Validate a single email address and assess its deliverability and risk profile.
API at a glance
This endpoint is not available by default.
Please get in touch with your CSM or email [email protected] to enable access.
Description: This API checks if an individual email address is valid, risky, disposable, or role-based. It helps you improve deliverability by validating emails before sending campaigns.
Validation logic & best practices
What it checks:
- Mailbox detection
- Syntax validation (RFC-compliant)
- DNS and MX record lookup
- Domain spell checks
- ESP-specific formatting (if applicable)
When to use this API:
Use this API to validate email addresses collected directly from:
- Newsletter signups
- Account registration forms
- Checkout or lead capture forms
This helps reduce bounce rates, protect the sender's reputation, and improve deliverability.
Acceptable use:
To ensure compliance, do not use this API to:
- Validate emails without the user's consent (no opt-in)
- Verify emails from third-party sources (e.g., purchased or rented lists)
- Generate, guess, or harvest unknown email addresses
Only use the API with consented, first-party data.
Authentication & testing - Email validation
Testing the API on this page
How to try it here
- Use your Private Email Validation Key provided by your CSM as the Username (leave Password blank).
- Select the appropriate API endpoint based on your Blueshift region.
- Enter the necessary parameters and click Try It to run the request.
Authentication using Base64 encoding
Note for developers
API requests require authentication using HTTP Basic Authentication with the Private User API key (contact your CSM for this key).
The API key serves as the username, while the password field should be left empty.
The format to encode is: your_api_key: (note the trailing colon).
This string must be Base64-encoded and included in the request's Authorization header as follows:
Authorization: Basic encoded_valueYou can generate the encoded value using a trusted Base64 encoder.
Postman collection
Try it with Postman: Explore the API using Blueshift's Postman collection.
Things to know before you start
- This endpoint supports only one email address per request.
- The API returns details such as:
- Whether the email is valid
- If it belongs to a disposable or role-based service
- The risk level associated with the address
- The maximum request rate may be limited based on account settings.
Request parameters
Check out the request parameters
Email validation parameters
Note: This API supports only one parameter.
| Parameter | Type | Required | Description |
|---|---|---|---|
email | string | ✅ Yes | The email address to validate. Example: [email protected] (Maximum: 512 characters) |
Example requests & responses
Request example
curl --request GET \
--url 'https://api.getblueshift.com/api/v1/emails/validate?email=janedoe%40acme.com' \
--header 'accept: application/json' \
--header 'authorization: Basic YWNlZDZlNGYxMWExYWVhOTZmNTJkNDg4M2ZmMjI4Mjg6'
Response example
{
"result": {
"address": "[email protected]",
"engagement": {
"engaging": true,
"is_bot": false
},
"is_disposable_address": false,
"is_role_address": false,
"reason": [],
"result": "deliverable",
"risk": "low"
}
}
API error responses
| Status code | Description | Example response |
|---|---|---|
| 400 Bad Request | Missing or invalid email address. | { "errors": { "email": ["can't be blank or is invalid"] } } |
| 401 Unauthorized | API authentication failed due to an invalid or missing API key. | { "message": "Not authorized" } |
| 403 Forbidden | The API key does not have sufficient permissions. | { "message": "Permission denied" } |
| 404 Not Found | The requested API endpoint does not exist. | { "message": "Endpoint not found" } |
| 429 Too Many Requests | The request limit has been exceeded. | { "message": "Rate limit exceeded" } |
| 500 Internal Server Error | An unexpected server error occurred. | { "message": "Internal Server Error - Please contact support for more information." } |
| 502 Bad Gateway | The server received an invalid response. | { "message": "Bad Gateway - Please retry the request." } |
| 503 Service Unavailable | The service is temporarily unavailable. | { "message": "Service Unavailable - Try again later." } |
| 504 Gateway Timeout | The server took too long to respond. | { "message": "Gateway Timeout - Retry with exponential backoff." } |
Field reference
Response fields
| Field | Type | Description |
|---|---|---|
address | string | The email address being verified. |
did_you_mean | string | Suggestion for typos in the domain (if any). |
is_disposable_address | boolean | true if the domain is disposable. |
is_role_address | boolean | true if the address is role-based (e.g., admin@, sales@). |
reason | array | List of reasons why the address may be invalid or risky. |
result | string | One of: deliverable, undeliverable, do_not_send, catch_all, unknown. |
risk | string | Risk level: low, medium, high, or unknown. |
root_address | string | If the input is an alias, this shows the root address. |
engagement.engaging | boolean | Indicates if the user shows engagement signals. |
engagement.is_bot | boolean | true if the address is likely bot-generated. |
Reason codes
| Reason | Description |
|---|---|
unknown_provider | MX provider is not recognized. |
no_mx | No MX records found for the domain. |
high_risk_domain | Domain is flagged as high risk. |
subdomain_mailer | Domain is a subdomain and not whitelisted. |
immature_domain | Domain is recently created. |
tld_risk | Top-level domain is considered risky. |
mailbox_does_not_exist | Mailbox does not exist. |
mailbox_is_disposable_address | Disposable email address. |
mailbox_is_role_address | Role-based email address. |
catch_all | Domain accepts all addresses (catch-all). |
long_term_disposable | Long-term disposable address. |
failed custom grammar check | Failed ESP-specific formatting rules. |
Result types
| Result | Description |
|---|---|
deliverable | Valid and expected to receive emails. |
undeliverable | Invalid and likely to bounce. |
do_not_send | High-risk — avoid sending to this address. |
catch_all | Domain accepts all addresses; validity can't be confirmed. |
unknown | Validity cannot be determined. See reason for more info. |