# Email verification API — developer summary (LLM-friendly)

<!--
  Short contract summary; pair with /api/ for full prose and examples.
-->

## Endpoint

- **Method:** `POST` only (`GET` is intentionally not supported on `/verify`).  
- **Path:** `/verify` on your deployed verifier origin (not necessarily the marketing site host).  
- **Body:** JSON with field **`email`** (example: `{"email":"user@email.com"}`).  
- **Auth (optional):** Header **`X-API-Key`** when the server is configured with **`API_KEY`**.

## Response concepts

Responses are designed for integration into apps and backends:

- **`classification`** — `deliverable` | `undeliverable` | `risky` | `unknown` (primary UX field).  
- **`status`** — granular machine-readable status (implementation-defined enumeration).  
- **`score`** — numeric composite; use **with** classification.  
- **MX / SMTP fields** — hosts, codes, messages for debugging (exact shape depends on server version).

## Security and integration posture

- Prefer **server-side** calls so optional API keys stay off public browsers.  
- If browser callers exist, **narrow `CORS_ORIGINS`** deliberately; default permissive CORS is risky for abuse.

## Related pages

- HTML docs: `/api/`  
- Product context: `/llm/overview.md`