API Reference
SpoofSentry REST API — build integrations with DMARC monitoring, enforcement, and sender governance.
Quick Start
Authentication
All authenticated endpoints accept a Bearer token or session cookie. API keys can be created in Settings → API Keys.
# Using API key
curl -H "Authorization: Bearer YOUR_API_KEY" \
https://api.spoofsentry.com/api/domains
TypeScript SDK
// Install
npm install @domainseal/sdk
import { SpoofSentryClient } from '@domainseal/sdk';
const client = new SpoofSentryClient('YOUR_API_KEY');
const domains = await client.domains.list();
Rate Limits
API keys: 200 req/min. General routes: 100 req/min. Auth routes: 10 req/min. Rate limit headers: X-RateLimit-Limit, X-RateLimit-Remaining.
Error Codes
| Code | HTTP | Description |
|---|---|---|
| UNAUTHORIZED | 401 | Missing or invalid authentication |
| FORBIDDEN | 403 | Insufficient permissions or API key scope |
| PLAN_LIMIT | 403 | Feature not available on current plan |
| CREDIT_EXHAUSTED | 403 | AI credit budget exhausted for this period |
| NOT_FOUND | 404 | Resource not found |
| VALIDATION_ERROR | 400 | Request body failed schema validation |
| DUPLICATE | 409 | Resource already exists |
| RATE_LIMITED | 429 | Too many requests — retry after cooldown |