Didit Email Verification API
Overview
Two-step email verification via one-time code:
- 1. Send a verification code to an email address
- Check the code the user provides
Key constraints:
- - Code expires after 5 minutes
- Maximum 3 verification attempts per code (then must resend)
- Maximum 2 resend requests within 24 hours
- You must call Send before Check — Check returns
"Expired or Not Found" otherwise
Capabilities: Detects breached emails (via known data breaches), disposable/temporary email providers, and undeliverable addresses. Supports fraud signals for risk scoring.
API Reference: Send Code | Check Code
Feature Guide: https://docs.didit.me/core-technology/email-verification/overview
Authentication
All requests require an API key via the x-api-key header.
How to obtain: Didit Business Console → API & Webhooks → Copy API key, or via programmatic registration (see below).
CODEBLOCK0
INLINECODE2� = API key missing or invalid. 403 = key lacks permissions or insufficient credits.
Getting Started (No Account Yet?)
If you don't have a Didit API key, create one in 2 API calls:
- 1. Register:
POST https://apx.didit.me/auth/v2/programmatic/register/ with �INLINECODE5 - Check email for a 6-character OTP code
- Verify:
POST https://apx.didit.me/auth/v2/programmatic/verify-email/ with {"email": "you@gmail.com", "code": "A3K9F2"} → response includes �INLINECODE8
To add credits: GET /v3/billing/balance/ to check, POST /v3/billing/top-up/ with {"amount_in_dollars": 50} for a Stripe checkout link.
See the didit-verification-management skill for full platform management (workflows, sessions, users, billing).
Step 1: Send Email Code
Sends a one-time verification code to the specified email address.
Request
CODEBLOCK1
Headers
| Header | Value | Required |
|---|
| INLINECODE12 | Your API key | Yes |
| INLINECODE13 |
application/json |
Yes |
Body (JSON)
| Parameter | Type | Required | Default | Constraints | Description |
|---|
| INLINECODE15 | string | Yes | — | Valid email | Email address to send code to |
| INLINECODE16 |
integer | No |
6 | Min: 4, Max: 8 | Length of the verification code |
|
options.alphanumeric_code | boolean | No |
false | — |
true = A-Z + 0-9 (case-insensitive) |
|
options.locale | string | No | — | Max 5 chars | Locale for email template. e.g.
en-US |
|
signals.ip | string | No | — | IPv4 or IPv6 | User's IP for fraud detection |
|
signals.device_id | string | No | — | Max 255 chars | Unique device identifier |
|
signals.user_agent | string | No | — | Max 512 chars | Browser/client user agent |
|
vendor_data | string | No | — | — | Your identifier for session tracking |
Example
CODEBLOCK2
CODEBLOCK3
Response (200 OK)
CODEBLOCK4
Status Values & Handling
| Status | Meaning | Action |
|---|
| INLINECODE27 | Code sent | Proceed — wait for user to provide code, then call Check |
| INLINECODE28 |
Temporary delivery issue | Wait a few seconds and retry Send (max 2 retries) |
|
"Undeliverable" | Email cannot receive mail | Inform user the email is invalid or cannot receive messages |
Error Responses
| Code | Meaning | Action |
|---|
| INLINECODE30 | Invalid request body or email | Check email format and parameter constraints |
| INLINECODE31 |
Invalid or missing API key | Verify
x-api-key header |
|
403 | Insufficient credits/permissions | Check credits in Business Console |
|
429 | Rate limited | Back off and retry after indicated period |
Step 2: Check Email Code
Verifies the code the user received. Must be called after a successful Send. Optionally auto-declines risky emails.
Request
CODEBLOCK5
Headers
| Header | Value | Required |
|---|
| INLINECODE35 | Your API key | Yes |
| INLINECODE36 |
application/json |
Yes |
Body (JSON)
| Parameter | Type | Required | Default | Values | Description |
|---|
| INLINECODE38 | string | Yes | — | Valid email | Same email used in Step 1 |
| INLINECODE39 |
string |
Yes | — | 4-8 chars | The code the user received |
|
duplicated_email_action | string | No |
"NO_ACTION" |
"NO_ACTION" /
"DECLINE" | Decline if email already verified by another user |
|
breached_email_action | string | No |
"NO_ACTION" |
"NO_ACTION" /
"DECLINE" | Decline if email found in data breaches |
|
disposable_email_action | string | No |
"NO_ACTION" |
"NO_ACTION" /
"DECLINE" | Decline if email is disposable/temporary |
|
undeliverable_email_action | string | No |
"NO_ACTION" |
"NO_ACTION" /
"DECLINE" | Decline if email is undeliverable |
Policy note: When an action is "DECLINE", verification is rejected even if the code is correct. The email.* fields are still populated so you can inspect why.
