API Documentation

Capabilities

GET https://validatethis.org/api/v1/status

Returns: service name, version, all 33 tools (capabilities, endpoints), plans (free + 2 paid, paid currently free with registration), limits. Use this for AI/LLM discovery: one GET returns the full list of tools and their POST paths.

curl -s "https://validatethis.org/api/v1/status"

JSON Validator

When to use: validate JSON syntax, get line/column errors.

POST /api/v1/validate/json

Body: { "json": "<string>" }

Response: { valid: boolean, errors?: [{ message, line, column }] }

curl -X POST "https://validatethis.org/api/v1/validate/json" \
  -H "Content-Type: application/json" \
  -d '{"json":"{\"a\":1}"}'

Limits: max 20,000 chars, 1 req/10s per IP (free).

HTML Validator

When to use: validate HTML (html-validate).

POST /api/v1/validate/html

Body: { "html": "<string>" }

Response: { valid: boolean, errors?: [{ message, line, column }] }

curl -X POST "https://validatethis.org/api/v1/validate/html" \
  -H "Content-Type: application/json" \
  -d '{"html":"<p>test</p>"}'

Limits: max 20,000 chars, 1 req/10s per IP (free).

CSV Validator

When to use: validate CSV structure, RFC 4180 quoting, consistent column count.

POST /api/v1/validate/csv

Body: { "csv": "<string>" }

Response: { valid: boolean, errors?: [{ message, line, column }] }

curl -X POST "https://validatethis.org/api/v1/validate/csv" \
  -H "Content-Type: application/json" \
  -d '{"csv":"name,age\nAlice,30\nBob,25"}'

Limits: max 20,000 chars, 1 req/10s per IP (free).

API Response Checker

When to use: validate API response body as JSON (raw HTTP or JSON only).

POST /api/v1/validate/api-response

Body: { "response": "<string>" }

Response: { valid: boolean, errors?: [{ message, line, column }], bodyStartLine?: number }

curl -X POST "https://validatethis.org/api/v1/validate/api-response" \
  -H "Content-Type: application/json" \
  -d '{"response":"{\"id\":1,\"name\":\"test\"}"}'

Limits: max 20,000 chars, 1 req/10s per IP (free).

SOAP Response Validator

When to use: validate SOAP response (well-formed XML + Envelope/Body or Fault).

POST /api/v1/validate/soap-response

Body: { "response": "<string>" }

Response: { valid: boolean, errors?: [{ message, line, column }], bodyStartLine?: number }

curl -X POST "https://validatethis.org/api/v1/validate/soap-response" \
  -H "Content-Type: application/json" \
  -d '{"response":"<soap:Envelope ...>...</soap:Envelope>"}'

Limits: max 20,000 chars, 1 req/10s per IP (free).

XML Validator

When to use: validate well-formed XML, unclosed tags, invalid attributes.

POST /api/v1/validate/xml

Body: { "xml": "<string>" }

Response: { valid: boolean, errors?: [{ message, line, column }] }

curl -X POST "https://validatethis.org/api/v1/validate/xml" \
  -H "Content-Type: application/json" \
  -d '{"xml":"<root><item>test</item></root>"}'

Limits: max 20,000 chars, 1 req/10s per IP (free).

YAML Validator

When to use: validate YAML syntax (indentation, structure).

POST /api/v1/validate/yaml

Body: { "yaml": "<string>" }

Response: { valid: boolean, errors?: [{ message, line, column }] }

curl -X POST "https://validatethis.org/api/v1/validate/yaml" \
  -H "Content-Type: application/json" \
  -d '{"yaml":"name: app\nversion: 1"}'

Limits: max 20,000 chars, 1 req/10s per IP (free).

XSD Schema Checker

When to use: validate XML instance against an XSD schema.

POST /api/v1/validate/xsd

Body: { "xsd": "<string>", "xml": "<string>" }

Response: { valid: boolean, errors?: [{ message, line, column }], source?: "xsd" | "xml" }

curl -X POST "https://validatethis.org/api/v1/validate/xsd" \
  -H "Content-Type: application/json" \
  -d '{"xsd":"<xs:schema .../>","xml":"<root/>"}'

Limits: max 20,000 chars each for XSD and XML, 1 req/10s per IP (free).

robots.txt Tester

When to use: validate robots.txt syntax and test path access.

