Signup And Request Screening

Screen signups, logins, and first requests.

Send email, IP, user agent, and hostname. Get back allow, challenge, review, or block with a score, reasons, and evidence.

Create account View pricing

Events

signup, login, first_action

Returns

decision, score, reasons

Setup

project, token, API call

Example response

Signup decision

challenge

{
  "decision": "challenge",
  "score": 68,
  "reasons": [
    "email_disposable_domain",
    "ip_signup_burst"
  ],
  "evidence": {
    "email_domain": "mailinator.com",
    "ip_signup_count_10m": 9
  }
}

What it checks

Disposable email domains
MX and DNS checks
IP, domain, and session velocity
Project allow and block rules

What It Checks

Simple checks at the start of the flow.

Use Bitterscreen at signup, login, or first action. Start with the obvious checks first, then review the score, reasons, and recent event history in the dashboard.

Email domain checks

Check disposable domains, missing MX records, and other basic email-domain problems before an account is created.

Traffic and velocity checks

Look at IP, domain, and session patterns so repeated signups or bursts can be challenged or blocked.

Project rules

Keep allowlists and blocklists per project so each app can enforce its own policy.

Review history

Store recent events, decisions, and feedback so you can see what happened and adjust policy over time.

API

One synchronous call.

Send `signup`, `login`, or `first_action` with email, IP, user agent, and hostname. The response includes a decision, a score, reasons, and a TTL.

API behavior

Use one endpoint for signup, login, and first-request checks.
Return `decision`, `score`, `reasons`, and evidence in one response.
Send feedback later if you want to mark false positives or confirmed abuse.

Request

curl -X POST https://bitterscreen.com/api/v1/screen \
  -H "Authorization: Bearer bsrn_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "event_type": "signup",
    "email": "person@example.com",
    "ip": "203.0.113.10",
    "user_agent": "Mozilla/5.0",
    "site_hostname": "app.example.com"
  }'

Response

{
  "screening_id": "scrn_01H...",
  "decision": "review",
  "score": 58,
  "reasons": [
    "mx_missing",
    "domain_recently_seen"
  ],
  "ttl_seconds": 900
}

Pricing

Plans

Choose a plan, create a project, copy its token, and start calling the API.

Starter

For one app that needs a real screening layer, not a security team.

$19/month

5,000 screenings each month
1 production project
Reason codes and event history

Start Starter

Pro

For teams screening multiple apps or heavier signup volume.

Default

$79/month

50,000 screenings each month
5 production projects
Best fit for multiple properties

Start Pro

Scale

For products that need a serious review layer without enterprise ceremony.

$249/month

250,000 screenings each month
25 production projects
More headroom for real review queues

Start Scale

Get Started

Create an account and get your API token.

Choose a plan, create a project, and use the token in your signup or login flow.

Create account Sign in