Arcjet Email Validation
Validates email addresses for syntax, deliverability, disposable and no-MX-record domains, and free providers, used to block fake or fraudulent signups. Invoked through the SDK against the Decide service.
OpenAPI Specification
openapi: 3.0.1
info:
title: Arcjet Decide API
description: >-
Conservative HTTP/JSON modeling of the Arcjet Decide service - the
Connect/gRPC (protobuf) decision API that the Arcjet SDK calls at
decide.arcjet.com.
TRANSPORT NOTE: Arcjet is SDK-first. The underlying service is
proto.decide.v1alpha1.DecideService, exposed over ConnectRPC, which speaks
gRPC over HTTP/2 and also accepts an HTTP/1.1 + JSON POST fallback to the
same RPC paths. This document models the two RPC methods (Decide and Report)
as the Connect HTTP/JSON POST endpoints. It is NOT a hand-written public REST
API - Arcjet does not publish a public REST reference for the decision
service, and the SDK (Node.js, Next.js, Bun, Deno, SvelteKit, NestJS, Remix,
Astro, React Router, Fastify, Python) is the supported interface. Paths and
schemas here are kept minimal and mapped to the real protobuf surface rather
than fabricated. A separate dashboard/management REST API exists at
api.arcjet.com but is not public; it is out of scope for this document.
contact:
name: Arcjet Support
url: https://docs.arcjet.com
version: v1alpha1
servers:
- url: https://decide.arcjet.com
description: Arcjet Decide service (Connect/gRPC; HTTP/JSON fallback shown here)
paths:
/proto.decide.v1alpha1.DecideService/Decide:
post:
operationId: decide
tags:
- Decide
summary: Make a security decision for a request.
description: >-
Connect RPC Decide method. The SDK sends request details and the
configured rules; the service returns a decision (ALLOW, DENY,
CHALLENGE, or ERROR) with the reason. Over native ConnectRPC this is a
gRPC/HTTP-2 call; the equivalent HTTP/1.1 + JSON POST is shown here.
Authentication is the Arcjet site key sent by the SDK.
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/DecideRequest'
responses:
'200':
description: A security decision.
content:
application/json:
schema:
$ref: '#/components/schemas/DecideResponse'
/proto.decide.v1alpha1.DecideService/Report:
post:
operationId: report
tags:
- Report
summary: Report a decision made locally by the SDK.
description: >-
Connect RPC Report method. When the SDK reaches a decision locally in
its WebAssembly module, it asynchronously reports that decision to
Arcjet for dashboard visibility and state. Over native ConnectRPC this
is a gRPC/HTTP-2 call; the equivalent HTTP/1.1 + JSON POST is shown here.
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ReportRequest'
responses:
'200':
description: Report acknowledgement.
content:
application/json:
schema:
$ref: '#/components/schemas/ReportResponse'
components:
securitySchemes:
arcjetKey:
type: apiKey
in: header
name: Authorization
description: Arcjet site key, supplied by the SDK from the ARCJET_KEY environment variable.
schemas:
DecideRequest:
type: object
description: Maps to proto.decide.v1alpha1.DecideRequest.
properties:
sdkStack:
type: string
description: SDK platform identifier (e.g. NODEJS, NEXTJS, BUN, PYTHON).
sdkVersion:
type: string
characteristics:
type: array
description: Fingerprinting attributes used to key rules (e.g. ip.src, http.request.headers["x-api-key"]).
items:
type: string
details:
$ref: '#/components/schemas/RequestDetails'
rules:
type: array
description: Security rules to evaluate (rate limit, bot, email, sensitive info, shield).
items:
type: object
RequestDetails:
type: object
description: Details of the request under evaluation.
properties:
ip:
type: string
method:
type: string
protocol:
type: string
host:
type: string
path:
type: string
headers:
type: object
additionalProperties:
type: string
cookies:
type: string
query:
type: string
email:
type: string
body:
type: string
DecideResponse:
type: object
description: Maps to proto.decide.v1alpha1.DecideResponse.
properties:
decision:
$ref: '#/components/schemas/Decision'
extra:
type: object
additionalProperties:
type: string
ReportRequest:
type: object
description: Maps to proto.decide.v1alpha1.ReportRequest; mirrors DecideRequest plus the decision already taken.
properties:
sdkStack:
type: string
sdkVersion:
type: string
details:
$ref: '#/components/schemas/RequestDetails'
decision:
$ref: '#/components/schemas/Decision'
rules:
type: array
items:
type: object
ReportResponse:
type: object
properties:
extra:
type: object
additionalProperties:
type: string
Decision:
type: object
properties:
id:
type: string
conclusion:
type: string
enum:
- ALLOW
- DENY
- CHALLENGE
- ERROR
reason:
type: object
description: Discriminated reason (rate limit, bot, email, sensitive info, shield, error).
ttl:
type: integer
ipDetails:
type: object
description: Geo and network intelligence (city, country, ASN, VPN/proxy/Tor indicators).
ruleResults:
type: array
items:
type: object
security:
- arcjetKey: []