ApiCrate v0.4 is our biggest release yet. Here's what's new since v0.2 — new APIs, faster parsing, spatial search, and a much better MCP experience.
Email Risk Scoring¶
New in v0.3, now refined in v0.4. Check any email address for fraud signals before it hits your database:
curl -X POST https://api.apicrate.io/api/v1/email/risk \
-H "X-API-Key: YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{"email": "user@tempmail.org"}'
The API checks for disposable domains, validates MX records, and returns a risk score. It also normalizes email addresses with provider-aware canonical forms — so j.doe+spam@gmail.com and jdoe@gmail.com resolve to the same identity.
Available as both REST endpoints and MCP tools (apicrate-check-email-risk and apicrate-check-email-risk-bulk).
Spatial Postal Code Search¶
The postal code API now supports geographic queries. Find postal codes near any point on earth:
curl -X POST https://api.apicrate.io/api/v1/postal/GB/nearby \
-H "X-API-Key: YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{"lat": 51.5074, "lng": -0.1278, "radius_km": 5}'
New endpoints and MCP tools in this release:
- Find nearby postal codes —
POST /api/v1/postal/{country}/nearby— search by coordinates and radius - List postal systems —
GET /api/v1/postal— browse all 250+ supported countries - Get postal system details —
GET /api/v1/postal/{country}— format rules, validation patterns, and metadata per country - Bulk validation —
POST /api/v1/postal/validate— validate up to 100 postal codes in a single request
All postal data is spatially indexed, enabling fast geographic queries that weren't possible before.
UA Spoofing Detection¶
User-agent parsing now includes a ua_only field — the result of parsing just the UA string, ignoring any client hints that were provided.
Why does this matter? When a request sends both a UA string and client hints, comparing the two reveals spoofing. If the UA string says "Chrome on Windows" but the hints say "Safari on iOS," something is off.
resp = requests.post(
"https://api.apicrate.io/api/v1/ua",
headers={"X-API-Key": "YOUR_KEY"},
json={
"ua": "Mozilla/5.0 ... Chrome/120.0",
"headers": {
"Sec-CH-UA-Platform": "iOS",
"Sec-CH-UA": "\"Safari\";v=\"17\"",
},
},
)
data = resp.json()["data"]
# data["client"]["name"] → "Safari" (from hints)
# data["ua_only"]["client"]["name"] → "Chrome" (from UA string alone)
# Mismatch → likely spoofed
1.8x Faster UA Parsing¶
We built a native Rust extension that accelerates the regex-heavy part of UA parsing. The parser attempts over 500 regex patterns sequentially to identify browsers, operating systems, and devices. The Rust RegexMatcher pre-compiles all patterns and finds the first match in a single native call, this is a great optimization that yields ~1.8x end-to-end speedup on UA parsing.
MCP Improvements¶
The MCP server got several upgrades:
- Consistent naming — all tools now follow
apicrate-kebab-caseconvention (e.g.,apicrate-parse-user-agent,apicrate-check-email-risk) - 4 new postal tools —
find-nearby-postal-codes,list-postal-systems,get-postal-system,validate-postal-codes-bulk - Email risk tools —
check-email-riskandcheck-email-risk-bulk - Updated llms.txt — AI agents can discover all available tools automatically
Infrastructure¶
Under the hood:
- PostgreSQL 18 + PostGIS 3.6 — upgraded database with spatial extensions for postal code queries
- Connection pooling — switched from single connections to a proper async pool
- Sphinx documentation — full API and MCP reference docs now served from the dashboard at
/docs/s/
What's Next¶
We're working on timezone conversion, car brand/phone model datasets, and expanding the postal code database. Every new endpoint automatically becomes an MCP tool.
Sign up for free or check the full documentation to get started.