Complete guide to integrating WebFunctions APIs into your applications.
Welcome to the WebFunctions API documentation. Follow these steps to integrate our 200+ APIs into your application.
Reach out to our sales team at webfunctions.net/contact to discuss your requirements and select a plan starting at $4,999/month for 1 million credits.
Once your account is activated, log in to your dashboard at app.webfunctions.net and generate your API keys. Keep these keys secure and never expose them in client-side code.
Use your API key to authenticate and make requests:
curl -X POST https://api.webfunctions.net/v1/email/validate \
-H "Authorization: Bearer wf_your_api_key_here" \
-H "Content-Type: application/json" \
-d '{"email": "user@example.com"}'Track your credit consumption in real-time through your dashboard. Set up alerts at 50%, 80%, and 100% thresholds to avoid service interruption.
All API requests should be made to:
https://api.webfunctions.net/v1
All API requests require authentication using a Bearer token in the Authorization header.
Authorization: Bearer wf_your_api_key_here
API keys are prefixed with wf_ followed by 48 alphanumeric characters.
wf_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4
WebFunctions uses a credit-based billing system. Each API call consumes credits based on the endpoint complexity.
| API Category | Credits per Call | Examples |
|---|---|---|
| Standard Validation | 1 credit | Email validation, phone format check |
| Enhanced Lookup | 2 credits | IP geolocation, address verification |
| Identity & Fraud | 5 credits | Identity verification, fraud scoring |
| AI/ML Processing | 5-10 credits | Sentiment analysis, image recognition |
| Bulk Operations | 1 credit/item | Bulk email validation, batch processing |
Query your current credit balance and usage:
GET /v1/account/credits
// Response
{
"credits_remaining": 847523,
"credits_used": 152477,
"credits_total": 1000000,
"period_start": "2026-01-01T00:00:00Z",
"period_end": "2026-01-31T23:59:59Z",
"plan": "Starter"
}Every API response includes credit usage information in headers:
X-Credits-Used - Credits consumed by this requestX-Credits-Remaining - Credits remaining in your accountX-Credits-Reset - Unix timestamp when credits resetRate limits are applied per API key to ensure service stability and fair usage across all customers.
| Plan | Requests/Second | Monthly Credits |
|---|---|---|
| Starter | 100 | 1,000,000 |
| Growth | 250 | 2,200,000 |
| Business | 500 | 6,250,000 |
| Scale | 1,000 | 14,000,000 |
| Enterprise | 2,500 | 33,000,000 |
| Ultimate | Custom | 80,000,000 |
Each response includes headers to help you track your rate limit status:
X-RateLimit-Limit - Maximum requests per secondX-RateLimit-Remaining - Requests remaining in current windowX-RateLimit-Reset - Unix timestamp when the window resetsWhen you exceed your rate limit, the API returns a 429 status code. Implement exponential backoff in your retry logic and respect the Retry-After header.
The API uses standard HTTP status codes and returns detailed error information in JSON format.
| Code | Status | Description |
|---|---|---|
200 |
OK | Request successful |
201 |
Created | Resource created successfully |
400 |
Bad Request | Invalid parameters or malformed request |
401 |
Unauthorized | Invalid or missing API key |
403 |
Forbidden | Insufficient permissions or credits |
404 |
Not Found | Endpoint or resource not found |
429 |
Too Many Requests | Rate limit or credit limit exceeded |
500 |
Server Error | Internal server error - please retry |
{
"error": {
"code": "invalid_parameter",
"message": "The email address format is invalid",
"param": "email",
"doc_url": "https://webfunctions.net/docs#email-validation"
},
"request_id": "req_abc123xyz"
}Receive real-time notifications when events occur. Configure webhook endpoints in your dashboard.
bulk.completed - Bulk operation finished processingcredits.low - Credits dropped below threshold (50%, 20%, 10%)credits.depleted - All credits consumedapi_key.revoked - An API key was revoked{
"event": "bulk.completed",
"timestamp": "2026-01-19T12:34:56Z",
"data": {
"job_id": "job_abc123",
"total_records": 10000,
"successful": 9850,
"failed": 150,
"download_url": "https://..."
