ai · spam · prompt-injection · bots

The trust layer for everything that enters your stack.

InputGate scores risk, filters spam, and blocks bots — before bad data ever lands. No CAPTCHA, no friction for your users. One API call from your backend.

Start free Read the docs
99.3%
detection accuracy
NO
CAPTCHA shown to users
200M+
spam requests blocked
POST /v1/check
200 OK
→ request
{ "fields": { "message": "BUY CHEAP MEDS NOW!!!" },
  "client_ip": "203.0.113.42",
  "domain": "myapp.com",
  "context": "AI chatbot input on a healthcare platform" }
← response
{ "spam_score": 94,
  "is_spam": true,
  "reason": "aggressive promo language",
  "latency_ms": 38 }
trusted defaults
GDPR-ready by default
Edge-deployed worldwide
SOC 2 compatible logging
REST + JSON, no SDK
how it works

Three steps. Total protection.

Pipe inbound data through one POST. Get back a structured score with reasoning — in under 50 ms.

step 01

Send inbound data

Forward any inbound payload — form submissions, email contents, webhooks, AI prompts. One endpoint accepts them all.

step 02

AI risk analysis

Our engine combines content patterns, behavioral signals, IP reputation, and geo data into a single calibrated risk score.

step 03

Act on the verdict

Clean JSON response — score, recommendation, plain-English reasoning. Block, flag, or pass through. You decide.

features

Built for inbound. Nothing else.

Tight scope, deep engineering. Every feature exists to make one bad-input decision faster and more correct.

AI risk scoring

Every request gets a calibrated 0–100 score across multiple signal axes. Each axis — spam language, bot patterns, IP reputation, content quality — contributes a weighted sub-score. Use our built-in threshold or apply your own. The math is fully exposed, not a black box.

Spam signal
88
Bot signal
71
Content quality
17
IP reputation
62
No CAPTCHA. Zero friction.

InputGate filters at the server, not the browser. Your users never see a puzzle, a checkbox, or a slowdown. Invisible protection — entirely by design.

CAPTCHA puzzles "I'm not a robot" seamless UX
Privacy by default

Default retention is flagged_only — clean submissions are scored and discarded. GDPR Art. 25 compliant out of the box.

{ "retention": "none" }
// → fields + IP never stored
Geo filtering

Block or allow by country with one parameter.

US CA GB RU CN
Language rules

Require certain languages, block others. Detected via Unicode script analysis — zero added latency.

en (latin) latin (any) he · ru · ar · zh
Right-to-erasure API

Fulfil GDPR Art. 17 programmatically. One call deletes every log row tied to an IP — with an audit trail.

// POST /v1/erasure
{ "deleted": 12 }
architecture

One gateway. Many sources, clean outputs.

InputGate sits inline between your traffic sources and your downstream systems — applying layered checks in a single round trip.

inbound
Form submissions
Email pipelines
Webhook payloads
AI prompts
Automation events
InputGate
behavioral signals ip reputation heuristic scan prompt injection geo · language ai engine
verdict
Clean — passedscore · 08
Spam — blockedscore · 94
developer experience

Integrate in 5 minutes.

One POST. One JSON response. No SDK. No webhook plumbing. Just a curl-able endpoint that works from any language with an HTTP client.

// Score an inbound form submission

const res = await fetch(
  "https://api.inputgate.cloud/v1/check",
  {
    method:  "POST",
    headers: {
      "Authorization": `Bearer ${API_KEY}`,
      "Content-Type":  "application/json",
    },
    body: JSON.stringify({
      fields: {
        email:   req.body.email,
        message: req.body.message,
      },
      client_ip: req.ip,
      domain:    "myapp.com",
      context:   "Lead capture form on a real estate website",
      retention: "flagged_only", // GDPR-safe
    }),
  }
);

const { spam_score, is_spam, reason } = await res.json();
if (spam_score > 75) return reject(reason);
One endpoint, everything you need
POST your fields object → score, recommendation, plain-English reason. No webhooks. No callbacks. One round trip.
Works with any stack
Standard REST + JSON. Node, Python, PHP, Ruby, Go, Rust — anything that speaks HTTP.
Native automation support
Drop into Make, Zapier, or n8n with the built-in HTTP module — no code path required.
Secure by default
Bearer auth, TLS in transit, configurable retention per request, audit-logged erasure endpoint.
use cases

Anywhere data enters your stack.

Contact forms

Stop junk leads before they pollute your CRM and waste sales-team time.

AI workflows

Filter prompt injections, jailbreaks, and adversarial inputs before they reach your LLM.

Email inbound

Keep support queues clean. Filter bots and low-quality messages at the edge.

Webhooks

Validate inbound payloads before triggering downstream automations.

CRM pipelines

Score every record before write. Only real humans hit your funnel.

No-code automations

Drop into any Make / Zapier / n8n flow as an HTTP filter step.

pricing

Simple, transparent.

Start free. Scale as you grow. No per-seat pricing, no hidden fees, no minimum contracts.

starter
$0/mo
200 requests / mo
  • AI spam detection
  • Risk scoring + reason
  • REST API access
  • Community support
Start free
most popular
growth
$19/mo
10,000 requests / mo
  • Everything in Starter
  • Geo & language filtering
  • Configurable retention
  • Domain reputation
  • Email support
Get started
scale
$99/mo
200,000 requests / mo
  • Everything in Growth
  • 90-day log retention
  • Priority processing
  • SLA guarantee
  • Priority support
Get started
more
Let's talk
custom volume
  • Everything in Scale
  • Dedicated infra
  • Custom retention
  • EU-only deployment
  • Dedicated CSM
Contact us

Start filtering
smarter.

Drop InputGate into your stack today. Protect every inbound workflow in under five minutes.

Start free Read the docs