ai · spam · prompt-injection · bots

The trust layer for everything that enters your stack.

One API call between your forms, emails, automations and the rest of your system. InputGate scores risk, filters spam, blocks bots — before bad data ever lands.

Start free Read the docs
99.3%
detection accuracy
<50ms
p50 latency
1 call
to integrate
POST /v1/check
200 OK
→ request
{ "fields": { "message": "BUY CHEAP MEDS NOW!!!" },
  "client_ip": "203.0.113.42",
  "domain": "myapp.com" }
← response
{ "spam_score": 94,
  "is_spam": true,
  "reason": "aggressive promo language",
  "latency_ms": 38 }
trusted defaults
GDPR-ready by default
Edge-deployed worldwide
SOC 2 compatible logging
REST + JSON, no SDK
how it works

Three steps. Total protection.

Pipe inbound data through one POST. Get back a structured score with reasoning — in under 50 ms.

step 01

Send inbound data

Forward any inbound payload — form submissions, email contents, webhooks, AI prompts. One endpoint accepts them all.

step 02

AI risk analysis

Our engine combines content patterns, behavioral signals, IP reputation, and geo data into a single calibrated risk score.

step 03

Act on the verdict

Clean JSON response — score, recommendation, plain-English reasoning. Block, flag, or pass through. You decide.

features

Built for inbound. Nothing else.

Tight scope, deep engineering. Every feature exists to make one bad-input decision faster and more correct.

AI risk scoring

Every request gets a calibrated 0–100 score across multiple signal axes. Use our recommendation or apply your own threshold — the math is exposed, not hidden.

Spam signal
88
Bot signal
71
Content quality
17
IP reputation
62
Sub-50ms p50

Deployed at the edge. Sits inline in user-facing flows without users noticing.

POST /v1/check32 ms
POST /v1/check41 ms
POST /v1/check28 ms
Privacy by default

Default retention is flagged_only — clean submissions are scored and discarded. GDPR Art. 25 compliant out of the box.

{ "retention": "none" }
// → fields + IP never stored
Geo filtering

Block or allow by country with one parameter.

US CA GB RU CN
Language rules

Require certain languages, block others. Detected via Unicode script analysis — zero added latency.

en (latin) latin (any) he · ru · ar · zh
Right-to-erasure API

Fulfil GDPR Art. 17 programmatically. One call deletes every log row tied to an IP — with an audit trail.

// POST /v1/erasure
{ "deleted": 12 }
architecture

One gateway. Many sources, clean outputs.

InputGate sits inline between your traffic sources and your downstream systems — applying layered checks in a single round trip.

inbound
Form submissions
Email pipelines
Webhook payloads
AI prompts
Automation events
InputGate
auth quota ip reputation blacklist geo · language ai engine
verdict
Clean — passed
Suspicious — flagged
Spam — blocked
developer experience

Integrate in 5 minutes.

One POST. One JSON response. No SDK. No webhook plumbing. Just a curl-able endpoint that works from any language with an HTTP client.

// Score an inbound form submission const res = await fetch( "https://api.inputgate.cloud/v1/check", { method: "POST", headers: { "Authorization": `Bearer ${'{'}KEY{'}'}` }, body: JSON.stringify({ fields: { email: req.body.email, message: req.body.message, }, client_ip: req.ip, domain: "myapp.com", retention: "flagged_only" // GDPR-safe }) } ); const { spam_score, is_spam, reason } = await res.json(); if (spam_score > 75) return reject(reason);
One endpoint, everything you need
POST your fields object → score, recommendation, plain-English reason. No webhooks. No callbacks. One round trip.
Works with any stack
Standard REST + JSON. Node, Python, PHP, Ruby, Go, Rust — anything that speaks HTTP.
Native automation support
Drop into Make, Zapier, or n8n with the built-in HTTP module — no code path required.
Secure by default
Bearer auth, TLS in transit, configurable retention per request, audit-logged erasure endpoint.
use cases

Anywhere data enters your stack.

Contact forms

Stop junk leads before they pollute your CRM and waste sales-team time.

AI workflows

Filter prompt injections, jailbreaks, and adversarial inputs before they reach your LLM.

Email inbound

Keep support queues clean. Filter bots and low-quality messages at the edge.

Webhooks

Validate inbound payloads before triggering downstream automations.

CRM pipelines

Score every record before write. Only real humans hit your funnel.

No-code automations

Drop into any Make / Zapier / n8n flow as an HTTP filter step.

pricing

Simple, transparent.

Start free. Scale as you grow. No per-seat pricing, no hidden fees, no minimum contracts.

starter
$0/mo
200 requests / mo
  • AI spam detection
  • Risk scoring + reason
  • REST API access
  • Community support
Start free
most popular
growth
$19/mo
10,000 requests / mo
  • Everything in Starter
  • Geo & language filtering
  • Configurable retention
  • Domain reputation
  • Email support
Get started
scale
$99/mo
200,000 requests / mo
  • Everything in Growth
  • 90-day log retention
  • Priority processing
  • SLA guarantee
  • Priority support
Get started
more
Let's talk
custom volume
  • Everything in Scale
  • Dedicated infra
  • Custom retention
  • EU-only deployment
  • Dedicated CSM
Contact us

Start filtering
smarter.

Drop InputGate into your stack today. Protect every inbound workflow in under five minutes.

Start free Read the docs