    "has_valid_syntax": true,
    "is_suspected_role_address": true,
    "normalized_email": "<string>",
    "tumbling_character_count": 123
  },
  "domain_information": {
    "has_mx_or_a_record": true,
    "is_disposable_domain": true
  },
  "action": "ALLOW",
  "risk_score": 123,
  "status_code": 123
}

Get risk information for a specific email address. The response will contain a recommended action (ALLOW, BLOCK, or CHALLENGE) and a more granular risk_score. You can also check the address_information and domain_information fields for more information about the email address and email domain.

This feature is in beta. Reach out to us here if you’d like to request early access.

Authorizations

Authorization

string

header

required

Basic authentication header of the form Basic <encoded-value>, where <encoded-value> is the base64-encoded string username:password.

Body

application/json

Request type

email_address

string

required

The email address to check.

Response

Successful response

request_id

string

required

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

address_information

object

required

Information about the email address.

Show child attributes

domain_information

object

required

Information about the email domain.

Show child attributes

action

enum<string>

required

The suggested action based on the attributes of the email address. The available actions are:

ALLOW - This email is most likely safe to send to and not fraudulent.
BLOCK - This email is invalid or exhibits signs of fraud. We recommend blocking the end user.
CHALLENGE - This email has some potentially fraudulent attributes. We recommend increased friction such as 2FA or other forms of extended user verification before allowing the privileged action to proceed.

Available options:

ALLOW,

CHALLENGE,

BLOCK

risk_score

integer<int32>

required

A score from 0 to 100 indicating how risky the email is. 100 is the most risky.

status_code

integer<int32>

required

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.

⌘I