API Reference
AntiScammer API Reference
Public API for scammer lookup, message canonicalization, scam detection, and ban requests.
Base URL
Use the API base URL provided when you receive your API key (e.g. from the staff dashboard or partnership).
Authentication
Protected endpoints require an API key.
Headers
X-API-Key: YOUR_API_KEY
Notes
- API keys can expire; expired or invalid keys return HTTP 401.
- Send the key in headers only, not in query parameters.
Health check
GET /health
Auth: None
Check if the API is online.
Response: { "ok": true }
Scammer lookup (single)
GET /lookup/{user_id}
Auth: Required
Check if a Discord user ID is flagged as a scammer.
Path: user_id – Discord user ID (non-digits are stripped).
Query: include_reason (optional boolean) – include scam reason when flagged.
Response (flagged): { "user_id": "...", "is_flagged": true, "reason": "..." }
Response (not flagged): { "user_id": "...", "is_flagged": false }
Scammer lookup (batch)
POST /lookup
Auth: Required
Look up multiple Discord user IDs in one request.
Body: { "user_ids": ["id1", "id2"], "include_reason": true }
Limits: 1–500 user IDs per request.
Message canonicalization
POST /canonicalize
Auth: Required
Normalize a message and detect obfuscation (vertical text, emoji padding, markdown abuse, etc.).
Body: { "message": "..." }
Scam detection
POST /detect
Auth: Required
ML-based scam detection with optional conversation context.
Body: { "message": "...", "context_messages": [...] }
Response: { "probability": 97.3, "is_scam": true, "decision": true, "confidence": "high", "reason": "..." }
Ban request
POST /banrequest
Auth: Required
Submit a ban request for a user. Proof is required (file upload).
Form fields: user_id (required), reason (required), notes (optional), proof (file, required).
Security
- Do not expose API keys publicly.
- Use HTTPS only.
- Rotate keys periodically.
- Avoid flooding the API.