trueguard-logo-black

Email Validation in JavaScript

Validate any email address from JavaScript or Node.js with one API call. Pass an address, get back a nested JSON object with syntax, deliverability, domain, and quality signals. Real-time, sub-1s median response.

100 validations a month. No credit card required.
Try the free single-email verifier
100 free per monthWorks in Node and browserSub-1s response
const response = await fetch("https://api.trueguard.io/v2/email/validation", { method: "POST", headers: { "X-API-KEY": YOUR_KEY, "Content-Type": "application/json", }, body: JSON.stringify({ email: "founder@yourcompany.com" }), }); const result = await response.json(); console.log(result);

How do I validate an email with JavaScript?

Three steps. Most teams have it running in under an afternoon.

1

Get a free API key

Sign up at trueguard.io. No card, no trial expiry. 100 validations a month included on the free tier.

2

POST to /email/validation with X-API-KEY

Send the address as JSON in the request body. Set X-API-KEY in the header. Works with fetch, axios, node-fetch, or any HTTP client.

3

Read the nested JSON, branch on deliverability.status

safe: accept. risky: catch-all or uncertain, apply a softer policy. invalid: the mailbox does not exist, reject.

Read the API documentation

JavaScript and Node.js samples using the real endpoint. Paste, set your key, run.

const response = await fetch("https://api.trueguard.io/v2/email/validation", { method: "POST", headers: { "X-API-KEY": YOUR_KEY, "Content-Type": "application/json", }, body: JSON.stringify({ email: "founder@yourcompany.com" }), }); const result = await response.json(); console.log(result);

Can I validate emails in the browser, or do I need a server?

Both work. Browser fetch is fine for local development. In production, run the call server-side so your API key never ships to the client.

Browser (client-side)

Works during development. Anyone who opens DevTools can read your X-API-KEY from the network tab and use it against your quota.

Use it for prototyping only. Do not ship browser-side API key calls to production.

Server-side (recommended)

Call the Trueguard API from a Node.js server, a Next.js API route or server action, an Express handler, or an edge function.

Pattern: browser form submits the address to your backend. Your backend calls Trueguard, returns the result. The key never reaches the client.

What does the JSON response look like?

Four nested groups: syntax, deliverability, domain, and quality. Every field is included on every plan, including free.

saferealemail@gmail.com
Syntax valid
Deliverable
SMTP valid
MX valid
Catch-all
Disposable
Free provider
Role-based
{ "email": "realemail@gmail.com", "rawEmail": "realemail@gmail.com", "syntax": { "isValid": true }, "deliverability": { "status": "safe", "isSmtpValid": true, "isMxValid": true, "isCatchall": false, "isInboxFull": false, "isDeliverable": true, "isDisabled": false, "mxRecords": [ "alt2.gmail-smtp-in.l.google.com", "gmail-smtp-in.l.google.com", "alt4.gmail-smtp-in.l.google.com", "alt1.gmail-smtp-in.l.google.com", "alt3.gmail-smtp-in.l.google.com" ] }, "domain": { "name": "gmail.com", "age": 11263, "isLive": true, "isRisky": false }, "quality": { "isDisposable": false, "isFree": true, "isRole": false, "isSubaddress": false } }

How do I handle errors and rate limits in JavaScript?

Check response.ok after the fetch call. A 429 means you have hit the rate limit and should back off before retrying. Wrap the block in a try/catch to handle network failures.

const res = await fetch("https://api.trueguard.io/v2/email/validation", { method: "POST", headers: { "X-API-KEY": process.env.TRUEGUARD_API_KEY, "Content-Type": "application/json", }, body: JSON.stringify({ email }), }); if (!res.ok) { if (res.status === 429) { throw new Error("Rate limit reached. Back off and retry."); } throw new Error(`Validation failed: ${res.status}`); } const result = await res.json();

Which JavaScript frameworks does this work with?

Any runtime that can make an HTTPS POST request. The snippets below all call the same endpoint with the same header. You can also use the same API from Python, PHP, Go, Ruby, C#, and Java.

Node.js / Express

Call the API in an Express route handler or middleware. Read the key from process.env. Works on any Node version that supports async/await.

Next.js

Use an API route (app/api/) or a server action to call Trueguard server-side. The key never reaches the browser.

Deno

The fetch API is built in. Pass the key via Deno.env.get. Works on Deno Deploy with no changes.