Example
CODEBLOCK6
CODEBLOCK7
Response (200 OK)
CODEBLOCK8
Status Values & Handling
| Status | Meaning | Action |
|---|
| INLINECODE58 | Code correct, no policy violations | Email verified — proceed with your flow |
| INLINECODE59 |
Code incorrect | Ask user to re-enter. After 3 failures, resend a new code |
|
"Declined" | Code correct but policy violation | Inform user. Check
email.warnings for reason |
|
"Expired or Not Found" | No pending code | Code expired (>5 min) or Send was never called. Resend |
Error Responses
| Code | Meaning | Action |
|---|
| INLINECODE63 | Invalid request body | Check email and code format |
| INLINECODE64 |
Invalid or missing API key | Verify
x-api-key header |
|
403 | Insufficient credits/permissions | Check credits in Business Console |
|
404 | Code expired or not found | Resend a new code via Step 1 |
Response Field Reference
email Object
| Field | Type | Description |
|---|
| INLINECODE69 | string | INLINECODE70�, "Failed", �INLINECODE72 |
| INLINECODE73 |
string | The email address verified |
|
is_breached | boolean | Found in known data breaches |
|
breaches | array | Breach details:
{name, domain, breach_date, data_classes, breach_emails_count} |
|
is_disposable | boolean | From a disposable/temporary provider |
|
is_undeliverable | boolean | Cannot receive email |
|
verification_attempts | integer | Number of check attempts (max 3) |
|
verified_at | string | ISO 8601 timestamp when verified (
null if not) |
|
warnings | array | Risk warnings:
{risk, log_type, short_description, long_description} |
|
lifecycle | array | Event log:
{type, timestamp, fee} |
Warning Tags
| Tag | Description | Auto-Decline |
|---|
| INLINECODE86 | Max code entry attempts exceeded | Yes |
| INLINECODE87 |
Email is in blocklist | Yes |
|
UNDELIVERABLE_EMAIL_DETECTED | Email cannot be delivered | Yes |
|
BREACHED_EMAIL_DETECTED | Found in known data breaches | Configurable |
|
DISPOSABLE_EMAIL_DETECTED | Disposable/temporary provider | Configurable |
|
DUPLICATED_EMAIL | Already verified by another user | Configurable |
Warning severity levels: error (critical), warning (requires attention), information (informational).
Common Workflows
Basic Email Verification
CODEBLOCK9
Strict Security Verification
CODEBLOCK10�
Utility Scripts
verify_email.py: Send and check email verification codes from the command line.
CODEBLOCK11
Can also be imported as a library:
CODEBLOCK12
Didit 邮箱验证 API
概述
通过一次性验证码进行两步邮箱验证:
- 1. 发送验证码到指定邮箱地址
- 检查用户提供的验证码
关键限制:
- - 验证码 5 分钟后过期
- 每个验证码最多 3 次验证尝试(之后必须重新发送)
- 24 小时内最多 2 次重新发送请求
- 必须先调用发送接口再调用检查接口 — 否则检查接口返回已过期或未找到
功能: 检测已泄露邮箱(通过已知数据泄露)、临时/一次性邮箱提供商以及无法投递的地址。支持欺诈信号用于风险评分。
API 参考: 发送验证码 | 检查验证码
功能指南: https://docs.didit.me/core-technology/email-verification/overview
身份认证
所有请求都需要通过 x-api-key 请求头提供 API 密钥。
如何获取: Didit 业务控制台 → API 和 Webhooks → 复制 API 密钥,或通过编程方式注册(见下文)。
x-api-key: yourapikey_here
401 = API 密钥缺失或无效。403 = 密钥缺少权限或积分不足。
快速开始(还没有账户?)
