Title here
Summary here
Post Data Formatting
To ensure proper validation and optimal fraud detection, your API requests must follow the correct formatting for each field. Below is a detailed explanation of the available parameters.
The
vpn_checkandadvancedparameters are available exclusively to premium plan users. For free users, these parameters will be ignored.
🔹POST Body Parameters
| Field | Type | Required | Description |
|---|---|---|---|
email | string | ⚪ | Full email address to validate. Example: john@example.com |
phone | string | ⚪ | Full phone number with country code. Example: +14155552671 |
ip | string | ✅ | IPv4 or IPv6 address of the user. Example: 49.36.241.41 |
name | string | ✅ | Full name (first and last). Example: John Doe |
user_agent | string | ✅ | User’s browser/device user agent string. Must not be blank. |
vpn_check | boolean | ❌ | Whether to run proxy/VPN detection. Default: true. Set to false to skip. |
advanced | boolean | ❌ | Enables extended checks (may add latency). Default: false. |
🔹Parameters length
| Field | Type | Min Field Length | Max Field Length |
|---|---|---|---|
email | string | 5 | 60 |
phone | string | 7 | 15 |
ip | string | Valid IPv4 or IPv6 | Valid IPv4 or IPv6 |
name | string | 3 | 50 |
user_agent | string | 5 | 512 |
vpn_check | boolean | true/false | true/false |
advanced | boolean | true/false | true/false |
The
vpn_checkandadvancedparameters are available exclusively to premium plan users. For free users, these parameters will be ignored.
🔹IP Handling
When using services like Cloudflare, Nginx, or reverse proxies, the incoming IP address may be masked. Always extract the real IP from trusted headers.
🔹Warning
If you send Cloudflare’s IP instead of the real visitor’s, OnSefy may incorrectly label the request as high-risk or invalid.
🔹Example: Get Real IP Behind Cloudflare
Node.js (Express):
const realIp = req.headers['cf-connecting-ip'] || req.headers['x-forwarded-for'] || req.ip;PHP:
$ip = $_SERVER['HTTP_CF_CONNECTING_IP'] ??
$_SERVER['HTTP_X_FORWARDED_FOR'] ??
$_SERVER['REMOTE_ADDR'];Python (FastAPI/Flask):
ip = request.headers.get('cf-connecting-ip') or \
request.headers.get('x-forwarded-for') or \
request.remote_addr🔹User Agent Handling
The user_agent field should contain the raw User-Agent string from the client’s request header. Do not parse or alter it.
🔹Example: Get User Agent
Node.js:
const userAgent = req.headers['user-agent'];PHP:
$userAgent = $_SERVER['HTTP_USER_AGENT'];Python (FastAPI):
user_agent = request.headers.get('user-agent')🔹Example Valid Payload
{
"phone": "+14155552671",
"email": "john.doe@example.com",
"ip": "49.36.241.41",
"name": "John Doe",
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)..."
}🔹Tips for Formatting
- ✅ Make sure all string fields are UTF-8 encoded
- ✅ Omit optional fields if not used
- 🚫 Do not send empty strings (
"") — they may be rejected - 📏 Email and name fields should be trimmed to avoid trailing whitespace
- 🕵️ User agent should be the exact string received from the browser or app