APIFoxGuard Widget

FoxGuard Widget

/v1/widget·5 endpoints

Drop-in real-time email validation for any HTML form. Add two script tags before </head> — FoxGuard auto-discovers every [type="email"] input and validates as the user types. No backend changes. Supports a free public tier (4 req/day) and unlimited with an API key.

Guide

Quick Setup

Add the script tag and call Verifox.init() before </head> on every page that has email inputs. The widget auto-attaches to all [type="email"] inputs on page load, and watches for dynamically added inputs via MutationObserver. No data-* attributes required — just include the script.

Verifox.init() Options

Parameter	Type	Required	Description
`apiKey`	`string`	Optional · undefined	Your FoxGuard widget API key. Without a key, falls back to the public tier (4 verifications/day per device). Get yours at verifox.ai/dashboard/foxguard.
`selector`	`string`	Optional · "[type=\"email\"]"	CSS selector targeting the email inputs to protect. Supports any valid CSS selector — multiple with commas.
`blockDisposable`	`boolean`	Optional · true	Reject throwaway / temporary email services (Mailinator, Guerrilla Mail, 10MinuteMail, and 10,000+ others).
`blockFree`	`boolean`	Optional · false	Reject free consumer email providers: Gmail, Yahoo, Outlook, Hotmail, iCloud, etc. Use for B2B sign-up forms that require work emails.
`redHighlight`	`boolean`	Optional · true	Apply a red border and light red background to the input field when validation fails. Matches the field's existing border-radius.
`showTooltip`	`boolean`	Optional · true	Render a tooltip message directly below the email input on validation failure (or success if messages.valid is set).
`lang`	`"en" \| "it" \| "es" \| "fr" \| "de"`	Optional · "en"	Language for the built-in default messages. Ignored if you provide custom messages.* values.
`messages.disposable`	`string`	Optional · "Disposable emails are not allowed"	Custom tooltip copy shown when a disposable email is detected and blockDisposable is true.
`messages.free`	`string`	Optional · "Please use a work email address"	Custom tooltip copy shown when a free provider is detected and blockFree is true.
`messages.valid`	`string`	Optional · undefined	Optional success message shown below the input when the email passes all checks. Leave empty to show nothing on success.
`messages.warning`	`string`	Optional · undefined	Shown for catch-all or risky emails that pass but may have deliverability issues.
`onValid`	`(e: { email: string; result: object }) => void`	Optional · undefined	Callback fired when an email passes all validation checks. Use to unlock form submit or show custom UI.
`onInvalid`	`(e: { email: string; reason: string; result: object }) => void`	Optional · undefined	Callback fired when an email is blocked. reason is one of: 'disposable' \| 'free' \| 'invalid'. Use to disable form submit.
`onWarning`	`(e: { email: string; result: object }) => void`	Optional · undefined	Callback fired for risky emails that are not outright blocked (catch-all, role accounts).

apiKeystringopt

Your FoxGuard widget API key. Without a key, falls back to the public tier (4 verifications/day per device). Get yours at verifox.ai/dashboard/foxguard.

selectorstringopt

CSS selector targeting the email inputs to protect. Supports any valid CSS selector — multiple with commas.

blockDisposablebooleanopt

Reject throwaway / temporary email services (Mailinator, Guerrilla Mail, 10MinuteMail, and 10,000+ others).

blockFreebooleanopt

Reject free consumer email providers: Gmail, Yahoo, Outlook, Hotmail, iCloud, etc. Use for B2B sign-up forms that require work emails.

redHighlightbooleanopt

Apply a red border and light red background to the input field when validation fails. Matches the field's existing border-radius.

showTooltipbooleanopt

Render a tooltip message directly below the email input on validation failure (or success if messages.valid is set).

lang"en" | "it" | "es" | "fr" | "de"opt

Language for the built-in default messages. Ignored if you provide custom messages.* values.

messages.disposablestringopt

Custom tooltip copy shown when a disposable email is detected and blockDisposable is true.

messages.freestringopt

Custom tooltip copy shown when a free provider is detected and blockFree is true.

messages.validstringopt

Optional success message shown below the input when the email passes all checks. Leave empty to show nothing on success.

messages.warningstringopt

Shown for catch-all or risky emails that pass but may have deliverability issues.

onValid(e: { email: string; result: object }) => voidopt

Callback fired when an email passes all validation checks. Use to unlock form submit or show custom UI.

onInvalid(e: { email: string; reason: string; result: object }) => voidopt

Callback fired when an email is blocked. reason is one of: 'disposable' | 'free' | 'invalid'. Use to disable form submit.

onWarning(e: { email: string; result: object }) => voidopt

Callback fired for risky emails that are not outright blocked (catch-all, role accounts).

