Developer API

Classify spam programmatically — no Turnstile, no browser required. 50 checks/day free.

Get a free API key

⚠ Save it now — shown once and not stored in plaintext. Add it as X-API-Key header.

No key? You can still call the API without one — IP-limited to 15 checks/day. Pass X-API-Key to get 50/day and skip Turnstile.

Quick start

curl -s https://isitaspam.com/api/check \
  -H "Content-Type: application/json" \
  -H "X-API-Key: varta_YOUR_KEY" \
  -d '{"text":"Earn $5000/week from home! Click now: bit.ly/abc123"}' \
  | jq '.verdict, .confidence, .what_to_do'

Response:

{
  "slug": "a1b2c3d4",
  "url": "https://isitaspam.com/check/a1b2c3d4",
  "verdict": "DANGEROUS",
  "confidence": 0.97,
  "category": "financial_scam",
  "signals": ["urgency_language", "income_claim", "suspicious_url"],
  "red_flags": ["Unrealistic income claim ($5000/week)", "Shortened URL hides real destination"],
  "what_to_do": "Delete message and ban sender. This is a financial scam.",
  "language": "en",
  "meta": {"cache_hit": "miss", "elapsed_ms": 2840, "escalated": false}
}

TypeScript / Fetch

const res = await fetch("https://isitaspam.com/api/check", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "X-API-Key": process.env.ISITASPAM_KEY ?? "",
  },
  body: JSON.stringify({ text: messageText }),
});
const result = await res.json();
// result.verdict: "SAFE" | "SUSPICIOUS" | "DANGEROUS"
// result.confidence: 0.0 – 1.0
// result.what_to_do: plain-language recommended action

Python

import os, requests

r = requests.post(
    "https://isitaspam.com/api/check",
    headers={"X-API-Key": os.environ["ISITASPAM_KEY"]},
    json={"text": message_text},
    timeout=10,
)
r.raise_for_status()
result = r.json()
print(result["verdict"], result["confidence"])  # "DANGEROUS" 0.97

Rate limits & headers

Counters reset at UTC midnight. Every response includes:

HeaderDescription
X-RateLimit-LimitYour daily quota
X-RateLimit-RemainingChecks left today
X-RateLimit-ResetUnix timestamp when quota resets
Retry-AfterSeconds to wait (only on 429)

Error reference

Statuserror codeCause
400invalid_jsonRequest body is not valid JSON
400text_too_longText exceeds 5,000 characters
400invalid_inputNo text provided
401invalid_api_keyX-API-Key header not recognized
403turnstile_failedBrowser Turnstile check failed (not applicable when using X-API-Key)
429rate_limit_exceededDaily/hourly/minute cap hit. Check Retry-After and reason field
503service_pausedDaily AI budget exhausted — retries at UTC midnight

Pricing

Free key FREE
$0 /forever
50 checks/day
No Turnstile
Get key above ↑
Micro PAID
$5 /mo
300 checks/day
No Turnstile
Subscribe →
Starter PAID
$19 /mo
2,000 checks/day
No Turnstile
Subscribe →
Pro PAID
$49 /mo
10,000 checks/day
No Turnstile
Subscribe →

Your higher limit activates automatically after checkout — use the same email as your API key. Annual plans available on request via daryna@getvarta.com.

Latency

p95 ~3s (LLM classification path), ~30ms (cache hit for repeated text).
Use on join-request queues or async moderation flows — not per-message hot paths at >10 msg/s.

OpenAPI spec

Machine-readable spec: isitaspam.com/openapi.yaml (OpenAPI 3.1)

MCP server (Claude Code / Cursor)

claude mcp add varta \
  --transport sse \
  https://mcp.getvarta.com/sse \
  --header "Authorization: Bearer varta_YOUR_KEY"

Three tools: check_spam_text, get_spam_stats, get_spam_examples. Your API key (above) works as the Bearer token.

Terms & attribution

Free API keys are for non-commercial and low-volume commercial use. You must attribute "Powered by isitaspam.com" in any user-facing output that displays a verdict. Don't resell raw API access. See full Terms of Service.