CleanTalk Anti-Spam "check_message" API method description

This method is the best to use on forms that contain User-generated content (UGC) like a comment, review, or contact form.

  1. Collect web-form data.
  2. Send data JSON via a POST request to https://moderate.cleantalk.org/api2.0.
  3. Parse the response and make a decision.

Request

Response

Code Examples

Related Links

 

{
	"method_name":"check_message",
	"auth_key":"your_access_key",
	"sender_email":"stop_email@example.com",
	"sender_nickname":"John Doe",
	"sender_ip":"127.0.0.1",
	"event_token":"sha_256_string_of_event_token"
	"submit_time":15,
	"sender_info": {
		"REFERRER": "https:/referrer-site.com",
		"USER_AGENT": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3835.0 Safari/537.36"
		},
	"message": "Hello I am a spammer visit this https://badlinkexample.com"
}

Necessary information about the data processing

Parameter Explanation
HTTP Method POST
Data format JSON
URL https://moderate.cleantalk.org/api2.0

The method will not work without these parameters 

Parameter Explanation
method_name Must be "check_message"
auth_key Access Key. To obtain a key please register an account here

These parameters are necessary for filtering spam

Parameter Explanation
sender_ip Sender's IP
sender_email Sender's email
sender_nickname Sender's nickname
event_token You need to add a special script, https://moderate.cleantalk.org/ct-bot-detector-wrapper.js, to your page layout. It will collect visitor data from your website's frontend on our server. When you send a spam check request to our server, all data collected from the frontend will be linked to the request by the value of the event_token parameter. 
event_token_enabled To filter spam correctly, you must set this flag to 1 if you have enabled the Bot Detector and are passing the event_token.
submit_time  Form submitting time in seconds. You don't need to pass this parameter if you passed the event_token_enabled flag and enabled the Bot Detector.
js_on JavaScript test flag.  1 — the built‑in JavaScript successfully ran in the visitor’s browser.  0 or missing — the script didn’t run. You don't need to pass this parameter if you passed the event_token_enabled flag and enabled the Bot Detector.
message The visitor's message. Will be checked for suspicious contacts, links, and many other conditions.
all_headers HTTP-request headers (JSON encoded).
sender_info

Information about the sender (JSON encoded). Include the next mandatory params:

REFERRER: the content of $_SERVER["HTTP_REFERER"]

USER_AGENT: the content of $_SERVER["HTTP_USER_AGENT"] 

The server's response is independent of the platform.

{
	"version" : "7.47",
	"inactive" : 0,
	"js_disabled" : 0,
	"blacklisted" : 1,
	"comment" : "*** Forbidden. Sender blacklisted. ***",
	"codes" : "DENIED BL",
	"fast_submit" : 0,
	"id" : "5a49267e202169b3a4d9ddefee190065",
	"account_status" : 1,
	"allow" : 0
}
Key Explanation
js_disabled JavaScript is disabled or not (1/0)
blacklisted The sender is in the CleanTalk Blacklists
comment Server comment regarding the request, used to display to the user
codes

Server response codes. Can be listed with spaces:

  • 'ALLOWED' - Request approved
  • 'ALLOWED_PRIV_LIST' - Request approved by private list
  • 'BL' - Sender blacklisted
  • 'BL_DOMAIN' - HTTP links written by the sender are blacklisted
  • 'CONTACTS_DATA' - Contains contacts
  • 'DENIED' - Request forbidden
  • 'DENIED_PRIV_LIST' - Request forbidden by private list
  • 'EMAIL_DOMAIN_DISPOSABLE' - Email is disposable/one-time use
  • 'EMAIL_DOMAIN_NOT_EXISTS' - Email domain doesn't exist
  • 'EMAIL_NOT_EXISTS' - Email doesn't exist
  • 'FAST_SUBMIT' - Form submitted too quickly
  • 'JS_DISABLED' - JavaScript is disabled
  • 'KEY_NOT_FOUND' - Access Key not found in our database
  • 'MULT_MESSAGE' - Massive posting
  • 'SEEMS_SPAM_EMAIL' - Email contains spam templates
  • 'SEEMS_SPAM_HEADERS' - HTTP-request headers look like spam
  • 'SEEMS_SPAM_MESSAGE' - Message contains spam templates
  • 'SEEMS_SPAM_NICK' - Nickname contains spam templates
  • 'SERVICE_DISABLED' - Service disabled. Check account status
  • 'STOP_LIST' - Contains stop words
  • 'TRIAL_EXPIRED' - The trial period expired
  • 'USERNAME_SPAM' - Spam in the sender's name
fast_submit Form submitted too often. Please note the difference from the FAST_SUBMIT code.
id Request ID (helpful for our support).
account_status Is the account enabled or not (1/0).
allow Server decision. Request allowed (1) or not (0)

In the server response code, you can also see the result of checking an email address for existence. If a blocked request contains a non-existent e-mail address, you will see the next text in the API response code field: "DENIED EMAIL_NOT_EXISTS" 

Please note, that this code will be displayed only if a non-existent email is the main reason for blocking.