Request

<!-- 1. Load the widget script -->
<script src="https://api.verifox.ai/v1/widget/widget.js"></script>

<!-- 2. Initialize with your config -->
<script>
  Verifox.init({
    apiKey: "vfx_your_widget_key",
    blockDisposable: true,
    blockFree: false,
    showTooltip: true,
    redHighlight: true,
    lang: "en",
    messages: {
      disposable: "Disposable emails are not allowed.",
      free: "Please use a work email address.",
      valid: "Email looks good!",
      warning: "This email may not be deliverable."
    },
    onValid: function(e) { console.log("valid", e.email); },
    onInvalid: function(e) { console.log("blocked", e.email, e.reason); }
  });
</script>

Response

// widget.js returns the FoxGuard JavaScript SDK.
// Once loaded, window.Verifox is available with these methods:

Verifox.init(options)      // Initialize — call once on page load
Verifox.reattach()         // Re-scan DOM for new inputs (SPA use)
Verifox.validate(email)    // Manually validate an email string
Verifox.destroy()          // Remove all listeners and tooltips

Guide

Input Targeting & Per-Field Overrides

By default FoxGuard protects every [type="email"] input on the page. You can target specific inputs with the selector option, or override behavior per-input using data-verifox-* HTML attributes. Per-field attributes take priority over global init() config.

No parameters

Request

<!-- Protect only the signup form's email input -->
<script>
  Verifox.init({
    apiKey: "vfx_your_widget_key",
    selector: "#signup-form input[type='email']"
  });
</script>

Response

// data-verifox-* attribute reference:

data-verifox-ignore="true"               // Skip this input entirely
data-verifox-block-disposable="true|false"  // Override blockDisposable
data-verifox-block-free="true|false"        // Override blockFree
data-verifox-red-highlight="true|false"     // Override redHighlight
data-verifox-show-tooltip="true|false"      // Override showTooltip
data-verifox-msg-disposable="..."           // Override disposable message
data-verifox-msg-free="..."                 // Override free-email message
data-verifox-msg-valid="..."               // Override valid message
data-verifox-msg-warning="..."             // Override warning message

Guide

Blocking Form Submission

FoxGuard validates as the user types but does not automatically block form submission. Use the onInvalid callback or check the data-verifox-status attribute to prevent submits. This gives you full control over UX — block silently, show a modal, or just warn.

No parameters

Request

const form = document.getElementById("signup-form");
const emailInput = document.getElementById("email");

Verifox.init({
  apiKey: "vfx_your_widget_key",
  blockDisposable: true,
  blockFree: true,
  onInvalid: function({ email, reason }) {
    // Mark the input as blocked
    emailInput.dataset.verifoxBlocked = "true";
  },
  onValid: function({ email }) {
    delete emailInput.dataset.verifoxBlocked;
  }
});

form.addEventListener("submit", function(e) {
  // Check data attribute set by widget
  if (emailInput.dataset.verifoxStatus === "invalid") {
    e.preventDefault();
    alert("Please enter a valid work email.");
    return;
  }

  // Or check the blocked flag you set in onInvalid
  if (emailInput.dataset.verifoxBlocked === "true") {
    e.preventDefault();
  }
});

Response

// After validation, FoxGuard sets these attributes on the input element:

data-verifox-status="valid"     // Email passed all checks
data-verifox-status="invalid"   // Email was blocked (disposable/free/unreachable)
data-verifox-status="warning"   // Email is risky but not blocked
data-verifox-status="pending"   // Validation in progress

// The reason string passed to onInvalid:
"disposable"   // Matched a known disposable provider
"free"         // Matched a free provider (when blockFree: true)
"invalid"      // Failed SMTP / syntax / MX check

GET/v1/widget/validate20/day per IP (no key) · unlimited with key

Widget Validate (API)

The REST endpoint the widget calls internally when an API key is present. You can also call this directly from your own JavaScript — useful for custom validation flows outside of form inputs. Does not deduct credits from your main balance.

Query Parameters

Parameter	Type	Required	Description
`email`	`string`	Required	Email address to validate
`api_key`	`string`	Required	Your FoxGuard widget API key (from dashboard)

emailstring*

Email address to validate

api_keystring*

Your FoxGuard widget API key (from dashboard)

Request

curl -X GET "https://api.verifox.ai/v1/widget/validate?email=john@example.com&api_key=vfx_widget_key" \
  -H "X-API-Key: vfx_your_api_key"

Response

{
  "success": true,
  "result": {
    "email": "john@example.com",
    "domain": "example.com",
    "status": "safe",
    "isValid": true,
    "isFree": false,
    "isRole": false,
    "isDisposable": false,
    "suggestion": null,
    "smtp": {
      "deliverable": true,
      "catchAll": false,
      "hostExists": true
    }
  }
}

POST/v1/widget/public-verify4/day per fingerprint

Public Verify (No Auth)

Free public email verification — no API key or login required. Rate-limited to 4 verifications per day per browser fingerprint. This is what the widget uses when no apiKey is provided. Does not deduct credits.

Request Body

Parameter	Type	Required	Description
`email`	`string`	Required	Email address to verify
`fingerprint`	`string`	Optional	Browser fingerprint string for rate limiting. If omitted, falls back to IP-based limiting.

emailstring*

Email address to verify

fingerprintstringopt

Browser fingerprint string for rate limiting. If omitted, falls back to IP-based limiting.

Request

curl -X POST "https://api.verifox.ai/v1/widget/public-verify" \
  -H "X-API-Key: vfx_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"email": "john@example.com", "fingerprint": "fp_abc123"}'

Response

{
  "success": true,
  "remaining": 3,
  "result": {
    "email": "john@example.com",
    "status": "safe",
    "isValid": true,
    "isFree": false,
    "isRole": false,
    "isDisposable": false,
    "suggestion": null,
    "smtp": {
      "deliverable": true,
      "catchAll": false,
      "hostExists": true
    }
  }
}