},
"signature": "sha256=..."
}Always verify webhook signatures to ensure authenticity:
// Node.js example
const crypto = require('crypto');
function verifyWebhook(payload, signature, secret) {
const expected = crypto
.createHmac('sha256', secret)
.update(payload)
.digest('hex');
return `sha256=${expected}` === signature;
}1 credit per request
Validate email addresses for format, DNS records, disposable status, and deliverability.
/v1/email/validate
{
"email": "user@example.com",
"check_deliverability": true // Optional, uses 1 additional credit
}{
"email": "user@example.com",
"valid": true,
"format_valid": true,
"mx_found": true,
"mx_records": ["mx1.example.com", "mx2.example.com"],
"disposable": false,
"role_based": false,
"free_provider": false,
"deliverable": true,
"catch_all": false,
"score": 95,
"suggestion": null
}| Field | Type | Description |
|---|---|---|
valid | boolean | Overall validity assessment |
format_valid | boolean | Email format is syntactically correct |
mx_found | boolean | Domain has valid MX records |
disposable | boolean | Is a disposable/temporary email |
role_based | boolean | Is role-based (info@, support@, etc.) |
free_provider | boolean | Is from a free email provider |
deliverable | boolean | Mailbox exists and accepts mail |
score | integer | Quality score 0-100 |
suggestion | string|null | Suggested correction for typos |
1-2 credits per request
Validate phone numbers for format, carrier information, and line type.
/v1/phone/validate
{
"phone": "+14155551234",
"country_code": "US" // Optional, for national format numbers
}{
"valid": true,
"phone_number": "+14155551234",
"national_format": "(415) 555-1234",
"international_format": "+1 415-555-1234",
"country_code": "US",
"country_name": "United States",
"carrier": "Verizon Wireless",
"line_type": "mobile",
"is_ported": false
}2 credits per request
Get detailed location and network information for any IP address.
/v1/ip/lookup?ip={ip_address}
{
"ip": "8.8.8.8",
"type": "ipv4",
"continent": "North America",
"continent_code": "NA",
"country": "United States",
"country_code": "US",
"region": "California",
"region_code": "CA",
"city": "Mountain View",
"zip": "94035",
"latitude": 37.386,
"longitude": -122.0838,
"timezone": "America/Los_Angeles",
"utc_offset": "-08:00",
"currency": "USD",
"isp": "Google LLC",
"organization": "Google Public DNS",
"asn": "AS15169",
"is_vpn": false,
"is_proxy": false,
"is_tor": false,
"is_datacenter": true,
"threat_score": 0
}2 credits per request
Validate and standardize postal addresses with USPS and international support.
/v1/address/verify
{
"street": "1600 Amphitheatre Parkway",
"city": "Mountain View",
"state": "CA",
"zip": "94043",
"country": "US"
}{
"valid": true,
"deliverable": true,
"standardized": {
"street": "1600 AMPHITHEATRE PKWY",
"city": "MOUNTAIN VIEW",
"state": "CA",
"zip": "94043-1351",
"country": "US"
},
"components": {
"primary_number": "1600",
"street_name": "AMPHITHEATRE",
"street_suffix": "PKWY",
"city_name": "MOUNTAIN VIEW",
"state_abbreviation": "CA",
"zipcode": "94043",
"plus4_code": "1351"
},
"metadata": {
"latitude": 37.4224764,
"longitude": -122.0842499,
"time_zone": "America/Los_Angeles",
"address_type": "commercial"
}
}5 credits per request
Verify identity information against authoritative data sources.
/v1/identity/verify
{
"first_name": "John",
"last_name": "Smith",
"date_of_birth": "1990-01-15",
"ssn_last4": "1234", // Optional
"address": {
"street": "123 Main St",
"city": "Anytown",
"state": "CA",
"zip": "90210"
}
}{
"verified": true,
"confidence_score": 92,
"checks": {
"name_match": true,
"dob_match": true,
"ssn_match": true,
"address_match": true
},
"alerts": [],
"sources_checked": 3
}5 credits per request
Real-time fraud scoring and risk assessment for transactions and signups.
