TypeScript Spam Protection API

Type-Safe Spam Protection. Zero Dependencies.

ActiveLayer gives your TypeScript project fully typed spam verdicts from a single REST API call. Complete type definitions, discriminated unions, and Zod schema validation. No CAPTCHAs. No client-side scripts. Just import, await, and ship with full IntelliSense.

Get Spam-Free Forms →

✓ Full type definitions included

✓ Millisecond response times

✓ 99.5%+ accuracy

✓ 1,000 checks free every month

Built by the same team whose software is trusted by 30,000,000+ websites worldwide.

Everything You Need for Type-Safe Spam Protection

Full IntelliSense. Compile-time safety. No runtime dependencies. One API that fits your TypeScript workflow.

Full Type Definitions

Complete TypeScript interfaces for every request and response. SpamCheckRequest, SpamVerdict, error types. Your editor knows every field before you type it.

Generic Types

Use generics to extend request and verdict types with your own metadata. `ActiveLayerCheck` lets you attach custom context while keeping the base types intact.

Discriminated Unions

Verdict types use discriminated unions so you can narrow responses with a simple `if` check. TypeScript knows exactly which fields exist on spam vs. clean verdicts.

Zod Schema Validation

Validate API responses at runtime with Zod schemas that mirror the TypeScript types. Parse incoming data with `spamVerdictSchema.parse()` for full type safety at the boundary.

tRPC Compatible

ActiveLayer works seamlessly inside tRPC procedures. Wrap the API call in your resolver, validate with Zod, and return typed results through your entire stack.

Millisecond Response

Spam verdicts return faster than your database queries. Your async handlers barely notice the added latency. Your users never see a delay.

Async/Await Native

One `await fetch()` call returns a fully typed `Promise`. No callbacks. No event emitters. Just modern async TypeScript.

Serverless Compatible

Works on Vercel, AWS Lambda, Deno Deploy, Bun, and any serverless runtime. No persistent connections or background processes required. Stateless by design.

Unlimited Sites and Apps

One API key works across every TypeScript project you build. No per-domain restrictions. No per-project licensing. One key, all your apps.

Three Steps. Full Type Safety. Spam Gone.

From signup to type-safe spam protection in under five minutes.

Get Your API Key

Create a free ActiveLayer account. Copy your API key from the dashboard. No credit card required. No approval process. You’re ready to integrate immediately.

Define Your Types and Call the API

Create your type definitions and a reusable spam check function. Full IntelliSense. Full compile-time safety. One file.

Use It Anywhere in Your TypeScript App

Call the function from any route handler, API endpoint, or server action. TypeScript knows the shape of every request and response. No guessing. No runtime surprises.

Why TypeScript Developers Choose ActiveLayer

The spam protection that speaks your type system’s language.

Full Type Definitions. Full IntelliSense. Zero Guessing.

Most spam APIs return `any` — you get back a blob of JSON, write type assertions, add null checks, and hope the shape doesn’t change next month. ActiveLayer gives you complete TypeScript interfaces: SpamCheckRequest defines exactly what you send, SpamVerdict defines exactly what you get back. Your editor autocompletes every field and your compiler catches every mistake. No `as unknown as`, no runtime surprises — just type-safe spam protection that fits how you already write TypeScript.

Faster Than Your Prisma Query. Built for Async TypeScript.

ActiveLayer returns spam verdicts in single-digit milliseconds — faster than most ORM calls — with no SDK to install and no transitive dependencies to audit. One `await checkSpam(data)` call against the single POST endpoint returns a fully typed verdict: confidence score, detection signals, and a clear boolean. Works with native fetch, axios, or any HTTP client. Your event loop stays unblocked and your TypeScript stays clean.

Runtime Validation That Matches Your Compile-Time Types.

Casting `response.json() as SpamVerdict` tells TypeScript to trust the data, but validates nothing at runtime. ActiveLayer’s response schema maps directly to a Zod schema: define `spamVerdictSchema` with `z.object()`, parse with `.parse()`, and if the shape ever changes, Zod throws at runtime instead of letting bad data propagate. Use the same schema in tRPC procedures, Next.js server actions, or NestJS DTOs — one source of truth for the shape of your spam verdicts.

Zero Frontend Dependencies. Zero Client-Side JavaScript.

reCAPTCHA loads 300KB+ of JavaScript into your frontend, breaks Next.js hydration, bloats your client bundle, and fights with TypeScript strict mode settings. ActiveLayer is a server-side API call — nothing loads in the browser, nothing renders on screen, nothing touches your frontend. You make one typed fetch call on the server, get a typed response, and handle it in your route. No `@types/recaptcha`, no ambient type declarations, no fighting with DefinitelyTyped.

Frequently Asked Questions

Common questions about using ActiveLayer with TypeScript.

Is there a dedicated TypeScript type definitions package?

ActiveLayer is a REST API with a consistent JSON schema. You define your own interfaces using the response schema from the documentation. This keeps your types in your codebase, under your control, with zero external dependencies. Copy the SpamCheckRequest and SpamVerdict interfaces from the docs and you’re done.

Does ActiveLayer support generic types for custom metadata?

Yes. The base SpamCheckRequest and SpamVerdict interfaces can be extended with generics to include your own metadata. For example, `interface ExtendedRequest extends SpamCheckRequest { metadata: T }` lets you attach project-specific context while keeping the core spam check fields typed.

Does ActiveLayer work with TypeScript strict mode?

Yes. The API response schema is designed to work cleanly with `strict: true` in your tsconfig.json. All fields have explicit types. No `any` types. No implicit `undefined`. The interfaces pass strictNullChecks, strictFunctionTypes, and every other strict mode flag without workarounds.

How do I validate API responses with Zod?

Define a Zod schema that mirrors the SpamVerdict interface: `z.object({ spam: z.boolean(), confidence: z.number(), signals: z.array(z.string()), detection_id: z.string() })`. Parse the API response with `.parse()` or `.safeParse()` for runtime validation that matches your compile-time types. This is especially useful at API boundaries in tRPC and Next.js server actions.

Is ActiveLayer compatible with tRPC?

Yes. Wrap the ActiveLayer API call inside a tRPC procedure. Use Zod schemas for input validation and the SpamVerdict schema for output validation. The typed response flows through your entire tRPC stack from server to client without any type assertions or manual casting.

Does ActiveLayer work with NestJS and Next.js?

Yes. ActiveLayer works with any TypeScript framework. For NestJS-specific patterns like guards, interceptors, and DTOs, see the [NestJS integration guide]. For Next.js server actions, API routes, and middleware patterns, see the [Next.js integration guide]. The core API call is identical across all frameworks.

What happens if the ActiveLayer API is unreachable?

Wrap your API call in a try/catch. If the request fails or times out, let the submission through. Your app never breaks because of spam protection. Use AbortController with a timeout for additional safety. TypeScript’s error narrowing helps you handle different failure modes cleanly.

Is there a free plan?

Yes. 1,000 spam checks per month. No credit card required. Full API access with no feature restrictions. When you need more, upgrade to Pro at $19/month for 25,000 checks.