REST API v1.0

RiskHunter API Reference

Real-time phone and email intelligence. Verify users, detect fraud, and enrich data with a single API call.

~47ms response
99.9% uptime SLA
Global coverage
Base URL
https://api.riskhunter.es

Authentication

All API requests require authentication using a Bearer token. Include your API key in the Authorization header.

curl -X POST 'https://api.riskhunter.es/v1/phone' \
  -H 'Authorization: Bearer rh_live_xxxxxxxxxxxxx' \
  -H 'Content-Type: application/json'

Keep your API key secure

Never expose your API key in client-side code or public repositories. Use environment variables.

Rate Limits

Rate limits vary by plan. Headers are included in every response to help you track usage.

Free
100/min
Pro
1,000/min
Enterprise
Unlimited
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 987
X-RateLimit-Reset: 1703788800

Error Handling

The API uses standard HTTP status codes and returns detailed error messages in JSON format.

Code
Status
Description
200
OK
Request successful
400
Bad Request
Invalid parameters or malformed request
401
Unauthorized
Missing or invalid API key
429
Too Many Requests
Rate limit exceeded
500
Server Error
Internal server error
{
  "error": {
    "code": "invalid_phone",
    "message": "The phone number format is invalid",
    "param": "phone_number",
    "doc_url": "https://docs.riskhunter.es/errors#invalid_phone"
  }
}
POST/v1/phone

Phone Intelligence

Comprehensive phone number analysis including validation, carrier identification, line type detection, breach exposure, and connected platform discovery.

Request

curl -X POST 'https://api.riskhunter.es/v1/phone' \
  -H 'Authorization: Bearer rh_live_xxxxx' \
  -H 'Content-Type: application/json' \
  -d '{
    "phone_number": "+34612345678",
    "customer_id": "cust_abc123"
  }'

Request Body

Parameter
Type
Description
phone_number
string
Phone number with country code (E.164 format recommended)
customer_id
string
Your internal customer identifier for tracking

Response

{
  "resolution_id": "res_8f7e6d5c4b3a2190",
  "value": "+34612345678",
  "is_valid": true,
  "type": "mobile",
  "country_code": "ES",
  "country_name": "Spain",
  "carrier": "Movistar",
  "is_disposable": false,
  "is_ported": false,
  "score": 847,
  "score_cluster": "high",
  "telco_data": {
    "local_format": "612345678",
    "international_format": "+34612345678",
    "country_prefix": "34",
    "location": "Madrid",
    "line_type": "mobile"
  },
  "has_whatsapp": true,
  "has_telegram": true,
  "telegram_username": "john_doe",
  "telegram_first_name": "John",
  "connected_platforms_count": 2,
  "data_breaches_count": 3,
  "data_breaches_first": "2019-04-15",
  "data_breaches_last": "2023-08-22",
  "data_breaches": [
    {
      "name": "Facebook",
      "date": "2021-04-03",
      "data_classes": [
        "Names",
        "Phone Numbers"
      ]
    },
    {
      "name": "Deezer",
      "date": "2023-01-06",
      "data_classes": [
        "Phone Numbers",
        "Emails"
      ]
    },
    {
      "name": "LinkedIn",
      "date": "2019-04-15",
      "data_classes": [
        "Names",
        "Phone Numbers",
        "Emails"
      ]
    }
  ],
  "extracted_names": [
    "John Doe",
    "Juan García"
  ],
  "extracted_emails": [
    "john.doe@gmail.com"
  ],
  "first_seen": "2019-04-15",
  "first_seen_days": 2084,
  "risk_signals": [
    {
      "code": "phone_line_type",
      "description": "Mobile number - standard consumer line",
      "impact": 100,
      "severity": "low"
    },
    {
      "code": "phone_carrier_major",
      "description": "Major carrier identified",
      "impact": 80,
      "severity": "low"
    },
    {
      "code": "phone_data_breaches_count",
      "description": "Phone found in 3 breaches",
      "impact": 36,
      "severity": "low"
    }
  ],
  "reason_codes": "TP001,TP005,TP012",
  "recommendation": "Good trust score. Reliable and established identity."
}

