Stop Contact Form Spam Before It Reaches Your Inbox.

Tired of junk leads and fake inquiries clogging your inbox? InputGate is a contact form spam protection API that scores every submission in real time — before it reaches your CRM, email, or helpdesk. No CAPTCHA. One API call from your backend.

Clean Inbox
with real leads
NO CAPTCHA
transparent to users
200M+
spam requests blocked
POST /v1/check
200 OK
→ request
{ "fields": { "message": "BUY CHEAP MEDS NOW!!!" },
  "client_ip": "203.0.113.42",
  "domain": "myapp.com",
  "context": "Contact form on a SaaS landing page" }
← response
{ "spam_score": 94,
  "is_spam": true,
  "reason": "aggressive promo language",
  "latency_ms": 38 }
trusted defaults
GDPR-ready by default
Edge-deployed worldwide
SOC 2 compatible logging
REST + JSON, no SDK
how it works

Three steps. Zero spam.

One API call. One JSON response. Forward any contact form submission and get back a spam score with plain-English reason — in under 50 ms.

step 01

Forward the form submission

When a visitor submits a contact form, forward the fields to InputGate's API. One POST. Works with any backend — Node.js, PHP, Python, Next.js, Laravel, WordPress, or any stack that speaks HTTP.

step 02

AI spam analysis

Our engine combines spam language patterns, bot behavioral signals, IP reputation, and geo data into a single calibrated spam score — tuned for real-world form abuse.

step 03

Block spam, pass clean leads

Clean JSON response — score, verdict, plain-English reason. Block fake submissions, flag borderline ones, let real leads through. Your inbox stays clean.

features

Built for website forms. Ready for any inbound request.

Junk leads clogging your CRM. Spam tickets burying real support requests. Fake inquiries wasting your sales team's time. InputGate is a form spam protection API that stops fake submissions at the source — and scales to protect any inbound data.

AI risk scoring

Every form submission gets a calibrated 0–100 spam score across multiple signal axes. Each axis — spam language, bot patterns, IP reputation, content quality — contributes a weighted sub-score. Use our built-in threshold or set your own. The math is fully exposed, not a black box.

Spam signal
88
Bot signal
71
Content quality
17
IP reputation
62
No CAPTCHA. Zero friction.

InputGate filters spam at the server, not the browser. Your visitors never see a puzzle, a checkbox, or a slowdown. Invisible form protection — entirely by design.

CAPTCHA puzzles "I'm not a robot" seamless UX
Privacy by default

Default retention is flagged_only - clean submissions are scored and discarded. GDPR Art. 25 compliant out of the box.

{ "retention": "none" }
// → fields + IP never stored
Geo filtering

Block or allow by country with one parameter.

US CA GB RU CN
Language rules

Require certain languages, block others. Detected via Unicode script analysis - zero added latency.

en (latin) latin (any) he · ru · ar · zh
Right-to-erasure API

Fulfil GDPR Art. 17 programmatically. One call deletes every log row tied to an IP - with an audit trail.

// POST /v1/erasure
{ "deleted": 12 }
architecture

Website form → InputGate → Clean submission.

InputGate sits between your contact form and your inbox. Every submission is scored for spam in real time — fake inquiries are blocked, real leads flow through to your email, CRM, Slack, or helpdesk. No junk. No wasted sales time.

inbound
Contact forms
Lead gen forms
Quote request forms
Support & signup forms
Webhooks & CRM
InputGate
behavioral signals ip reputation heuristic scan prompt injection geo · language ai engine
verdict
Clean - passedscore · 08
Spam - blockedscore · 94
developer experience

Integrate in 5 minutes.

One endpoint. One JSON response. No SDK, no webhook plumbing. A developer-first spam filtering API that integrates in minutes — from any language, any framework, any backend.

// Score an inbound form submission

const res = await fetch(
  "https://api.inputgate.cloud/v1/check",
  {
    method:  "POST",
    headers: {
      "Authorization": `Bearer ${API_KEY}`,
      "Content-Type":  "application/json",
    },
    body: JSON.stringify({
      fields: {
        email:   req.body.email,
        message: req.body.message,
      },
      client_ip: req.ip,
      domain:    "myapp.com",
      context:   "Lead capture form on a real estate website",
      retention: "flagged_only", // GDPR-safe
    }),
  }
);

const { spam_score, is_spam, reason } = await res.json();
if (spam_score > 75) return reject(reason);
One endpoint, every form protected
POST your form's fields object → spam score, verdict, plain-English reason. No webhooks. No callbacks. One round trip per submission.
Works with any stack
Standard REST + JSON. Works with React, Next.js, Vue, Laravel, Express, WordPress, and any backend that speaks HTTP. Framework agnostic, language agnostic.
Protect any form type
Contact forms, lead gen, quote requests, support tickets, registration, newsletter signups — one endpoint protects every form on your site.
Secure by default
Bearer auth, TLS in transit, configurable retention per request, audit-logged erasure endpoint.
use cases

Every form on your site. Protected.

Contact forms

Stop fake inquiries and spam bots before they reach your inbox. Works with HTML forms, React, Next.js, Contact Form 7, Gravity Forms, and Elementor.

Lead gen forms

Junk leads cost your sales team hours every week. Filter out bot signups and fake submissions so only real prospects enter your pipeline.

Quote request forms

Fake quote requests waste your team's time and inflate your email costs. Score every submission before it triggers a notification or enters your CRM.

Support forms

Real customer issues get buried under spam tickets. Block automated submissions before they enter your queue and slow down your team's response time.

Registration & signup

Bot signups inflate your user counts and pollute your analytics. Score every registration before it creates an account or triggers a welcome email.

Newsletter & comment forms

Throwaway addresses and bot comments hurt deliverability and inflate costs. Keep your list clean and your engagement metrics real — automatically.

battle-tested
"InputGate grew out of years of protecting WordPress websites from spam and abusive submissions."

That hard-won experience - hundreds of millions of real attacks analyzed, patterns learned, edge cases handled - is now available as a single API call for any stack.

Maspik - Anti-Spam wp plugin
880K+ downloads  ·  ★ 4.7 (85 ratings)
200M+
spam & phishing submissions blocked
880K+
WordPress plugin downloads
5+
years in production
pricing

Simple, transparent.

Start free. Scale as you grow. No per-seat pricing, no hidden fees, no minimum contracts.

starter
$0/mo
200 requests / mo
  • AI spam detection
  • Risk scoring + reason
  • REST API access
  • Community support
Start free
scale
$99/mo
200,000 requests / mo
  • Everything in Growth
  • 90-day log retention
  • Priority processing
  • SLA guarantee
  • Priority support
Get started
more
Let's talk
custom volume
  • Everything in Scale
  • Dedicated infra
  • Custom retention
  • EU-only deployment
  • Dedicated CSM
Contact us

From the blog

Practical guides on spam protection, bot detection, and safer web apps.

All posts

One API.
Every form. Zero spam.

Add contact form spam protection to any website in minutes. Works with React, Next.js, Vue, WordPress, Laravel, or any custom backend. No CAPTCHA. No friction. Just clean leads in your inbox.