Feature API Pricing Documentation
Log In Create an Account

Verify Your Email

Enter the 6-digit verification code sent to .

Didn’t receive the code? Resend

Create an Account

Already have an account?

Log in

Don't have an account?

Log In Create an Account

Product Documentation

Here is an overview of what stopreg is all about

API Documentation illustration

Topics:

Getting Started with StopReg

StopReg is a powerful email validation API that helps you detect and block disposable, temporary, and fake email addresses in real-time. This documentation will guide you through integrating StopReg into your application to protect your platform from spam, fraud, and abuse.

What is StopReg?

StopReg provides businesses and individuals with tools and resources for detecting and blocking disposable email providers. Our API validates email addresses instantly (typically within milliseconds), allowing you to block disposable emails during signup, checkout, or form submission.

Key Features

  • Real-time Validation: Instant email checking with millisecond response times
  • Comprehensive Database: Over 124,000 disposable email domains in our database
  • Privacy-Focused: We don't store full email addresses - only check the domain part
  • Easy Integration: Simple REST API that works with any programming language
  • Whitelisting Support: Whitelist trusted domains to ensure legitimate users are never blocked

Quick Start

To get started with StopReg, you'll need:

  1. Create an account at stopreg.com
  2. Get your API token from your dashboard
  3. Make your first API call to validate an email address

The API endpoint is simple and secure. You'll use a GET request with your API token in the header and the email/domain in the query string. Continue reading the next sections to learn about authentication, endpoints, and code examples.

API Authentication

StopReg uses API token-based authentication. Your API token is unique to your account and should be kept secure. Never share your API token publicly or commit it to version control systems.

Getting Your API Token

  1. Log in to your StopReg dashboard
  2. Navigate to the API section or locate the API token on your Dashboard home
  3. Copy your API token (you can regenerate it at any time if needed)

Using Your API Token

We recommend using the x-api-token header for all requests. This keeps your token out of URL logs and follows industry standards. 

Headers:
  x-api-token: YOUR_API_TOKEN

Security Best Practices

  • Keep it Secret: Treat your API token like a password - never expose it in client-side code
  • Use Environment Variables: Store your API token in environment variables, not in your source code
  • Regenerate if Compromised: If you suspect your token has been exposed, regenerate it immediately from your dashboard
  • Server-Side Only: Always make API calls from your server-side code, never from the browser

Rate Limits

Rate limits depend on your subscription plan. Free trial accounts have limited requests per day, while paid plans offer higher limits or unlimited requests. Check your dashboard for your current rate limit status.

API Endpoints

StopReg provides a simple REST API endpoint for email validation. All endpoints use HTTPS and return JSON responses.

Email Verification

Endpoint:

GET https://api.stopreg.com/api/v1/verify/email/{email}

Domain Verification

Endpoint:

GET https://api.stopreg.com/api/v1/verify/domain/{domain}

Path Parameters

  • {email} (string, required for /email): The email address to validate.
  • {domain} (string, required for /domain): The domain name to validate (e.g., example.com).

Request Examples

Email Verification

GET https://api.stopreg.com/api/v1/verify/email/test@example.com

Headers:
  x-api-token: YOUR_API_TOKEN

Domain Verification

GET https://api.stopreg.com/api/v1/verify/domain/example.com

Headers:
  x-api-token: YOUR_API_TOKEN

Response Format

The API returns a JSON response with the following structure: 

{
  "status": 200,
  "message": "success",
  "description": "Check successful",
  "data": {
    "input": {
      "email": "user@example.com",
      "normalized": "user@example.com",
      "suggestion": null
    },
    "domain": {
      "name": "example.com",
      "domain_age_in_days": 1234,
      "provider": "Google"
    },
    "mail_server": {
      "mx_found": true,
      "mx_records": [
        "aspmx.l.google.com"
      ],
      "mx_provider": [
        {
          "slug": "zoho corporation",
          "service_type": "mailbox",
          "grade": "professional"
        },
        {
          "slug": "namecheap.com",
          "service_type": "hosting",
          "grade": "standard"
        }
      ]
    },
    "classification": {
      "is_disposable": false,
      "is_relay": false,
      "is_unresolved": false,
      "is_public": true,
      "is_role_based": false,
      "is_alias": false
    },
    "policy": {
      "blocklisted": false,
      "allowlisted": false
    }
  }
}

Response Fields

The API response is structured into several nested objects. Below is a detailed technical reference for each field in the payload.

