Classify spam programmatically — no Turnstile, no browser required. 50 checks/day free.
⚠ Save it now — shown once and not stored in plaintext. Add it as X-API-Key header.
No key? You can still call the API without one — IP-limited to 15 checks/day. Pass X-API-Key to get 50/day and skip Turnstile.
curl -s https://isitaspam.com/api/check \
-H "Content-Type: application/json" \
-H "X-API-Key: varta_YOUR_KEY" \
-d '{"text":"Earn $5000/week from home! Click now: bit.ly/abc123"}' \
| jq '.verdict, .confidence, .what_to_do'
Response:
{
"slug": "a1b2c3d4",
"url": "https://isitaspam.com/check/a1b2c3d4",
"verdict": "DANGEROUS",
"confidence": 0.97,
"category": "financial_scam",
"signals": ["urgency_language", "income_claim", "suspicious_url"],
"red_flags": ["Unrealistic income claim ($5000/week)", "Shortened URL hides real destination"],
"what_to_do": "Delete message and ban sender. This is a financial scam.",
"language": "en",
"meta": {"cache_hit": "miss", "elapsed_ms": 2840, "escalated": false}
}
const res = await fetch("https://isitaspam.com/api/check", {
method: "POST",
headers: {
"Content-Type": "application/json",
"X-API-Key": process.env.ISITASPAM_KEY ?? "",
},
body: JSON.stringify({ text: messageText }),
});
const result = await res.json();
// result.verdict: "SAFE" | "SUSPICIOUS" | "DANGEROUS"
// result.confidence: 0.0 – 1.0
// result.what_to_do: plain-language recommended action
import os, requests
r = requests.post(
"https://isitaspam.com/api/check",
headers={"X-API-Key": os.environ["ISITASPAM_KEY"]},
json={"text": message_text},
timeout=10,
)
r.raise_for_status()
result = r.json()
print(result["verdict"], result["confidence"]) # "DANGEROUS" 0.97
Counters reset at UTC midnight. Every response includes:
| Header | Description |
|---|---|
X-RateLimit-Limit | Your daily quota |
X-RateLimit-Remaining | Checks left today |
X-RateLimit-Reset | Unix timestamp when quota resets |
Retry-After | Seconds to wait (only on 429) |
| Status | error code | Cause |
|---|---|---|
| 400 | invalid_json | Request body is not valid JSON |
| 400 | text_too_long | Text exceeds 5,000 characters |
| 400 | invalid_input | No text provided |
| 401 | invalid_api_key | X-API-Key header not recognized |
| 403 | turnstile_failed | Browser Turnstile check failed (not applicable when using X-API-Key) |
| 429 | rate_limit_exceeded | Daily/hourly/minute cap hit. Check Retry-After and reason field |
| 503 | service_paused | Daily AI budget exhausted — retries at UTC midnight |
Your higher limit activates automatically after checkout — use the same email as your API key. Annual plans available on request via daryna@getvarta.com.
p95 ~3s (LLM classification path), ~30ms (cache hit for repeated text).
Use on join-request queues or async moderation flows — not per-message hot paths at >10 msg/s.
Machine-readable spec: isitaspam.com/openapi.yaml (OpenAPI 3.1)
claude mcp add varta \
--transport sse \
https://mcp.getvarta.com/sse \
--header "Authorization: Bearer varta_YOUR_KEY"
Three tools: check_spam_text, get_spam_stats, get_spam_examples. Your API key (above) works as the Bearer token.
Free API keys are for non-commercial and low-volume commercial use. You must attribute "Powered by isitaspam.com" in any user-facing output that displays a verdict. Don't resell raw API access. See full Terms of Service.