API Documentation

Integrate real-time email verification into your applications. Validate addresses at signup, checkout, or in bulk before campaigns.

Base URL: https://verify.cascade-mail.com/api

Authentication

All API requests require an API key. Create one from your dashboard under the API Keys tab.

Pass your key in the X-Api-Key header:

curl -H "X-Api-Key: cv_your_key_here" \
  https://verify.cascade-mail.com/api/verify.php

API keys are tied to your account. Never expose them in client-side code or public repositories.

You can also pass the key as a query parameter for simple testing:

GET /api/verify.php?email=test@example.com&api_key=cv_your_key_here

Base URL & Format

All endpoints accept and return JSON. Set Content-Type: application/json for POST requests.

Responses always include a success boolean and either a result object or an error string.

Rate Limits

Rate limits are based on your plan tier:

Plan	Credits	API Keys	Bulk Upload
Free	25	No API access	No
Starter	2,000	2 keys	Yes
Professional	10,000	5 keys	Yes
Enterprise	100,000+	20 keys	Yes

Each verification consumes 1 credit regardless of result. Credits never expire.

Verify Single Email

Verify a single email address and receive a comprehensive deliverability report.

POST /api/verify.php

Request Body

Parameter	Type	Description
email	string required	The email address to verify
port	integer optional	SMTP port. Default: `25`. Also supports `465` (SSL).

Example Request

curl -X POST https://verify.cascade-mail.com/api/verify.php \
  -H "Content-Type: application/json" \
  -H "X-Api-Key: cv_your_key_here" \
  -d '{"email": "john.smith@example.com"}'

Example Response

{
  "success": true,
  "result": {
    "email": "john.smith@example.com",
    "domain": "example.com",
    "valid_syntax": true,
    "mx_records": ["mx1.example.com", "mx2.example.com"],
    "deliverable": true,
    "status": "deliverable",
    "status_detail": "Email address is deliverable",
    "is_catchall": false,
    "score": 9,
    "score_factors": [
      "MX found (+2)",
      "Multiple MX (+0.5)",
      "SMTP connected (+1)",
      "EHLO accepted (+0.5)",
      "MAIL FROM accepted (+0.5)",
      "RCPT TO accepted (+3)",
      "SPF record (+0.5)",
      "DMARC record (+0.5)",
      "Website exists (+0.25)",
      "Real name pattern (+0.5)"
    ],
    "is_disposable": false,
    "is_role_account": false,
    "is_known_provider": false,
    "dns_health": {
      "has_spf": true,
      "has_dmarc": true,
      "has_a_record": true
    },
    "smtp_check": {
      "mx_host": "mx1.example.com",
      "connected": true,
      "helo_ok": true,
      "mail_from_ok": true,
      "rcpt_to_ok": true,
      "rcpt_to_code": 250,
      "rcpt_to_response": "250 2.1.5 OK"
    },
    "server_policy": null,
    "credits_remaining": 1847
  }
}

Status Codes

The status field in every response indicates the verification verdict:

Status	Meaning	Action
deliverable	Mail server confirmed the address exists	Safe to send
likely_valid	Server recognizes the address but blocks verification probes	Probably safe — check score
undeliverable	Server explicitly says the mailbox doesn't exist (5.1.1)	Do not send
invalid	Bad syntax or no MX records for the domain	Do not send
unknown	Could not determine — server unreachable, deferred, or reject-all	Use score to decide

Deliverability Score

Every verified email receives a score from 1 to 10 based on multiple signals. Use this score to make send/don't-send decisions, especially for unknown status results.

Score Range	Recommendation	Color
8 – 10	Safe to send	Green
4 – 7	Send with caution — monitor bounces	Amber
1 – 3	Do not send — high bounce risk	Red

Score Factors

The score_factors array shows exactly which signals contributed to the score:

Signal	Category	Points
MX records found	Infrastructure	+2.0
Multiple MX records	Infrastructure	+0.5
SMTP connected	Infrastructure	+1.0
EHLO accepted	Infrastructure	+0.5
MAIL FROM accepted	Infrastructure	+0.5
RCPT TO accepted (250)	SMTP Verdict	+3.0
Deferred (4xx)	SMTP Verdict	+1.0
Mailbox not found (5.1.1)	SMTP Verdict	−3.0
Mailbox disabled (5.2.1)	SMTP Verdict	−2.0
Access denied (5.7.x)	SMTP Verdict	0 (neutral)
Server recognizes address (differential)	Policy	+2.5
Catch-all server	Policy	−1.5
SPF record	DNS	+0.5
DMARC record	DNS	+0.5
Website exists (A record)	DNS	+0.25
Real name pattern	Local Part	+0.5
Role account (info@, admin@)	Local Part	−0.5
Gibberish pattern	Local Part	−1.0
Known provider (Gmail, etc.)	Domain	+0.25
Disposable domain	Domain	−3.0

