REST API Spam Protection

One API Call. Spam Solved.

Send a POST request with the content, email, and IP. Get back a spam verdict with confidence score and detection signals in milliseconds. Works with any language, any framework, any platform. No CAPTCHAs. No client-side scripts. No SDKs required.

Get Spam-Free Forms →

✓ 12ms average response time

✓ 99.5%+ detection accuracy

✓ Works with any language or framework

✓ 1,000 checks free every month

Built by the same team whose software is trusted by 30,000,000+ websites worldwide.

Everything You Need to Stop Spam via REST API

A complete spam detection API with transparent scoring, batch processing, and webhooks. No SDKs to install. No vendor lock-in. Standard REST.

Single REST Endpoint

One POST to `api.activelayer.ai/v1/check`. Send JSON, receive JSON. Works with cURL, fetch, requests, HttpClient, or any HTTP library in any language.

Bearer Token Authentication

Secure API key authentication via standard Authorization header. Generate keys from your dashboard. Rotate them anytime. No OAuth complexity. No session management.

Confidence Scores

Every response includes a confidence score from 0 to 1. Set your own threshold. Block at 0.9 for strict filtering. Flag at 0.7 for manual review. Your rules, your logic.

Detection Signals

Every verdict comes with an array of human-readable signals explaining why content was flagged. Promotional content, suspicious URLs, disposable emails, known spam patterns. Full transparency.

Batch Endpoint

Process up to 100 items in a single request with `POST /v1/check/batch`. Ideal for bulk moderation, backlog cleanup, or migrating from another provider. One call, 100 verdicts.

Feedback API

Report false positives and false negatives with `POST /v1/feedback`. Your corrections train the model for your specific use case. The more feedback you send, the smarter your detection gets.

Webhook Notifications

Configure webhooks to receive real-time notifications when detection patterns change or when your usage approaches plan limits. Push, not poll.

Rate Limit Headers

Every response includes `X-RateLimit-Remaining` and `X-RateLimit-Reset` headers. Build intelligent throttling into your application. No guessing. No surprise 429s.

12ms Average Response

Spam verdicts return faster than most database queries. Your users never notice the check. Your API stays fast. Your throughput stays high.

Three Steps. One Endpoint. Any Language.

From API key to spam-free in under five minutes. No SDKs. No dependencies. Just HTTP.

Get Your API Key

Create a free ActiveLayer account. Copy your API key from the dashboard. No credit card required. No approval process. Your key works immediately with full API access.

Send a POST Request

Make a single POST request to the check endpoint. Pass the content, email, and IP address as JSON. Use any HTTP client in any language. Here it is with cURL:

Get Your Verdict

ActiveLayer returns a JSON response with a clear spam/not-spam verdict, a confidence score, human-readable detection signals, and the response time. Use these fields to block, flag, or allow the submission.

Why Developers Choose a REST API Over CAPTCHAs

The spam protection approach that fits how you already build.

You Pick the Stack. ActiveLayer Works With It.

Every other spam protection tool locks you into a specific ecosystem — reCAPTCHA needs a JavaScript widget, Akismet has SDKs for only a handful of languages. ActiveLayer is a single REST endpoint: if your language can send an HTTP POST and parse JSON, you’re integrated. No SDK versioning issues, no framework-specific adapters. You make an HTTP request; you get a JSON response.

Nothing in the Browser. Nothing for Bots to Bypass.

CAPTCHAs live in the browser, which means bots can study them, farms can solve them, and your users have to suffer through them. ActiveLayer runs entirely server-side — your backend calls ActiveLayer and returns a response, and the browser never knows spam protection exists. No JavaScript to load, no widget to render, no cookie consent requirement. Bots can’t bypass what they can’t see.

Know Exactly Why Every Submission Was Flagged.

Most spam filters give you a binary yes or no. ActiveLayer gives you the full picture: every response includes a confidence score from 0 to 1 and an array of detection signals explaining exactly what triggered the verdict — “promotional_content,” “disposable_email,” “tor_exit_node.” Set different thresholds for different endpoints: block at 0.95 for signups, flag for review at 0.7 for comments. Your API, your logic, your thresholds.

99.9% Uptime SLA. Rate Limit Headers. Batch Processing.

ActiveLayer is built by Awesome Motive, the team behind software trusted by 30,000,000+ websites. The API returns rate limit headers with every response, the batch endpoint processes up to 100 items per request, the feedback API lets you report false positives, and webhooks notify you when usage approaches plan limits. Standard HTTP status codes, REST conventions, and request IDs for debugging throughout. This isn’t a weekend project wrapped in an API — it’s infrastructure you can build on.

Frequently Asked Questions

Common questions about using the ActiveLayer REST API for spam protection.

What are the API rate limits?

Free plan includes 1,000 checks per month. Pro plan ($19/month) includes 25,000 checks per month. Every API response includes `X-RateLimit-Remaining` and `X-RateLimit-Reset` headers so you can monitor usage in real time. If you exceed your limit, the API returns a 429 status code. No surprise charges.

What is the uptime SLA?

ActiveLayer targets 99.9% uptime. The API runs on distributed infrastructure with automatic failover. You can check current status and historical uptime at the status page. We recommend wrapping your API call in a try/catch so your application gracefully handles the rare case when the API is unreachable.

How does authentication work?

Standard Bearer token authentication. Include your API key in the Authorization header: `Authorization: Bearer YOUR_API_KEY`. Generate and rotate keys from your dashboard. Each key has full API access. No OAuth flows, no token refresh, no session management.

Does the API support batch processing?

Yes. Send up to 100 items in a single request to `POST /v1/check/batch`. Each item in the array gets its own spam verdict, confidence score, and detection signals. Batch processing is ideal for moderating backlogs, migrating from another provider, or processing bulk imports.

Can I receive webhook notifications?

Yes. Configure webhook URLs from your dashboard. ActiveLayer sends notifications when your usage approaches plan limits, when detection patterns change significantly, or when batch processing jobs complete. All webhook payloads are signed for verification.

Do I need to install an SDK?

No. ActiveLayer is a standard REST API. Use any HTTP client in any programming language. cURL, fetch, requests, HttpClient, Faraday, http.Client — whatever you already use. The API accepts JSON and returns JSON. No SDK to install, maintain, or update. No dependency to audit.

How does ActiveLayer handle data retention and GDPR?

Submission data is processed in real time and not stored permanently. Detection IDs are retained for 30 days to support the feedback API. You can request deletion of any data associated with your account at any time. ActiveLayer is designed to be GDPR-compatible. No personal data is sold or shared with third parties.

What endpoints are available?

The API includes four endpoints. `POST /v1/check` for single spam checks. `POST /v1/check/batch` for processing up to 100 items at once. `POST /v1/feedback` for reporting false positives and negatives. `GET /v1/usage` for checking your current plan usage and limits. Full documentation is available in the API reference.