POST /api/v1/test/robots

Body: { content: string, testPaths?: string[], testUserAgent?: string }

Response: { valid: boolean, errors?: [...], testResults?: [{ path, userAgent, allowed }] }

curl -X POST "https://validatethis.org/api/v1/test/robots" \
  -H "Content-Type: application/json" \
  -d '{"content":"User-agent: *\nDisallow: /admin","testPaths":["/","/admin"],"testUserAgent":"*"}'

Limits: max 20,000 chars, 1 req/10s per IP (free).

CI Config Linter

When to use: lint CI config YAML (GitHub Actions, GitLab CI). Validate syntax and structure (on, jobs, steps, runs-on, script).

POST /api/v1/validate/ci-config

Body: { "content": "<string>", "flavor"?: "github-actions" | "gitlab-ci" | "generic" }

Response: { valid: boolean, errors?: [{ message, line, column }], flavor?: string }

curl -X POST "https://validatethis.org/api/v1/validate/ci-config" \
  -H "Content-Type: application/json" \
  -d '{"content":"name: CI\non: push\njobs:\n  build:\n    runs-on: ubuntu-latest\n    steps:\n      - run: echo ok","flavor":"github-actions"}'

Limits: max 50,000 chars, 1 req/10s per IP (free).

Regex Tester

When to use: test a regular expression against text. Get matches, index, and capture groups. Flags: g, i, m, s.

POST /api/v1/test/regex

Body: { "pattern": "<string>", "testString": "<string>", "flags"?: "gims" }

Response: { valid: boolean, error?: string, matches?: [{ index, match, groups }] }

curl -X POST "https://validatethis.org/api/v1/test/regex" \
  -H "Content-Type: application/json" \
  -d '{"pattern":"\\d+","testString":"a1b22c","flags":"g"}'

Limits: pattern max 2,000 chars, test string max 50,000 chars, 1 req/10s per IP (free).

Pattern Validator

When to use: validate a glob pattern and test paths. See which paths match (e.g. src/**/*.ts, *.json).

POST /api/v1/validate/pattern

Body: { "pattern": "<string>", "testPaths": ["<path1>", "<path2>"] }

Response: { valid: boolean, error?: string, results?: [{ path, match }] }

curl -X POST "https://validatethis.org/api/v1/validate/pattern" \
  -H "Content-Type: application/json" \
  -d '{"pattern":"src/**/*.ts","testPaths":["src/app/page.tsx","public/logo.png"]}'

Limits: pattern max 1,000 chars, max 100 paths, 1 req/10s per IP (free).

Match Debugger

When to use: debug regex matches with start/end positions and length. Uses the same API as Regex Tester.

POST /api/v1/test/regex

Body and response: same as Regex Tester (pattern, testString, flags; response has valid, matches with index, match, groups).

Env File Validator

When to use: validate .env file syntax (KEY=value, comments, duplicate keys, invalid key names).

POST /api/v1/validate/env-file

Body: { "content": "<string>" }

Response: { valid: boolean, errors?: [{ message, line, column }] }

curl -X POST "https://validatethis.org/api/v1/validate/env-file" \
  -H "Content-Type: application/json" \
  -d '{"content":"NODE_ENV=production\nAPI_URL=https://api.example.com"}'

Limits: max 30,000 chars, 1 req/10s per IP (free).

.env Syntax Checker

When to use: check .env line syntax (KEY=value, comments). Uses the same API as Env File Validator: POST /api/v1/validate/env-file.

Body and response: same as Env File Validator.

Secrets Scanner

When to use: scan text for potential secrets (passwords, API keys, tokens). Get line numbers and pattern names. Do not paste real secrets.

POST /api/v1/scan/secrets

Body: { "content": "<string>" }

Response: { totalLines, findingCount, findings: [{ lineNumber, pattern, snippet }], error?: string }

curl -X POST "https://validatethis.org/api/v1/scan/secrets" \
  -H "Content-Type: application/json" \
  -d '{"content":"# config\nAPI_KEY=sk-xxx"}'

Limits: max 50,000 chars, 1 req/10s per IP (free).

Log File Analyzer

When to use: analyze log content by level (ERROR, WARN, INFO, DEBUG, TRACE). Get total lines, empty lines, counts per level, and sample lines.

POST /api/v1/analyze/log-file

Body: { "content": "<string>" }

Response: { totalLines, emptyLines, byLevel: { error, warn, info, debug, trace, other } (each: count, sampleLines: [{ lineNumber, text }]), error?: string }

curl -X POST "https://validatethis.org/api/v1/analyze/log-file" \
  -H "Content-Type: application/json" \
  -d '{"content":"[INFO] Started\n[ERROR] Connection failed"}'

Limits: max 50,000 chars, 1 req/10s per IP (free).

