post https://api.getblueshift.com/api/v1/emails/bulk_validate
Validate up to 30 emails in one request, and assess its deliverability and risk profile.
API at a glance
This endpoint is not available by default.
Please get in touch with your CSM or email [email protected] to enable access.
Description: This API allows you to validate multiple email addresses (up to 30) in a single request. It helps you identify risky or invalid addresses before launching campaigns at scale.
Validation logic & best practices
What it checks:
- Mailbox detection
- Syntax validation (RFC-compliant)
- DNS and MX record lookup
- Domain spell checks
- ESP-specific formatting (if applicable)
When to use this API:
Use this API to validate email addresses collected directly from:
- Newsletter signups
- Account registration forms
- Checkout or lead capture forms
This helps reduce bounce rates, protect the sender's reputation, and improve deliverability.
Acceptable use:
To ensure compliance, do not use this API to:
- Validate emails without the user's consent (no opt-in)
- Verify emails from third-party sources (e.g., purchased or rented lists)
- Generate, guess, or harvest unknown email addresses
Only use the API with consented, first-party data.
Authentication & testing - Email validation
Testing the API on this page
How to try it here
- Use your Private Email Validation Key provided by your CSM as the Username (leave Password blank).
- Select the appropriate API endpoint based on your Blueshift region.
- Enter the necessary parameters and click Try It to run the request.
Authentication using Base64 encoding
Note for developers
API requests require authentication using HTTP Basic Authentication with the Private User API key (contact your CSM for this key).
The API key serves as the username, while the password field should be left empty.
The format to encode is: your_api_key: (note the trailing colon).
This string must be Base64-encoded and included in the request's Authorization header as follows:
Authorization: Basic encoded_valueYou can generate the encoded value using a trusted Base64 encoder.
Postman collection
Try it with Postman: Explore the API using Blueshift's Postman collection.
Things to know before you start
- You can validate up to 30 email addresses per request.
- The API returns an array of results with individual validation data.
- Requests exceeding 30 emails will return a
413 Payload Too Largeerror. - The maximum request rate may be limited based on account settings.
Request parameters
Check out the request parameters
Bulk validation parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
emails | string[] | ✅ Yes | An array of email addresses to validate. Example: ["[email protected]", "[email protected]"](Maximum: 512 characters) |
Example requests & responses
Request example
curl --request POST \
--url https://api.getblueshift.com/api/v1/emails/bulk_validate \
--header 'accept: application/json' \
--header 'authorization: Basic YWNlZDZlNGYxMWExYWVhOTZmNTJkNDg4M2ZmMjI4Mjg6' \
--header 'content-type: application/json' \
--data '
{
"emails": [
"[email protected]",
"[email protected]"
]
}
'
Response example
{
"result": [
{
"[email protected]": {
"address": "[email protected]",
"engagement": {
"engaging": true,
"is_bot": false
},
"is_disposable_address": false,
"is_role_address": false,
"reason": [],
"result": "deliverable",
"risk": "low"
}
},
{
"[email protected]": {
"address": "[email protected]",
"engagement": {
"engaging": false,
"is_bot": false
},
"is_disposable_address": true,
"is_role_address": false,
"reason": [
"disposable"
],
"result": "invalid",
"risk": "high"
}
}
]
}
API error responses
| Status code | Description | Example response |
|---|---|---|
| 400 Bad Request | Missing or malformed payload. | { "errors": { "emails": ["must be an array of strings"] } } |
| 401 Unauthorized | API authentication failed due to an invalid or missing API key. | { "message": "Not authorized" } |
| 403 Forbidden | The API key does not have sufficient permissions. | { "message": "Permission denied" } |
| 404 Not Found | The requested API endpoint does not exist. | { "message": "Endpoint not found" } |
| 413 Payload Too Large | More than 30 email addresses were submitted. | { "message": "You can validate a maximum of 30 emails in one API call." } |
| 429 Too Many Requests | The request limit has been exceeded. | { "message": "Rate limit exceeded" } |
| 500 Internal Server Error | An unexpected server error occurred. | { "message": "Internal Server Error - Please contact support for more information." } |
| 502 Bad Gateway | The server received an invalid response. | { "message": "Bad Gateway - Please retry the request." } |
| 503 Service Unavailable | The service is temporarily unavailable. | { "message": "Service Unavailable - Try again later." } |
| 504 Gateway Timeout | The server took too long to respond. | { "message": "Gateway Timeout - Retry with exponential backoff." } |
Field reference
Response fields
| Field | Type | Description |
|---|---|---|
address | string | The email address being verified. |
did_you_mean | string | Suggestion for typos in the domain (if any). |
is_disposable_address | boolean | true if the domain is disposable. |
is_role_address | boolean | true if the address is role-based (e.g., admin@, sales@). |
reason | array | List of reasons why the address may be invalid or risky. |
result | string | One of: deliverable, undeliverable, do_not_send, catch_all, unknown. |
risk | string | Risk level: low, medium, high, or unknown. |
root_address | string | If the input is an alias, this shows the root address. |
engagement.engaging | boolean | Indicates if the user shows engagement signals. |
engagement.is_bot | boolean | true if the address is likely bot-generated. |
Reason codes
| Reason | Description |
|---|---|
unknown_provider | MX provider is not recognized. |
no_mx | No MX records found for the domain. |
high_risk_domain | Domain is flagged as high risk. |
subdomain_mailer | Domain is a subdomain and not whitelisted. |
immature_domain | Domain is recently created. |
tld_risk | Top-level domain is considered risky. |
mailbox_does_not_exist | Mailbox does not exist. |
mailbox_is_disposable_address | Disposable email address. |
mailbox_is_role_address | Role-based email address. |
catch_all | Domain accepts all addresses (catch-all). |
long_term_disposable | Long-term disposable address. |
failed custom grammar check | Failed ESP-specific formatting rules. |
Result types
| Result | Description |
|---|---|
deliverable | Valid and expected to receive emails. |
undeliverable | Invalid and likely to bounce. |
do_not_send | High-risk — avoid sending to this address. |
catch_all | Domain accepts all addresses; validity can't be confirmed. |
unknown | Validity cannot be determined. See reason for more info. |