Spam Protection REST API
The Spam Protection API That Just Works
One REST call. Millisecond response. Full verdict with confidence score and detection signals. ActiveLayer gives you server-side spam protection with zero client-side dependencies, so you ship faster and your users never see a CAPTCHA.
✓ Zero CAPTCHAs
✓ 60-120ms response time
✓ REST API with JSON
✓ Unlimited sites on every plan
Built by the same team whose software is trusted by 30,000,000+ websites worldwide.
Everything You Need From a Spam Protection API
No client-side widgets. No JavaScript embeds. No visitor tracking. Just a clean REST API that returns a verdict in milliseconds.
Clean REST API
Standard REST endpoints with JSON request and response bodies. No SOAP, no XML, no GraphQL complexity. Send a POST, get a verdict. That’s it.
JSON Request/Response
Submit form content as a JSON payload. Receive a structured JSON response with verdict, confidence score, detection signals, and execution time. Parse it in any language.
API Key Authentication
Simple bearer token auth with your API key. One key per account. Rotate keys from your dashboard. No OAuth flows, no token refresh, no session management.
Confidence Scores
Every verdict includes a confidence score from 0.0 to 1.0. Set your own threshold to control sensitivity. Block at 0.8 for aggressive filtering or 0.95 for conservative. You decide.
Detection Signals
Every response includes an array of detection signals explaining exactly why a submission was flagged. Content patterns, sender reputation, linguistic indicators. Full transparency. Zero black boxes.
Feedback Loop
Correct false positives and false negatives with a simple POST to the feedback endpoint. ActiveLayer’s AI learns from your corrections and improves detection for your specific content patterns over time.
Webhooks
Configure webhook URLs in your dashboard to receive real-time notifications when spam is detected, when verdicts change, or when feedback is processed. Push, not poll.
Rate Limiting
Generous rate limits on every plan. Standard headers (X-RateLimit-Remaining, X-RateLimit-Reset) so your code handles limits gracefully. Free plan: 1,000 checks/month. Pro: 25,000. Agency: 100,000.
Batch Processing
Check multiple submissions in a single API call with the batch endpoint. Reduce HTTP overhead for high-volume applications. Each item in the batch gets its own verdict, confidence score, and signals.
Three Steps. One API Call. Spam Solved.
Your server sends a request. ActiveLayer returns a verdict. Your app acts on it. The entire round trip takes milliseconds.
1
Send a POST Request
Your server sends the submission content to ActiveLayer’s check endpoint. Include the form text, email address, and any metadata you want analyzed. That’s the entire integration.
2
Receive the Full Verdict
ActiveLayer’s AI analyzes content patterns, sender reputation, linguistic signals, and behavioral indicators. You get back a structured JSON response with everything you need to make a decision.
3
Act on the Verdict
Your application decides what to do. Block spam submissions, quarantine for review, log the verdict, or pass clean submissions through. You’re in full control.
Your Forms Never Break. Not Even If We Go Down.
Clean API design. Transparent verdicts. No client-side baggage. Here’s what makes ActiveLayer different.
Your Frontend Stays Clean. Your Pages Stay Fast.
Most spam protection services force you to embed JavaScript widgets or render CAPTCHA challenges in the browser — extra HTTP requests, render-blocking scripts, degraded Core Web Vitals, and privacy compliance headaches. ActiveLayer works entirely server-side: your frontend never loads a single script, cookie, or tracking pixel from ActiveLayer. Your Lighthouse score stays intact, your GDPR posture stays clean, and your users submit forms and move on.
Know Exactly Why a Submission Was Flagged
Other spam APIs return a binary yes/no or an opaque score with zero explanation — a legitimate customer gets blocked and you have no idea why. ActiveLayer returns detection signals with every verdict: promotional content, suspicious link patterns, low sender reputation, obfuscated URLs. Every decision is auditable and every false positive is explainable. Set confidence thresholds that match your risk tolerance, route medium-confidence submissions to review, and log signals for compliance audits.
Faster Than Your Database Query
ActiveLayer returns verdicts in 60–120ms on average — faster than a typical database write — so your form submission flow adds near-zero latency. For high-volume applications, it maintains sub-200ms response times at the 99th percentile: no cold starts, no variable latency spikes. Predictable performance you can build on.
Your Forms Never Break. Not Even If We Go Down.
If your spam protection API has an outage and your integration doesn’t handle it gracefully, your forms break and real leads are lost. ActiveLayer is designed for safe degradation: HTTP 5xx responses and timeouts mean “let it through” — a design principle baked into the API’s contract and documented in every code example. Your forms keep working when the API is unavailable. You stay protected when it’s up, and unblocked when it’s not.
Frequently Asked Questions
Technical details for developers evaluating ActiveLayer’s spam protection API.
Rate limits depend on your plan. Free: 1,000 checks per month. Pro ($19/month): 25,000 checks. Agency ($49/month): 100,000 checks. Enterprise ($149/month): custom limits. Every API response includes standard rate limit headers (X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset) so your application handles limits gracefully. If you exceed your limit, the API returns HTTP 429 with a Retry-After header.
ActiveLayer returns verdicts in 60-120ms on average. The 99th percentile response time is under 200ms. For enterprise plans, we offer a contractual latency SLA with monitoring and credits. All plans benefit from the same infrastructure and response times.
Bearer token authentication. Include your API key in the Authorization header: `Authorization: Bearer your_api_key`. One API key per account. You can rotate keys from your dashboard at any time. No OAuth flows, no token refresh, no session management required.
ActiveLayer processes submission content to return a verdict and stores detection metadata (verdict, confidence, signals, detection ID) for 90 days to support the feedback loop and audit trails. Raw submission content is not stored after processing. You can request deletion of all data associated with your account at any time. Full details are in our Privacy Policy and Data Processing Agreement.
Yes. ActiveLayer processes data server-side only. No cookies, no browser fingerprinting, no client-side tracking. You control what data you send in the API request. We provide a Data Processing Agreement (DPA) for customers who need one. ActiveLayer does not transfer data to third parties for advertising or profiling purposes.
ActiveLayer targets 99.9% uptime across all plans. Enterprise plans include a contractual SLA with uptime credits. Current uptime is published on our status page. Even during downtime, your forms keep working because the recommended integration pattern passes submissions through when the API is unreachable.
ActiveLayer provides a WordPress plugin with native integrations for 9+ form plugins. For other platforms, the API is a standard REST endpoint that works with any HTTP client in any language. We publish copy-paste integration examples for cURL, Node.js, Python, PHP, Laravel, Next.js, and Express. Community SDKs are listed in the documentation. The API is simple enough that most developers integrate without an SDK.
Yes. The batch endpoint (POST /v1/batch) accepts an array of submissions in a single request. Each item gets its own verdict, confidence score, and detection signals. Batch processing reduces HTTP overhead and is ideal for importing historical data, processing queued submissions, or checking multiple items simultaneously. Batch limits depend on your plan.