CleanTalk Anti-Spam "check_newuser" API method description

This API method is best suited for filtering spam registrations, subscriptions, and other forms where there are no additional fields for user input or where you do not need to check these fields (polls, eCommerce orders, etc.).

  1. Collect web-form data.
  2. Send data JSON via a POST request to https://moderate.cleantalk.org/api2.0
  3. Parse the response and make a decision.

Request

Response

Code Examples

Related Links

 

{
	"method_name":"check_newuser",
	"auth_key":"your_access_key",
	"sender_email":"stop_email@example.com",
	"sender_nickname":"John Doe",
	"sender_ip":"127.0.0.1",
	"event_token":"sha_256_string_of_event_token"
	"submit_time":15,
	"sender_info": {
		"REFERRER": "https:/referrer-site.com",
		"USER_AGENT": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3835.0 Safari/537.36"
		}
}

Necessary information about the data processing

Parameter Explanation
HTTP Method POST
Data format JSON
URL https://moderate.cleantalk.org/api2.0

The method will not work without these parameters

Parameter Explanation
method_name Must be "check_newuser"
auth_key Access Key. To obtain a key please register an account here

These parameters are necessary for filtering spam

Parameter Explanation
sender_ip Sender's IP
sender_email Sender's email
sender_nickname Sender's nickname
event_token You need to add a special script, https://moderate.cleantalk.org/ct-bot-detector-wrapper.js, to your page layout. It will collect visitor data from your website's frontend on our server. When you send a spam check request to our server, all data collected from the frontend will be linked to the request by the value of the event_token parameter. 
event_token_enabled To filter spam correctly, you must set this flag to 1 if you have enabled the Bot Detector and are passing the event_token.
submit_time  Form submitting time in seconds. You don't need to pass this parameter if you passed the event_token_enabled flag and enabled the Bot Detector.
js_on JavaScript test flag.  1 — the built‑in JavaScript successfully ran in the visitor’s browser.  0 or missing — the script didn’t run. You don't need to pass this parameter if you passed the event_token_enabled flag and enabled the Bot Detector.
all_headers HTTP-request headers (JSON encoded).
sender_info

Information about the sender (JSON encoded). Include the next mandatory params:

REFERRER: the content of $_SERVER["HTTP_REFERER"]

USER_AGENT: the content of $_SERVER["HTTP_USER_AGENT"] 

The server's response is independent of the platform.

{
	"version" : "7.47",
	"inactive" : 0,
	"js_disabled" : 0,
	"blacklisted" : 1,
	"comment" : "*** Forbidden. Sender blacklisted. ***",
	"codes" : "FORBIDDEN BL",
	"fast_submit" : 0,
	"id" : "5a49267e202169b3a4d9ddefee190065",
	"account_status" : 1,
	"allow" : 0
}

 

Key Explanation
js_disabled JavaScript is disabled or not (1/0)
blacklisted The sender is in the CleanTalk Blacklists
comment Server comment regarding the request, used to display to the user
codes

Server response codes. Can be listed with spaces:

  • 'ALLOWED_PRIV_LIST' - Request approved by private list
  • 'ALLOWED_USER' - User approved
  • 'BL' - Sender blacklisted.
  • 'DENIED_PRIV_LIST' - User forbidden by private list
  • 'EMAIL_DOMAIN_DISPOSABLE' - Email is disposable/one-time use
  • 'EMAIL_DOMAIN_NOT_EXISTS' - Email domain doesn't exist
  • 'EMAIL_NOT_EXISTS' - Email doesn't exist
  • 'FAST_SUBMIT' - Form submitted too quickly
  • 'FORBIDDEN' - User forbidden
  • 'JS_DISABLED' - JavaScript is disabled
  • 'KEY_NOT_FOUND' - Access Key not found in our database
  • 'SEEMS_SPAM_EMAIL' - Email contains spam templates
  • 'SEEMS_SPAM_HEADERS' - HTTP-request headers look like spam
  • 'SEEMS_SPAM_NICK' - Nickname contains spam templates
  • 'SERVICE_DISABLED' - Service disabled. Check account status
  • 'STOP_LIST' - Contains stop words
  • 'TRIAL_EXPIRED' - The trial period expired
fast_submit Form submitted too often. Please note the difference from the FAST_SUBMIT code.
id Request ID (helpful for our support).
account_status Is the account enabled or not (1/0).
allow Server decision. Request allowed (1) or not (0)

In the server response code, you can also see the result of checking an email address for existence. If a blocked request contains a non-existent e-mail address, you will see the next text in the API response code field: "FORBIDDEN EMAIL_NOT_EXISTS" 

Please note, that this code will be displayed only if a non-existent email is the main reason for blocking.