Response Schema

Field
Type
Description
resolution_id
string
Unique identifier for this analysis request
value
string
The analyzed phone number in international format
is_valid
boolean
Whether the phone number format is valid
type
string
Line type: mobile, landline, voip, or unknown
country_code
string
ISO 3166-1 alpha-2 country code
country_name
string
Full country name
carrier
string
Network operator/carrier name
is_disposable
boolean
True if detected as VoIP or virtual number
is_ported
boolean
True if number has been ported to another carrier
score
number
Trust score from 0-1000 (higher = more trustworthy)
score_cluster
string
Trust level: poor, bad, moderate, good, or high
telco_data
object
Detailed telecom data from carrier lookup
has_whatsapp
boolean
True if registered on WhatsApp
has_telegram
boolean
True if registered on Telegram
telegram_username
string
Telegram username if public and available
telegram_first_name
string
Telegram first name if available
connected_platforms_count
number
Number of messaging platforms found
data_breaches_count
number
Number of data breaches containing this phone
data_breaches_first
string
Date of earliest known breach (YYYY-MM-DD)
data_breaches_last
string
Date of most recent breach (YYYY-MM-DD)
data_breaches
array
List of breaches containing this phone
extracted_names
string[]
Names found associated with this phone in breaches
extracted_emails
string[]
Emails found associated with this phone in breaches
first_seen
string
Earliest date this phone appeared in our data
first_seen_days
number
Days since first seen in our system
risk_signals
array
Risk indicators detected
reason_codes
string
Comma-separated list of triggered rule codes
recommendation
string
Suggested action based on analysis
POST/v1/email

Email Intelligence

Complete email analysis including validation, deliverability, disposable detection, breach exposure, and social footprint discovery across 200+ platforms.

Request

curl -X POST 'https://api.riskhunter.es/v1/email' \
  -H 'Authorization: Bearer rh_live_xxxxx' \
  -H 'Content-Type: application/json' \
  -d '{
    "email": "john.doe@company.com",
    "customer_id": "cust_abc123"
  }'

Request Body

Parameter
Type
Description
email
string
Email address to analyze
customer_id
string
Your internal customer identifier for tracking

Response

{
  "resolution_id": "res_1a2b3c4d5e6f7890",
  "value": "john.doe@company.com",
  "is_valid": true,
  "is_deliverable": true,
  "is_disposable": false,
  "disposable_provider": null,
  "domain": "company.com",
  "domain_type": "business",
  "has_mx_records": true,
  "score": 892,
  "score_cluster": "high",
  "social_profiles_count": 8,
  "social_profiles": [
    {
      "platform": "Google",
      "exists": true,
      "profile_url": null
    },
    {
      "platform": "Apple",
      "exists": true,
      "profile_url": null
    },
    {
      "platform": "LinkedIn",
      "exists": true,
      "profile_url": "https://linkedin.com/in/johndoe"
    },
    {
      "platform": "Twitter",
      "exists": true,
      "profile_url": "https://twitter.com/johndoe"
    },
    {
      "platform": "GitHub",
      "exists": true,
      "profile_url": "https://github.com/johndoe"
    }
  ],
  "has_google": true,
  "has_apple": true,
  "has_microsoft": true,
  "has_facebook": false,
  "has_twitter": true,
  "has_instagram": true,
  "has_linkedin": true,
  "has_amazon": true,
  "data_breaches_count": 7,
  "data_breaches_first": "2016-05-18",
  "data_breaches_last": "2023-11-15",
  "data_breaches": [
    {
      "name": "LinkedIn",
      "date": "2016-05-18",
      "data_classes": [
        "Emails",
        "Names",
        "Passwords"
      ],
      "is_verified": true
    },
    {
      "name": "Adobe",
      "date": "2013-10-04",
      "data_classes": [
        "Emails",
        "Passwords"
      ],
      "is_verified": true
    },
    {
      "name": "Dropbox",
      "date": "2012-07-01",
      "data_classes": [
        "Emails",
        "Passwords"
      ],
      "is_verified": true
    }
  ],
  "extracted_names": [
    "John Doe",
    "J. Doe"
  ],
  "extracted_phones": [
    "+34612345678"
  ],
  "extracted_usernames": [
    "johndoe",
    "john_doe",
    "jdoe"
  ],
  "first_seen": "2013-10-04",
  "first_seen_days": 4103,
  "risk_signals": [
    {
      "code": "email_social_count",
      "description": "Connected to 8+ platforms",
      "impact": 320,
      "severity": "low"
    },
    {
      "code": "email_is_business",
      "description": "Business email domain",
      "impact": 60,
      "severity": "low"
    },
    {
      "code": "email_breach_age",
      "description": "Email over 10 years old",
      "impact": 100,
      "severity": "low"
    },
    {
      "code": "email_domain_mx_valid",
      "description": "Valid MX records found",
      "impact": 50,
      "severity": "low"
    }
  ],
  "reason_codes": "TE001,TE003,TE007,TE012",
  "recommendation": "Excellent trust score. Highly established and verified identity."
}

