Product / Phish Guard API

Phish Guard API — The Engine Behind Every EmailVeritas Integration

One REST API to detect phishing URLs, malicious files, and suspicious email headers across all your platforms. Phish Guard API powers the free URL Checker, Outlook Add-in, Google Workspace Add-on, ChatGPT plugin, and all other EmailVeritas integrations. Use it directly in your own applications via subscription.

Get Your API Key →

Watch & Listen — Phish Guard API: How to Stay Safe from Phishing

Discover how phishing remains one of the most common online threats and how the Phish Guard API powers real-time detection across all EmailVeritas integrations — from the free URL Checker to enterprise SIEM connectors. Watch or listen on your favorite platform:

Watch & Listen — Phish Guard API: How to Stay Safe from Phishing thumbnail

Watch & Listen — Phish Guard API: How to Stay Safe from Phishing

Listen on Spotify

How It Works

Five steps from subscription to real-time threat intelligence

1. Subscribe and Get API Key

Create your EmailVeritas account, choose a subscription plan, and generate an API key from your dashboard.

2. Authenticate via Header

Include your API key in the Authorization header of every POST request to our REST endpoint.

3. Submit a URL, File, or Email

POST a URL string, upload a file (PDF, .exe, .docx, .zip, .js), or submit raw email content (EML/MSG) to the scan endpoint.

4. Receive Structured JSON

Get back a JSON object with classification (PHISHING/MALWARE/SPAM/LEGITIMATE), WHOIS registrar, domain age, redirection chain, IP geolocation, SSL validity, content SHA-256, and outgoing links.

5. Route and Act

Feed the JSON response into your SIEM, firewall rule, ticketing system, or custom workflow — block, quarantine, or escalate based on the risk verdict.

Key Benefits

The API behind all EmailVeritas integrations

01

Rich, structured scan results

Each response includes classification, WHOIS registrar, domain age, redirection chain, IP geolocation, HTTP response code, SHA-256 content hash, and outgoing links — all in one JSON object.

02

Scan URLs, files, and emails

Submit any URL, file attachment (PDF, .exe, .docx, .xlsx, .zip, .js, .vbs, .ps1), or raw email (EML/MSG format) to the same endpoint.

03

Fast, synchronous results

URL scans return synchronously in under 2 seconds. File sandbox analysis returns in under 30 seconds. Results include first_submission_date and times_submitted for recurrence context.

04

Powers all EmailVeritas integrations

The same API runs the free URL Checker, Outlook Add-in, Google Workspace Add-on, ChatGPT plugin, WhatsApp bot, Copilot integration, and Mobile App.

05

Plan-based API access

Choose a subscription tier that matches your scan volume. Monitor remaining quota, rotate API keys, and view per-request logs from your dashboard.

Use Cases

Free URL Checker

  • The free URL Checker at emailveritas.com/url-checker is the no-signup interface powered by this API — paste any link and get a verdict in under 2 seconds.

  • Results include domain age, SSL validity, redirection chain, blacklist status, and WHOIS registrar — the same data returned by the API.

  • The URL Checker is also available via ChatGPT plugin, Outlook Add-in, Google Workspace Add-on, WhatsApp bot, and Mobile App — all powered by the same Phish Guard API.

  • No account or API key required for the free tool — suitable for ad-hoc link verification before clicking.

Security Teams & Developers

  • SOC analysts use the Phish Guard API to triage suspicious links from phishing reports, email submissions, and threat feeds at scale — integrated directly into SIEM or ticketing systems.

  • Each API response includes IP geolocation, HTTP response headers, outgoing links, and the full redirection chain — enough to assess a threat without running it in a sandbox.

  • Scanned URLs generate permanent result pages at /url-checker/{domain} — shareable links for incident reports and team handoffs.

  • Subscription tiers scale with scan volume; API keys, quota monitoring, and per-request logs are managed from the EmailVeritas dashboard.

Sample API Response

Real response structure returned for each scanned URL — includes classification, WHOIS, IP, and web page data. 

