/api/check
Score any domain, email, phone, or IBAN for fraud risk.
POST https://kairoscheck.net/api/check
Authentication
Pass your API key as a Bearer token in the Authorization header:
Authorization: Bearer kc_live_YOUR_KEY_HERERequest body
Send application/json. At least one field is required.
| Field | Type | Description |
|---|---|---|
domain | string | Domain name to score. e.g. suspicious-shop.io |
email | string | Email address to score. |
phone | string | Phone number (any format). e.g. +351912345678 |
iban | string | IBAN to score. e.g. PT50 0002 0123 1234 5678 9015 4 |
region | object | Optional. {"country": "PT"}. Defaults to EU. |
Response — 200 OK
{
"score": 72, // 0–100, higher = more suspicious
"verdict": "block", // "allow" | "review" | "block"
"signals": [ // reasons driving the score
"Domain registered 3 days ago",
"Matches known phishing pattern"
],
"dominant_threat": "phishing", // primary threat category or null
"type": "domain", // which field was scored
"query": "suspicious-shop.io",
"timestamp": "2026-05-10T12:00:00.000Z",
"ref": "a1b2c3d4" // unique reference ID for audit
}Verdict thresholds
| Verdict | Score range | Recommended action |
|---|---|---|
allow | 0–39 | Proceed normally. |
review | 40–69 | Queue for manual review or add friction. |
block | 70–100 | Reject or escalate. |
Error responses
| Status | Body | Cause |
|---|---|---|
400 | {"error": "Provide at least one of: domain, phone, iban, email"} | No scorable field provided. |
401 | {"error": "Invalid API key"} | Key missing, malformed, revoked, or cancelled. |
429 | {"error": "Monthly quota exceeded. Resets on 2026-06-01", "reset_at": "..."} | Monthly quota exhausted. |
500 | {"error": "An error occurred.", "ref": "..."} | Internal error. Use ref to contact support. |
Quota headers
Quota is enforced monthly per API key. Check the response body on 429 for reset_at. To see your current usage, count your requests since the 1st of the current month using your own logs — or contact support with your key preview.
GDPR note
Under GDPR Art. 22, automated scoring must not be the sole basis for decisions affecting individuals. Kairos Check scores are informational. Your application must maintain human oversight for decisions with significant impact.
Examples
Score an email
curl -X POST https://kairoscheck.net/api/check \
-H "Authorization: Bearer kc_live_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{"email": "winner@lottery-claim-now.io"}'Score a phone number
curl -X POST https://kairoscheck.net/api/check \
-H "Authorization: Bearer kc_live_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{"phone": "+351910000000", "region": {"country": "PT"}}'