/v1/fraud/assess
{
"email": "user@example.com",
"ip_address": "192.168.1.1",
"phone": "+14155551234",
"transaction": {
"amount": 99.99,
"currency": "USD",
"type": "purchase"
},
"device": {
"user_agent": "Mozilla/5.0...",
"fingerprint": "abc123"
}
}{
"risk_score": 15,
"risk_level": "low",
"recommendation": "approve",
"signals": {
"email_age_days": 1825,
"email_disposable": false,
"ip_proxy": false,
"ip_country_match": true,
"device_fingerprint_seen": true,
"velocity_check": "pass"
},
"rules_triggered": []
}Official SDKs are available for seamless integration in your preferred language.
SDK installation commands and private repository access are available to authenticated customers.
Login to Access SDKsFor government agencies and enterprises requiring Top Secret Compartmented (TSC) level security, WebFunctions provides dedicated SSH tunnel endpoints for encrypted channel communications.
TSC-level SSH tunneling is available exclusively for Enterprise and Ultimate plan customers with verified security clearance documentation. Contact your account manager to enable.
tsc-tunnel.webfunctions.net:22022tsc-tunnel-failover.webfunctions.net:22022
# ~/.ssh/config for TSC tunnel
Host wf-tsc-tunnel
HostName tsc-tunnel.webfunctions.net
Port 22022
User wf_tsc_[YOUR_ORG_ID]
IdentityFile ~/.ssh/webfunctions_tsc_ed25519
LocalForward 8443 api-internal.webfunctions.net:443
ServerAliveInterval 60
ServerAliveCountMax 3
StrictHostKeyChecking yes
UserKnownHostsFile ~/.ssh/wf_known_hosts# Start the SSH tunnel
ssh -N -f wf-tsc-tunnel
# Verify tunnel is active
curl -s https://localhost:8443/v1/health \
-H "Authorization: Bearer wf_tsc_your_api_key" \
--cacert /path/to/webfunctions-tsc-ca.crt
# Response
{"status": "operational", "tunnel": "tsc-secured", "encryption": "AES-256-GCM"}# Python TSC Example
from webfunctions import WebFunctionsClient, TSCTunnel
# Initialize TSC tunnel manager
tunnel = TSCTunnel(
key_path="~/.ssh/webfunctions_tsc_ed25519",
org_id="YOUR_ORG_ID",
ca_cert="/path/to/webfunctions-tsc-ca.crt"
)
# Start secure tunnel
tunnel.connect()
# Initialize client with tunnel
client = WebFunctionsClient(
api_key="wf_tsc_your_api_key",
base_url="https://localhost:8443",
tsc_mode=True,
verify_ssl=tunnel.ca_cert
)
# Make TSC-secured API call
result = client.identity.verify_classified(
subject_id="REDACTED",
clearance_level="TSC",
audit_log=True
)
# Always close tunnel when done
tunnel.disconnect()// Node.js TSC Example
const { WebFunctionsClient, TSCTunnel } = require('@webfunctions/sdk-tsc');
async function secureLookup() {
// Initialize TSC tunnel
const tunnel = new TSCTunnel({
keyPath: '~/.ssh/webfunctions_tsc_ed25519',
orgId: 'YOUR_ORG_ID',
caCert: '/path/to/webfunctions-tsc-ca.crt'
});
await tunnel.connect();
const client = new WebFunctionsClient({
apiKey: 'wf_tsc_your_api_key',
baseUrl: 'https://localhost:8443',
tscMode: true,
caCert: tunnel.caCert
});
try {
const result = await client.identity.verifyClassified({
subjectId: 'REDACTED',
clearanceLevel: 'TSC',
auditLog: true
});
console.log(result);
} finally {
await tunnel.disconnect();
}
}
secureLookup();To enable TSC-level SSH tunneling, contact your dedicated account manager or email tsc-support@webfunctions.net with your organization's security documentation and FedRAMP authorization details.
Don't see your language? The REST API works with any HTTP client. Request an SDK
Import our Postman collection to quickly explore and test all API endpoints.
Recent updates and changes to the WebFunctions API.
Our technical team is here to help you integrate WebFunctions into your application.