Error Pattern Checker

When to use: find log lines that match a pattern (plain text or regex). Get matching lines with line numbers.

POST /api/v1/check/error-pattern

Body: { "content": "<string>", "pattern": "<string>", "useRegex"?: boolean, "caseSensitive"?: boolean }

Response: { totalLines, matchCount, matches: [{ lineNumber, line }], error?: string }

curl -X POST "https://validatethis.org/api/v1/check/error-pattern" \
  -H "Content-Type: application/json" \
  -d '{"content":"[INFO] ok\n[ERROR] failed","pattern":"ERROR","useRegex":false}'

Limits: pattern max 2,000 chars, content max 50,000 chars, 1 req/10s per IP (free).

Log Format Validator

When to use: validate that each log line matches an expected format (regex). Get invalid lines with line numbers.

POST /api/v1/validate/log-format

Body: { "content": "<string>", "pattern": "<string>" }

Response: { valid: boolean, totalLines, matchedLines, invalidLines: [{ lineNumber, line }], error?: string }

curl -X POST "https://validatethis.org/api/v1/validate/log-format" \
  -H "Content-Type: application/json" \
  -d '{"content":"[INFO] ok\n[WARN] retry","pattern":"^\\[\\w+\\]\\s+.+$"}'

Limits: pattern max 2,000 chars, content max 50,000 chars, 1 req/10s per IP (free).

Base64 Encoder / Decoder

When to use: encode text to Base64 or decode Base64 to text. Paste input, choose mode (encode or decode), get the result.

POST /api/v1/base64

Body: { "content": "<string>", "mode"?: "encode" | "decode" }

Response: { encoded?: string, decoded?: string, error?: string } (encode returns encoded, decode returns decoded or error on invalid Base64).

curl -X POST "https://validatethis.org/api/v1/base64" \
  -H "Content-Type: application/json" \
  -d '{"content":"Hello","mode":"encode"}'

Limits: max 20,000 chars, 1 req/10s per IP (free). Omit mode or use "encode" to encode; use "decode" to decode.

Checksum Checker

When to use: compute MD5, SHA-1, or SHA-256 checksum of text; optionally verify against an expected hash.

POST /api/v1/check/checksum

Body: { "content": "<string>", "algorithm"?: "md5" | "sha1" | "sha256", "expectedHash"?: "<string>" }

Response: { hash: string, algorithm?: string, match?: boolean, error?: string } (omit expectedHash to compute only; include to get match).

curl -X POST "https://validatethis.org/api/v1/check/checksum" \
  -H "Content-Type: application/json" \
  -d '{"content":"Hello","algorithm":"sha256"}'

Limits: max 100,000 chars, 1 req/10s per IP (free). Default algorithm is sha256.

Hash Validator

When to use: validate that a string is a valid hash format (hex length for MD5, SHA-1, SHA-256, etc.). Auto-detect or specify algorithm.

POST /api/v1/validate/hash

Body: { "hash": "<string>", "algorithm"?: "md5" | "sha1" | "sha224" | "sha256" | "sha384" | "sha512" }

Response: { valid: boolean, algorithm?: string, expectedLength?: number, actualLength?: number, error?: string }. Omit algorithm to auto-detect by length.

curl -X POST "https://validatethis.org/api/v1/validate/hash" \
  -H "Content-Type: application/json" \
  -d '{"hash":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"}'

Limits: 1 req/10s per IP (free).

Date-Time Format Validator

When to use: validate date-time strings (ISO 8601, RFC 2822). Get parsed result in ISO format.

POST /api/v1/validate/datetime

Body: { "value": "<string>", "format"?: "auto" | "iso" | "rfc2822" }

Response: { valid: boolean, parsed?: string (ISO), format?: string, error?: string }

curl -X POST "https://validatethis.org/api/v1/validate/datetime" \
  -H "Content-Type: application/json" \
  -d '{"value":"2024-01-15T14:30:00Z","format":"iso"}'

Limits: 1 req/10s per IP (free).

ISO Compliance Checker

When to use: check if a date-time string is strictly ISO 8601 compliant. Get violations and parsed result.

POST /api/v1/validate/iso-compliance

Body: { "value": "<string>" }

Response: { valid: boolean, compliant: boolean, parsed?: string, format?: string, violations?: string[], error?: string }

curl -X POST "https://validatethis.org/api/v1/validate/iso-compliance" \
  -H "Content-Type: application/json" \
  -d '{"value":"2024-01-15T14:30:00Z"}'

Limits: 1 req/10s per IP (free).