To integrate CleanTalk with your project, please use our official libraries.
All examples are available in GitHub repositories (see README files for usage):

 

CLI example

wget -O- --post-data='{"method_name":"check_message","auth_key":"your_acccess_key","sender_email":"stop_email@example.com","sender_nickname":"John Doe","sender_ip":"127.0.0.1","js_on":1,"submit_time":15}' https://moderate.cleantalk.org/api2.0
package main

import (
	"encoding/json"
	"fmt"
	"io"
	"io/ioutil"
	"net/http"
	"strings"
)

var authKey string = "enter_your_key"
var configUrg string = "http://moderate.cleantalk.org/api2.0/"
var agent string = "golang-api"

type messageInputData struct {
	MethodName     string `json:"method_name"`
	AuthKey        string `json:"auth_key"`
	Agent          string `json:"agent"`
	SenderEmail    string `json:"sender_email"`
	SenderIp       string `json:"sender_ip"`
	SenderNickname string `json:"sender_nickname"`
	JsOn           uint   `json:"js_on"`
	SubmitTime     uint   `json:"submit_time"`
	AllHeaders     string `json:"all_headers"`
	Message        string `json:"message"`
	SenderInfo     string `json:"sender_info"`
	ResponseLang   string `json:"response_lang"`
	PostInfo       string `json:"post_info"`
	StoplistCheck  uint   `json:"stoplist_check"`
}

type MessageResultData struct {
	Version       string `json:"version"`
	Inactive      uint   `json:"inactive"`
	JsDisabled    uint   `json:"js_disabled"`
	Blacklisted   string `json:"blacklisted"`
	Comment       string `json:"comment"`
	Codes         string `json:"codes"`
	FastSubmit    uint   `json:"fast_submit"`
	Id            string `json:"id"`
	AccountStatus uint   `json:"account_status"`
	Allow         uint   `json:"allow"`
	StopQueue     uint   `json:"stop_queue"`
	Spam          uint   `json:"spam"`
}

func main() {
	inputData := messageInputData{
		MethodName:     "check_message",
		AuthKey:        authKey,
		Agent:          agent,
		SenderEmail:    "stop_email@example.com",
		SenderIp:       "192.168.0.1",
		SenderNickname: "testuser",
		JsOn:           1,
		SubmitTime:     5,
		Message:        "Test message",
	}

	resultData, err := CheckMessage(inputData)
	if err != nil {
		fmt.Println(err.Error())
		return
	}
	if resultData.Allow == 1 {
		fmt.Println(fmt.Sprintf("User allowed. Reason %s", resultData.Comment))
		return
	}
	fmt.Println(fmt.Sprintf("User forbidden. Reason %s", resultData.Comment))
}

func CheckMessage(inputData messageInputData) (MessageResultData, error) {
	inputDataBytes, err := json.Marshal(inputData)
	var resultData MessageResultData
	if err != nil {
		return resultData, err
	}
	var body io.Reader = strings.NewReader(string(inputDataBytes))
	req, err := http.NewRequest(http.MethodPost, configUrg, body)
	if err != nil {
		return resultData, err
	}
	req.Header.Set("Content-Type", "application/json")

	client := &http.Client{}
	resp, err := client.Do(req)
	if err != nil {
		return resultData, err
	}
	defer resp.Body.Close()

	answer, err := ioutil.ReadAll(resp.Body)
	if err != nil {
		return resultData, err
	}
	err = json.Unmarshal(answer, &resultData)
	return resultData, nil

}

Available features related to the method:

  • CleanTalk's Personal Blacklist or Whitelist feature helps you to block unwanted users and to allow users that were recognized as spammers.
  • The Stop-Word feature allows you to block comments and nicknames that contain any word from your Stop-Word List.
  • Country Blacklist allows you to block all comments and registration coming from selected countries.

Stop-Word and Country Blacklist features are available after purchasing our Extra Package. Go to your Renewal License Page to see the details.

Was this information helpful?

It would also be interesting

Copied to clipboard