Response Schema

Field
Type
Description
resolution_id
string
Unique identifier for this analysis request
value
string
The analyzed email address (lowercase)
is_valid
boolean
Whether the email format is valid
is_deliverable
boolean
Whether the email can receive messages (MX check)
is_disposable
boolean
True if from a temporary/disposable email provider
disposable_provider
string
Name of disposable provider if detected
domain
string
Email domain extracted
domain_type
string
free, business, or disposable
has_mx_records
boolean
True if domain has valid MX records
score
number
Trust score from 0-1000 (higher = more trustworthy)
score_cluster
string
Trust level: poor, bad, moderate, good, or high
social_profiles_count
number
Number of social/service accounts found
social_profiles
array
List of platforms where email is registered
has_google
boolean
True if registered on Google
has_apple
boolean
True if registered on Apple
has_microsoft
boolean
True if registered on Microsoft
has_facebook
boolean
True if registered on Facebook
has_twitter
boolean
True if registered on Twitter/X
has_instagram
boolean
True if registered on Instagram
has_linkedin
boolean
True if registered on LinkedIn
has_amazon
boolean
True if registered on Amazon
data_breaches_count
number
Number of data breaches containing this email
data_breaches_first
string
Date of earliest known breach (YYYY-MM-DD)
data_breaches_last
string
Date of most recent breach (YYYY-MM-DD)
data_breaches
array
List of breaches containing this email
extracted_names
string[]
Names found associated with this email in breaches
extracted_phones
string[]
Phones found associated with this email in breaches
extracted_usernames
string[]
Usernames found in breaches
first_seen
string
Earliest date this email appeared in our data
first_seen_days
number
Days since first seen in our system
risk_signals
array
Risk indicators detected
reason_codes
string
Comma-separated list of triggered rule codes
recommendation
string
Suggested action based on analysis

Reason Codes

Reason codes are returned in the reason_codes field and provide detailed explanations for the trust score.

Phone Codes (TP)

TP001Mobile line detected
TP002VoIP number detected
TP003Landline detected
TP005Major carrier identified
TP007Number found in breaches
TP010WhatsApp registered
TP011Telegram registered
TP012Disposable number

Email Codes (TE)

TE001High social presence
TE002Disposable email
TE003Business domain
TE005Valid MX records
TE007Found in breaches
TE010Google account linked
TE011Apple account linked
TE012Old email address

Official SDKs

Use our official SDKs for faster integration. All SDKs are open source and available on GitHub.

Node.js

npm install @riskhunter/sdk
🐍

Python

pip install riskhunter
🐘

PHP

composer require riskhunter/sdk

Ready to get started?

Create your free account and get 1,000 API requests instantly.

Get API KeyContact Sales