Timestamp Converter

When to use: convert Unix timestamp (seconds or ms) to ISO date-time, or date-time string to timestamp.

POST /api/v1/validate/timestamp

Body: { "value": "<string | number>" }

Response: { valid: boolean, inputType?, timestampSeconds?, timestampMs?, iso?, error?: string }

curl -X POST "https://validatethis.org/api/v1/validate/timestamp" \
  -H "Content-Type: application/json" \
  -d '{"value":"1705312200"}'

Limits: 1 req/10s per IP (free).

UUID Generator & Validator

When to use: validate UUID format or generate UUID v4. Body: { "value"?: "<string>", "action"?: "validate" | "generate" }. Omit value and use action "generate" to get a new UUID.

POST /api/v1/validate/uuid

Response (validate): { valid: boolean, version?, variant?, error?: string }. Response (generate): { valid: true, uuid: string, version: 4 }.

curl -X POST "https://validatethis.org/api/v1/validate/uuid" \
  -H "Content-Type: application/json" \
  -d '{"action":"generate"}'

Limits: 1 req/10s per IP (free).

ID Collision Checker

When to use: check a list of IDs for duplicates. Body: { "content": "<string>" } (one ID per line) or { "ids": ["id1", "id2"] }.

POST /api/v1/check/id-collision

Response: { valid: boolean, total, unique, duplicates, duplicateIds: [{ id, count, lines }], error?: string }

curl -X POST "https://validatethis.org/api/v1/check/id-collision" \
  -H "Content-Type: application/json" \
  -d '{"content":"id-1\nid-2\nid-1"}'

Limits: 1 req/10s per IP (free).

Format Checker

When to use: validate a string against a named format (email, url, ipv4, ipv6, slug, phone, hex, base64url, uuid, semver).

POST /api/v1/validate/format

Body: { "value": "<string>", "format": "email" | "url" | ... }

Response: { valid: boolean, format: string, error?: string }

curl -X POST "https://validatethis.org/api/v1/validate/format" \
  -H "Content-Type: application/json" \
  -d '{"value":"[email protected]","format":"email"}'

Limits: 1 req/10s per IP (free).

Webhook Payload Validator

When to use: validate webhook payload as JSON and optionally check required top-level keys.

POST /api/v1/validate/webhook-payload

Body: { "payload": "<string>", "requiredKeys"?: ["event", "id"] }

Response: { valid: boolean, parsed?, errors?, missingKeys?, error?: string }

curl -X POST "https://validatethis.org/api/v1/validate/webhook-payload" \
  -H "Content-Type: application/json" \
  -d '{"payload":"{\"event\":\"order.created\"}","requiredKeys":["event"]}'

Limits: max 20,000 chars, 1 req/10s per IP (free).

Signature Checker

When to use: verify HMAC signature (SHA-256 or SHA-1) of a payload. Body: payload (raw string), secret, signature (hex or sha256=...), algorithm (sha256 or sha1).

POST /api/v1/check/signature

Body: { "payload": "<string>", "secret": "<string>", "signature": "<string>", "algorithm"?: "sha256" | "sha1" }

Response: { valid: boolean, error?: string }

curl -X POST "https://validatethis.org/api/v1/check/signature" \
  -H "Content-Type: application/json" \
  -d '{"payload":"raw body","secret":"whsec_xxx","signature":"hex..."}'

Limits: 1 req/10s per IP (free). Do not paste real secrets in production.

Replay Tester

When to use: check if a timestamp is within an allowed time window (replay protection).

POST /api/v1/test/replay

Body: { "timestamp": number | string, "windowSeconds"?: number (default 300), "nowMs"?: number }

Response: { valid: boolean, withinWindow: boolean, ageSeconds?, timestampIso?, nowIso?, error?: string }

curl -X POST "https://validatethis.org/api/v1/test/replay" \
  -H "Content-Type: application/json" \
  -d '{"timestamp":1705312200,"windowSeconds":300}'

Limits: 1 req/10s per IP (free).

Rate limits & errors

Free package: 1 request per 10 seconds per IP (no registration). Paid packages (registration, currently free) have higher limits. 429 response includes errorCode: "RATE_LIMIT".

All responses are JSON. Errors include valid: false, optional errorCode, errors array with message, line, column when applicable.