To integrate CleanTalk with your project, please use our official libraries.
All examples are available in GitHub repositories (see README files for usage):

 

CLI example

wget -O- --post-data='{"method_name":"check_newuser","auth_key":"your_acccess_key","sender_email":"stop_email@example.com","sender_nickname":"John Doe","sender_ip":"127.0.0.1","js_on":1,"submit_time":15}' https://moderate.cleantalk.org/api2.0

Backend (GoLang)

package main

import (
	"encoding/json"
	"fmt"
	"io"
	"io/ioutil"
	"net/http"
	"strings"
)

var authKey string = "enter_your_key"
var configUrg string = "http://moderate.cleantalk.org/api2.0/"
var agent string = "golang-api"

type newUserInputData struct {
	AuthKey        string `json:"auth_key"`
	Agent          string `json:"agent"`
	SenderEmail    string `json:"sender_email"`
	SenderIp       string `json:"sender_ip"`
	SenderNickname string `json:"sender_nickname"`
	JsOn           uint   `json:"js_on"`
	SubmitTime     uint   `json:"submit_time"`
}

type NewUserResultData struct {
	Version       string `json:"version"`
	Inactive      uint   `json:"inactive"`
	JsDisabled    uint   `json:"js_disabled"`
	Blacklisted   string `json:"blacklisted"`
	Comment       string `json:"comment"`
	Codes         string `json:"codes"`
	FastSubmit    uint   `json:"fast_submit"`
	Id            string `json:"id"`
	AccountStatus uint   `json:"account_status"`
	Allow         uint   `json:"allow"`
}

func main() {
	inputData := newUserInputData{
		MethodName:     "check_newuser",
		AuthKey:        authKey,
		Agent:          agent,
		SenderEmail:    "stop_email@example.com",
		SenderIp:       "192.168.0.1",
		SenderNickname: "testuser",
		JsOn:           1,
		SubmitTime:     5,
	}

	resultData, err := CheckNewuser(inputData)
	if err != nil {
		fmt.Println(err.Error())
		return
	}
	if resultData.Allow == 1 {
		fmt.Println(fmt.Sprintf("User allowed. Reason %s", resultData.Comment))
		return
	}
	fmt.Println(fmt.Sprintf("User forbidden. Reason %s", resultData.Comment))
}

func CheckNewuser(inputData newUserInputData) (NewUserResultData, error) {
	inputDataBytes, err := json.Marshal(inputData)
	var resultData NewUserResultData
	if err != nil {
		return resultData, err
	}
	var body io.Reader = strings.NewReader(string(inputDataBytes))
	req, err := http.NewRequest(http.MethodPost, configUrg, body)
	if err != nil {
		return resultData, err
	}
	req.Header.Set("Content-Type", "application/json")

	client := &http.Client{}
	resp, err := client.Do(req)
	if err != nil {
		return resultData, err
	}
	defer resp.Body.Close()

	answer, err := ioutil.ReadAll(resp.Body)
	if err != nil {
		return resultData, err
	}
	err = json.Unmarshal(answer, &resultData)
	return resultData, nil
}

Frontend (HTML)

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
    <script src="https://moderate.cleantalk.org/ct-bot-detector-wrapper.js" id="ct-bot-detector-js></script>
</head>
<body>
  <form method="post" action="chek_newuser.php">
      <label for="login">Login:</label>
      <input type="text" name="login" id="login" /> <br />
      <label for="email">Email:</label>
      <input type="text" name="email" id="email" value="" /> <br />
      <input type="submit" />
  </form>
</body>
</html>

Available features related to the method:

  • CleanTalk's Personal Blacklist or Whitelist feature helps you to block unwanted users and to allow users that were recognized as spammers.
  • The Stop-Word feature allows you to block comments and nicknames that contain any word from your Stop-Word List.
  • Country Blacklist allows you to block all comments and registration coming from selected countries.

Stop-Word and Country Blacklist features are available after purchasing our Extra Package. Go to your Renewal License Page to see the details.

Was this information helpful?

It would also be interesting

Copied to clipboard