Server Policy Detection

When a server rejects verification but the rejection is ambiguous, we probe with a fake address to determine the server's policy:

Policy	Meaning	What It Tells You
`accept-all`	Server accepts any address (catch-all)	Address may or may not exist — the server accepts everything
`reject-all`	Server gives identical rejection for real and fake addresses	Server blocks all verification probes — can't determine deliverability
`differential`	Server responds differently to real vs fake addresses	Server knows the address exists — strong signal it's valid

A differential response is one of the strongest positive signals. The server is treating the real address differently from a guaranteed-fake one, meaning it has the address in its system.

Bulk Verification

For verifying large lists, use the CSV upload through the dashboard. The bulk flow is a three-step process:

Upload — POST a CSV file. The API parses emails and returns a batch_id.
Process — Confirm processing with the batch_id. Each email is verified and credits deducted.
Download — Retrieve results as a CSV with status, score, and flags for each address.

POST /api/bulk.php?action=upload

Upload a CSV file with one email per row, or a column named email.

curl -X POST https://verify.cascade-mail.com/api/bulk.php?action=upload \
  -F "csv=@emails.csv"

Response:

{
  "success": true,
  "batch_id": "a1b2c3d4-e5f6-...",
  "emails_found": 500,
  "credits_remaining": 1500
}

POST /api/bulk.php?action=process

Start processing the uploaded batch. Credits are deducted per email.

curl -X POST https://verify.cascade-mail.com/api/bulk.php?action=process \
  -H "Content-Type: application/json" \
  -d '{"batch_id": "a1b2c3d4-e5f6-..."}'

GET /api/bulk.php?action=download&batch_id=...

Download completed results as CSV. Columns: email, domain, status, status_detail, score, is_catchall, is_disposable, is_role_account.

Quick Start

cURL

curl -X POST https://verify.cascade-mail.com/api/verify.php \
  -H "Content-Type: application/json" \
  -H "X-Api-Key: cv_your_key_here" \
  -d '{"email": "user@example.com"}'

PHP

$ch = curl_init('https://verify.cascade-mail.com/api/verify.php');
curl_setopt_array($ch, [
    CURLOPT_POST => true,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HTTPHEADER => [
        'Content-Type: application/json',
        'X-Api-Key: cv_your_key_here',
    ],
    CURLOPT_POSTFIELDS => json_encode(['email' => 'user@example.com']),
]);
$result = json_decode(curl_exec($ch), true);
curl_close($ch);

if ($result['result']['score'] >= 7) {
    echo "Safe to send!";
}

Python

import requests

response = requests.post(
    'https://verify.cascade-mail.com/api/verify.php',
    json={'email': 'user@example.com'},
    headers={'X-Api-Key': 'cv_your_key_here'}
)
data = response.json()
result = data['result']

print(f"{result['email']}: {result['status']} (score: {result['score']}/10)")

JavaScript

const res = await fetch('https://verify.cascade-mail.com/api/verify.php', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'X-Api-Key': 'cv_your_key_here',
  },
  body: JSON.stringify({ email: 'user@example.com' }),
});
const { result } = await res.json();
console.log(`${result.email}: ${result.status} (${result.score}/10)`);

CSV Upload Guide

The bulk verifier accepts CSV or TXT files. It automatically detects the email column — just make sure at least one column contains valid email addresses.

Supported formats:

Single column: one email per line
Multi-column: header row with a column named email, email_address, or e-mail
Mixed data: the parser finds the first valid email in each row

Duplicate emails are automatically removed before processing. You're only charged once per unique address.

Error Handling

All errors return a JSON object with an error field:

{
  "error": "No credits remaining. Please upgrade your plan.",
  "credits_remaining": 0
}

HTTP Code	Meaning
200	Success
400	Bad request — missing or invalid parameters
401	Unauthorized — missing or invalid API key
402	Payment required — no credits remaining
403	Forbidden — your plan doesn't include this feature
500	Server error — contact support

Plans & Credits

Every verification consumes 1 credit. Credits never expire. When you run out, you'll receive a 402 response. Upgrade from your dashboard account tab.

Plan	Credits	Price	API Access	Bulk CSV
Free	25	$0	No	No
Starter	2,000	$16 one-time	2 keys	Yes
Professional	10,000	$65 one-time	5 keys	Yes
Enterprise	100,000+	$400 one-time	20 keys	Yes

Need help?