如果您没有 Didit API 密钥,通过 2 次 API 调用创建一个:
- 1. 注册: POST https://apx.didit.me/auth/v2/programmatic/register/ 携带 {email: you@gmail.com, password: MyStr0ng!Pass}
- 检查邮箱 获取 6 位 OTP 验证码
- 验证: POST https://apx.didit.me/auth/v2/programmatic/verify-email/ 携带 {email: you@gmail.com, code: A3K9F2} → 响应中包含 api_key
添加积分: GET /v3/billing/balance/ 检查余额,POST /v3/billing/top-up/ 携带 {amountindollars: 50} 获取 Stripe 结账链接。
完整的平台管理(工作流、会话、用户、计费)请参见 didit-verification-management 技能。
步骤 1:发送邮箱验证码
向指定邮箱地址发送一次性验证码。
请求
POST https://verification.didit.me/v3/email/send/
请求头
| 请求头 | 值 | 必需 |
|---|
| x-api-key | 您的 API 密钥 | 是 |
| Content-Type |
application/json |
是 |
请求体(JSON)
| 参数 | 类型 | 必需 | 默认值 | 约束 | 描述 |
|---|
| email | 字符串 | 是 | — | 有效邮箱 | 要发送验证码的邮箱地址 |
| options.code_size |
整数 | 否 | 6 | 最小值:4,最大值:8 | 验证码长度 |
| options.alphanumeric_code | 布尔值 | 否 | false | — | true = A-Z + 0-9(不区分大小写) |
| options.locale | 字符串 | 否 | — | 最多 5 个字符 | 邮箱模板的语言区域。例如 en-US |
| signals.ip | 字符串 | 否 | — | IPv4 或 IPv6 | 用于欺诈检测的用户 IP |
| signals.device_id | 字符串 | 否 | — | 最多 255 个字符 | 唯一设备标识符 |
| signals.user_agent | 字符串 | 否 | — | 最多 512 个字符 | 浏览器/客户端用户代理 |
| vendor_data | 字符串 | 否 | — | — | 用于会话跟踪的您的标识符 |
示例
python
import requests
response = requests.post(
https://verification.didit.me/v3/email/send/,
headers={x-api-key: YOURAPIKEY, Content-Type: application/json},
json={
email: user@example.com,
options: {code_size: 6},
signals: {ip: 203.0.113.42},
vendor_data: session-abc-123,
},
)
print(response.status_code, response.json())
typescript
const response = await fetch(https://verification.didit.me/v3/email/send/, {
method: POST,
headers: { x-api-key: YOURAPIKEY, Content-Type: application/json },
body: JSON.stringify({
email: user@example.com,
options: { code_size: 6 },
signals: { ip: 203.0.113.42 },
}),
});
响应(200 OK)
json
{
request_id: e39cb057-92fc-4b59-b84e-02fec29a0f24,
status: Success,
reason: null
}
状态值及处理
| 状态 | 含义 | 操作 |
|---|
| Success | 验证码已发送 | 继续 — 等待用户提供验证码,然后调用检查接口 |
| Retry |
临时投递问题 | 等待几秒后重试发送(最多重试 2 次) |
| Undeliverable | 邮箱无法接收邮件 | 告知用户邮箱无效或无法接收消息 |
错误响应
| 状态码 | 含义 | 操作 |
|---|
| 400 | 请求体或邮箱无效 | 检查邮箱格式和参数约束 |
| 401 |
API 密钥无效或缺失 | 验证 x-api-key 请求头 |
| 403 | 积分或权限不足 | 在业务控制台检查积分 |
| 429 | 请求频率受限 | 等待后重试 |
步骤 2:检查邮箱验证码
验证用户收到的验证码。必须在成功发送后调用。 可选自动拒绝风险邮箱。
请求
POST https://verification.didit.me/v3/email/check/
请求头
| 请求头 | 值 | 必需 |
|---|
| x-api-key | 您的 API 密钥 | 是 |
| Content-Type |
application/json |
是 |
请求体(JSON)
| 参数 | 类型 | 必需 | 默认值 | 值 | 描述 |
|---|
| email | 字符串 | 是 | — | 有效邮箱 | 步骤 1 中使用的相同邮箱 |
| code |
字符串 |
是 | — | 4-8 个字符 | 用户收到的验证码 |
| duplicated
emailaction | 字符串 | 否 | NO
ACTION | NOACTION / DECLINE | 如果邮箱已被其他用户验证则拒绝 |
| breached
emailaction | 字符串 | 否 | NO
ACTION | NOACTION / DECLINE | 如果邮箱在数据泄露中发现则拒绝 |
| disposable
emailaction | 字符串 | 否 | NO
ACTION | NOACTION / DECLINE | 如果邮箱是临时/一次性邮箱则拒绝 |
| undeliverable
emailaction | 字符串 | 否 | NO
ACTION | NOACTION / DECLINE | 如果邮箱无法投递则拒绝 |
策略说明: 当操作为 DECLINE 时,即使验证码正确,验证也会被拒绝。email.* 字段仍会填充,以便您检查原因。
示例
python
response = requests.post(
https://verification.didit.me/v3/email/check/,
headers={x-api-key: YOURAPIKEY, Content-Type: application/json},
json={
email: user@example.com,
code: 123456,
breachedemailaction: DECLINE,
disposableemailaction: DECLINE,
},
)
typescript
const response = await fetch(https://verification.didit.me/v3/email/check/, {
method: POST,
headers: { x-api-key: YOURAPIKEY, Content-Type: application/json },
body