{
    "id": "a1b2c3d4",
    "url": "hxxps://paypal-secure[.]ru/login",
    "domain": "paypal-secure.ru",
    "tld": "ru",
    "classification": "PHISHING",
    "data": {
        "last_analysis_date": "2026-04-29T14:22:00Z",
        "first_submission_date": "2026-04-27T09:11:00Z",
        "times_submitted": 4,
        "analysis": [
            {
                "classification": "PHISHING",
                "summary": "Domain impersonates PayPal login. Registered 2 days ago. No valid SSL certificate. Redirects to credential harvesting form.",
                "ip": "185.220.101.47",
                "redirection_chain": [
                    "hxxps://paypal-secure[.]ru/",
                    "hxxps://paypal-secure[.]ru/login"
                ],
                "domain_info": {
                    "whois_records": [
                        {
                            "create_date": "2026-04-27",
                            "expiry_date": "2027-04-27",
                            "domain_registrar": {
                                "registrar_name": "NameCheap, Inc.",
                                "whois_server": "whois.namecheap.com"
                            },
                            "name_servers": [
                                "ns1.suspicious-host.net"
                            ],
                            "domain_status": [
                                "clientTransferProhibited"
                            ]
                        }
                    ]
                },
                "web_page_info": {
                    "http_response_code": 200,
                    "http_response_content_sha256": "e3b0c44298fc1c149afb4c8996fb924...",
                    "extension": "html",
                    "outgoing_links": [
                        []
                    ]
                },
                "ipInfo": [
                    {
                        "ip": "185.220.101.47",
                        "geoLocation": {
                            "country": "RU",
                            "city": "Moscow"
                        }
                    }
                ],
                "malicious_extension": false
            }
        ]
    }
}

How Phish Guard Detects Phishing and Malware

Integrated Threat Intelligence

  • When a URL is submitted, the system first validates the address structure and confirms it is safe to process before scanning.
  • The API analyzes the link's structure, domain age, and SSL certificate to identify red flags commonly associated with phishing or malware threats.
  • Each link is compared against trusted threat databases, global blacklists, and known warning signs to ensure accurate classification.
  • The result is returned synchronously — classified as LEGITIMATE, WARNING, PHISHING, MALWARE, or SPAM — with a summary of the findings.
  • File submissions undergo sandbox analysis; email content is parsed for header anomalies, embedded links, and attachment hashes.

What Happens Behind the Scenes

  • Once a URL is submitted, the system inspects it for hidden phishing signals and warning patterns that are often missed by the naked eye.
  • It checks whether the URL has a history of being flagged in global threat monitoring systems or blacklists for malicious domains.
  • If the link contains one or more redirections, each step in the redirect chain is followed and analyzed to determine whether it leads to an unexpected or unsafe destination.
  • Additional attributes — domain reputation, SSL validity, IP geolocation, and link complexity — are evaluated to detect abnormal or suspicious behavior.
  • All collected signals are combined to generate a risk verdict, returned in a structured JSON response with first_submission_date and times_submitted for recurrence context.

Technologies We Use

  • The detection engine relies on advanced artificial intelligence to identify evolving threat patterns and malicious URLs in real time.
  • Machine learning models continuously improve by learning from real-world phishing attempts and unsafe redirect behavior.
  • Live feeds from global threat intelligence providers keep the engine updated on emerging malicious activity and newly registered domains.
  • Every URL is cross-referenced with reputable safe-browsing databases, SSL authorities, and reputation networks to ensure accuracy.
  • This combination of AI analysis, threat intelligence, and machine learning enables Phish Guard to deliver precise, fast classifications for every scan.

Frequently Asked Questions (FAQ)

Ready to integrate?

Choose your plan and start scanning URLs, files, and emails via API.

Subscribe and Get Your API Key View API Documentation

Explore Other EmailVeritas Tools

Discover all integrations and platforms where you can use our security tools

URL Checker icon

URL Checker

Free web tool — scan any link for phishing, malware, and unsafe redirects. No signup required.
ChatGPT Plugin icon

ChatGPT Plugin

Analyze URLs directly inside ChatGPT using the EmailVeritas plugin.
Outlook Add-in icon

Outlook Add-in

Scan suspicious links directly from your Outlook inbox.
Google Workspace Add-on icon

Google Workspace Add-on

Check links in Gmail and Sheets with our official Workspace add-on.
WhatsApp Integration icon

WhatsApp Integration

Send a suspicious link to WhatsApp and get instant results.
Mobile App icon

Mobile App

Use our protection tools directly on your smartphone.
Copilot URL Checker icon

Copilot URL Checker

Verify and classify URLs in real time directly inside Microsoft Copilot workflows.
Phish Guard API icon

Phish Guard API

Integrate URL scanning into your own products using our REST API.
File Checker icon

File Checker

Analyze uploaded files to detect potential threats instantly.