Bun

Bun's native fetch works identically. Read the key from Bun.env. No extra packages needed.

React (client component)

Do not call the API directly from a React component in production. Submit the form to your backend, run the validation there, and return the result. The key stays server-side.

What can I build with email validation in JavaScript?

One API call unlocks several data-quality and fraud-prevention patterns. Here are the most common ones teams build with the JavaScript integration.

Stop fake signups at the form

Validate on submit, before the account is created. Drop disposable addresses and hard-reject invalid ones. Risky catch-all addresses can be accepted with a confirmation step.

Stop fake signups

Clean outreach lists before sending

Run each address through the API before the campaign loads it. Flag role mailboxes and invalid addresses to protect your sender reputation.

Pair with VPN detection

Email list hygiene

Validate in batch before a send. Drop invalid, flag disposable, route catch-all to a re-permission flow. Cleaner list, lower bounce rate, better deliverability.

Email list cleaning guide

Frequently asked questions

How do I validate an email address with JavaScript?

Send a POST request to https://api.trueguard.io/v2/email/validation with the header X-API-KEY set to your key and a JSON body containing the email field. The response is a nested JSON object with syntax, deliverability, domain, and quality groups. Branch on deliverability.status to decide whether to accept the address: safe means it passed, risky means catch-all or uncertain, invalid means the mailbox does not exist.

Can I validate an email in the browser with client-side JavaScript?

You can call the API from the browser during development, but in production you should not. Your X-API-KEY would be visible in the network tab to anyone who opens DevTools, allowing it to be scraped and used against your quota. Instead, call the API from your server, a Next.js API route, a server action, or an edge function. The browser submits the form, your backend calls Trueguard, then returns the result. The key never reaches the client.

How do I validate an email in Node.js?

Install axios and import it. Call axios.post with the endpoint, a body of { email }, and a headers object containing X-API-KEY set to process.env.TRUEGUARD_API_KEY. Read the result from result.data. Store the key in an environment variable, never hardcode it in source. The same pattern works in Next.js API routes and Express middleware.

What does the JSON response look like?

The response is a nested object with four groups: syntax contains isValid; deliverability contains status, isSmtpValid, isMxValid, isCatchall, isInboxFull, isDeliverable, isDisabled, and mxRecords; domain contains name, age, isLive, and isRisky; quality contains isDisposable, isFree, isRole, and isSubaddress. Every field is present on every plan including free.

How do I check if an email is deliverable in JavaScript?

Read deliverability.status from the response. If it equals safe the address passed all checks. If it equals risky the domain is a catch-all or the SMTP probe could not confirm the mailbox, so the address may or may not be real. If it equals invalid the mailbox does not exist. Branch on these three values rather than any individual boolean for the most reliable decision.

Does the API detect catch-all domains in JavaScript?

Yes. When the destination domain accepts mail for every address, the API sets deliverability.isCatchall to true and deliverability.status to risky. The status is never unknown for a catch-all. You cannot confirm a specific mailbox on a catch-all domain without actually sending mail, so risky is the honest verdict. You can use isCatchall to apply a softer policy instead of a hard reject.

How do I handle errors and rate limits in JavaScript?

After the fetch call, check response.ok. If it is false, inspect response.status: 429 means you have hit the rate limit and should back off before retrying, while 4xx or 5xx means something else went wrong. Wrap the whole block in a try/catch to handle network failures. Log the status code so you can distinguish between a validation error and a temporary service issue.

Is there a free tier for testing the JavaScript integration?

Yes. Sign up for a Trueguard account and you get 100 email validations per month at no cost, with no credit card required. The free tier runs the production endpoint with the same response shape, the same latency, and the same accuracy as a paid plan. It is enough to build and test a full integration before committing to a subscription.

Validate emails from JavaScript in minutes.

100 validations a month, free, no card. One endpoint, two working code samples, a real JSON response viewer. Start integrating now.

No credit card required.

Product

Features

Sign in

Disposable Emails

Free Tier Abusers

Fake Accounts / Bots

Email Verification API

Resources

Pricing

Blog

Knowledgebase

Documentation

Tools

VPN and Proxy Checker

IP Location Checker

Email Validation

Legal

Terms of Service

Privacy Policy

Data processing agreement

trueguard-logo© 2026 Trueguardinfo@trueguard.io