Top-Level Fields

Field Type Description
status Integer 200, 400, 401, etc. The HTTP status code. Indicates the overall success or failure of the request.
message String "success" | "error" A short string indicating the result state of the API operation.
description String Text A human-readable summary of the verification result or the specific reason for an error.
data Object Payload The container for all verification intelligence. Details are broken down in the sections below.

Domain & Registry Analytics (data.domain)

Field Type Description
name String Value The root domain extracted from your input.
domain_age_in_days Integer Age Trust Metric. The number of days since the domain was first registered. Newly registered domains (e.g., < 30 days) have a near-perfect correlation with malicious activity.
provider String Host The primary entity providing email infrastructure for this domain (e.g., "Google", "Microsoft").

Input Intelligence (data.input)

Field Type Description
email | domain String Raw Value The original input provided in your request. Use this to map the response back to your local records.
normalized String Canonical The standardized version of your input. This value is lowercased, trimmed, and stripped of sub-addressing (e.g., user+tag@ becomes user@).
suggestion String Correction If a common typo is detected (e.g., gnail.com), this provides the corrected domain (gmail.com). Returns null if no correction is needed.

Infrastructure Analytics (data.mail_server)

Field Type Description
mx_found Boolean Status true if valid Mail Exchange (MX) records were found for the domain. If false, the email is likely undeliverable.
mx_records Array List An array of hostnames resolved from the domain's DNS settings.
mx_provider Array Providers Multi-Provider Intelligence. A prioritized list of all infrastructure providers detected behind the email (e.g., Zoho + Namecheap). Contains:
  • slug: Identifier (e.g., "zoho corporation").
  • service_type: mailbox, hosting, relay, or disposable.
  • grade: Professionalism tier (e.g., professional).

Strategic Classification (data.classification)

Field Type Description
is_disposable Boolean High Risk Critical Flag. true if the domain belongs to a temporary, throwaway, or 10-minute mail provider. High correlation with fraud.
is_relay Boolean Neutral true if the provider is a forwarding service or alias system (e.g., iCloud Hide My Email). Common among privacy-conscious users.
is_unresolved Boolean Caution Zero-Trust Flag. true for unknown, non-major domains that proxy through professional mail hosts. High correlation with "Stealth Disposable" providers.
is_public Boolean Low Risk true for common free consumers providers (Gmail, Outlook, Yahoo). Generally safe for B2C registrations.
is_role_based Boolean Caution true for address intended for groups (e.g., admin@, support@). Not ideal for personal account signups.
is_alias Boolean Technical true if sub-addressing was detected (e.g., user+tag@gmail.com). Often used to track source of signups.

Custom Policy Logic (data.policy)

Field Type Description
blocklisted Boolean Custom true if the input matches a domain or email explicitly blocked in your StopReg Dashboard.
allowlisted Boolean Custom true if the input matches a trusted domain in your Dashboard, bypassing all disposable checks.

Error Responses

If an error occurs, the API returns a JSON response with standardized error codes: 

{
  "status": 401,
  "message": "error",
  "description": "The provided API token is invalid.",
  "data": {
    "error": "invalid_token"
  }
}

HTTP Status Codes

  • 200 OK: Request successful
  • 400 Bad Request: Invalid parameters (e.g., invalid_email, invalid_domain)
  • 401 Unauthorized: Authentication issues (missing_token, invalid_token, token_expired)
  • 429 Too Many Requests: Rate limit exceeded (rate_limited) or quota exhausted (token_exhausted)
  • 500 Internal Server Error: Unexpected server error

Code Examples

Here are code examples for integrating StopReg API in various programming languages. Replace YOUR_API_TOKEN with your actual API token.

