Open signup brings the wrong users
You want only approved users, but open registration lets in abusers and low-fit accounts. Manual checks take time and still miss bad signups.
Whitelist API for trusted signups and email sending
Approve exactly who can register or receive emails by specific address or entire domain. Control access with one `block` field, without building custom whitelist logic across services.
No credit card required. Test it with free credits.
1 field
for allow or deny decision (`block`)
2 rule types
exact email and full domain
On or Off
whitelist mode when policy changes
Real-time
policy checks in verification response
Whitelist solves high-cost policy mistakes
Keep only approved users and recipients in your flows while centralizing policy decisions in one API response.
Allow-list logic is duplicated across services
Signup flow, CRM sync, and campaign tools all need the same policy, but each service implements it differently and drifts over time.
You pay for sends to audiences you never wanted
When only certain customers should receive email, broad lists waste campaign budget and dilute metrics with recipients outside your policy.
Whitelist flow
How Whitelist works
Define who is allowed once, then make policy decisions from one field in every verification result.
01→
Add whitelist rules
Add exact emails like [email protected] or domains like company.com to define who is allowed.
02→
Enable whitelist mode when needed
Turn whitelist on when only listed emails and domains should be allowed. Turn it off when strict allow-only rules are not required.
03✓
Verify and decide by block
Use the `block` field in API response. `block: true` means deny, `block: false` means allow.
Verification API response example
GET /v1/[email protected]\nX-API-Key: your-api-key\n\n{\n "valid": true,\n "block": false,\n "domain": "customer.org"\n}What you can whitelist
Exact email
Allow one specific address when only selected users should pass.
Domain
Allow all mailboxes on approved domains like partner.com or customer.org.
Teams using Whitelist API in production
Real teams use whitelist rules to protect onboarding, tighten campaign targeting, and keep policy logic out of application code.
DR
Daniel Reed
Founder, B2B SaaS
“We switched whitelist on for enterprise trials and instantly stopped random signups. Sales now talks only to accounts we actually target.”
SM
Sofia Martinez
Lifecycle Marketing Lead
“For partner-only campaigns, we whitelist approved domains and avoid sending to the wrong audience. It cut wasted sends and improved campaign metrics.”
ML
Marcus Lee
Product Manager, Marketplace
“Before Whitelist API we had custom allow logic in multiple services. Now every flow reads the same `block` field and behaves consistently.”
Whitelist API FAQ
Which field should we use for allow or deny decisions?
Use the `block` field in verification response. If `block` is true, deny action. If `block` is false, allow action.
Can we whitelist both exact emails and full domains?
Yes. Add exact addresses for precise access, or add domains like `company.com` to allow all mailboxes on that domain.
Can we turn whitelist policy on and off?
Yes. Whitelist mode can be enabled or disabled, so you can enforce strict allow-only behavior only when your flow requires it.
Does this remove the need for custom allow-list logic?
Yes. You manage whitelist rules once and read `block` from API response, instead of duplicating matching logic across backend services.
What if an email is in whitelist and blacklist?
Blacklist has priority. If blacklist matches, `block` remains true even when whitelist contains the same email or domain.