JavaScript (Node.js)

const apiToken = 'YOUR_API_TOKEN';
const email = 'test@disposable.com';

const response = await fetch(`https://api.stopreg.com/api/v1/verify/email/${email}`, {
    method: 'GET',
    headers: {
      'x-api-token': apiToken,
    }
  }
);

const body = await response.json();
console.log(body);

if (body.data?.classification?.is_disposable) {
  console.log('Domain is blocked');
}

Python

import requests

url = f'https://api.stopreg.com/api/v1/verify/email/{email}'

response = requests.get(
    url,
    headers={'x-api-token': api_token}
)

body = response.json()
print(body)

if body.get('data', {}).get('classification', {}).get('is_disposable'):
    print('Domain is blocked')

PHP

<?php

$apiToken = 'YOUR_API_TOKEN';
$email = 'test@disposable.com';

$url = "https://api.stopreg.com/api/v1/verify/email/" . urlencode($email);

$ch = curl_init($url);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'x-api-token: ' . $apiToken
]);

$response = curl_exec($ch);
$body = json_decode($response, true);

curl_close($ch);

if (isset($body['data']['classification']['is_disposable']) && $body['data']['classification']['is_disposable']) {
    echo 'Domain is blocked';
}
?>

cURL

curl -X GET \
  "https://api.stopreg.com/api/v1/verify/email/test@disposable.com" \
  -H "x-api-token: YOUR_API_TOKEN"

Integration in Registration Forms

When integrating StopReg into your registration or signup forms, validate the email address before allowing the user to complete registration. If data.classification.is_disposable is true, show an error message asking the user to use a valid email address.

Best Practices & Troubleshooting

Follow these best practices to ensure optimal performance and reliability when using the StopReg API.

Best Practices

  • Validate on Server-Side: Always perform email validation on your server, never in client-side JavaScript. This protects your API token and ensures security.
  • Handle Errors Gracefully: Implement proper error handling for network failures, rate limits, and API errors. Provide user-friendly error messages.
  • Cache Results When Appropriate: For frequently checked domains, consider caching results to reduce API calls and improve performance.
  • Use Whitelisting: Whitelist trusted corporate domains to prevent false positives and ensure legitimate users are never blocked.
  • Monitor Rate Limits: Keep track of your API usage to avoid hitting rate limits. Upgrade your plan if needed.
  • Validate Email Format First: Check basic email format before calling the API to save unnecessary requests.

Common Use Cases

  • Registration Forms: Validate emails during user signup to prevent fake accounts
  • Checkout Processes: Block disposable emails during e-commerce checkout
  • Free Trial Signups: Prevent abuse of free trial offers
  • Newsletter Subscriptions: Ensure quality email lists
  • Support Ticket Systems: Verify contact emails for support requests

Troubleshooting

API Returns Error

  • Verify your API token is correct and active
  • Check that the email parameter is properly URL-encoded
  • Ensure you're using the correct endpoint URL

Slow Response Times

  • Check your network connection
  • Verify you're using HTTPS (not HTTP)
  • Consider implementing request timeouts and retries

False Positives

  • Use the whitelist feature for trusted domains
  • Report false positives through your dashboard
  • Check if the domain is actually disposable before blocking

Support

If you need additional help or have questions, contact our support team at support@stopreg.com or visit your dashboard for more resources.

Frequently Asked Questions

Your questions around disposable email, answered.

A disposable email blocker is a tool that automatically detects and blocks temporary, fake, or throwaway email addresses from signing up on your website. This helps you maintain a clean user database, reduce spam, and protect your platform from abuse.

Disposable emails are commonly used for fraud, spam, duplicate account creation, free-trial abuse, and bot signups. Blocking them helps you:

  • Improve lead quality
  • Reduce fraud and abuse
  • Protect your free trials
  • Increase conversion accuracy
  • Improve email deliverability

Yes. The API validates emails instantly (typically within milliseconds), allowing you to block disposable emails during signup, checkout, or form submission.

Yes. You can whitelist domains you trust to ensure legitimate users are never blocked by mistake.

No. We do not store full email addresses. For privacy and compliance, we only check the domain part and discard all data immediately.

No. Only temporary and fake domains. Corporate, ISP, and custom domain emails are always allowed unless they appear in known disposable lists.

Yes. We offer flexible plans, including:

  • Monthly subscription
  • Unlimited requests for enterprise users

Yes. Feel free to test the free trial and see how many fake signups you prevent within minutes.

Yes. By blocking temporary and fake emails:

  • Your bounce rate drops
  • Your sender reputation improves
  • You stay compliant with email service providers

This helps your real messages reach real inboxes.