One REST API over a single E.164 primitive: parse & validate, single and bulk number lookup (line type, range carrier, CNAM, STIR/SHAKEN verstat and a supplementary spam signal), inbound caller-intelligence, do-not-call list scrubbing, prepaid accounts, a ClearIP-compatible SBC/SIP redirect decision for session border controllers, and an MCP server plus Vapi/Retell webhooks for AI voice agents. The core endpoints below are live-runnable; every endpoint, including the full machine-readable schema, is at /api/spec.
Authentication
Endpoints require an API key, sent as X-API-Key or Authorization: Bearer, scoped to its use cases. (Keyless: signup, health, the spec, the receipt and public-key fetchers, and MCP discovery.) A self-service key covers parse, lookup, inbound caller-intelligence, scrub, MCP/voice-agent tools, SBC redirect, community reporting and pre-call. Tenant sub-keys are narrowed to lookup, SBC redirect and pre-call. Keys are issued self-service and shown exactly once; we store only a hash.
Get a free keyPOST /api/v1/account/signupthen send it as X-API-Key.
Per verified business #+60/min · +2,000/day lookups · +100/day reports
Standardprepaid per-dip above the pool
EnterpriseCustom
The pooled budgets cover inbound caller-intelligence, the outbound pre-call check and community reporting; all other endpoints use the per-key 60-requests/minute window. Pooled limits are shared across an account's keys and recomputed from live state. To raise them, verify a business number (POST /api/v1/account/verify-phone/start then /confirm). Personal verification does not.
Which lookup do I want?
Endpoint
Direction
You get
Side effects
Price (standard)
Limit & failure mode
Response auth
GET /api/v1/lookup/{e164}
inbound (or any)
JSON: validity, line type, carrier, CNAM, risk{}
none
$0.004 fresh dip / $0.002 without
pooled 429 + Retry-After · prepaid 402 before any work
fail-open allow on any error — never blocks a call
unsigned
POST /api/v1/mcp
AI agents
lookup / risk / DNC tools over JSON-RPC
per-tool
$0.015 per tool call
JSON-RPC errors · transport auth uses the flat error shape
unsigned
Every risk read on every row is a supplementary, low-confidence signal — never a verdict. On live call paths, prefer the fail-open rows (cid, sbc, outbound). /api/v1/outbound/lookup is also reachable at its original spelling /api/v1/precall/lookup (permanent alias).
Integration guides
Step-by-step recipes to wire Numbers Online into a PBX, softphone, AI voice agent, or session border controller: FreePBX & Asterisk, FreeSWITCH / FusionPBX, 3CX, MicroSIP, an /api/v1/mcp Model Context Protocol server with Vapi & Retell webhooks, a ClearIP-compatible /api/v1/sbc/redirect for Kamailio / OpenSIPS / dSIPRouter, the outbound pre-call call-provenance flow, and the signed /api/v1/compliance/evidence robocall-mitigation bundle. Read the integration guides (ordered simplest first), or grab the copy-paste artifacts on the integrations page.
Every endpoint is listed below in onboarding order, from getting a key and parsing a number to operator-grade SBC and multi-tenant controls. The core ones carry a live Try it widget backed by a rate-limited, keyless public demo proxy, and the rest show a copy-paste curl. Get your own free key: POST /api/v1/account/signup. Full machine-readable schema at /api/spec.
Account & keys
Self-service signup, prepaid balance, and credit top-ups.
POST/api/v1/account/signupGet an API keyNO KEY
Self-service signup — no email required. Receive an account plus a freshly minted key (format nol_…), returned exactly once and stored only as a hash, so save it (the key + account UUID is your identity, and there is no recovery path). Optionally pass an email for subscription renewal reminders. New accounts start on the free tier with a zero balance; add credit with /api/v1/account/topup to use billed endpoints. No key required (rate-limited to 3/hour per IP).
Returns the authenticated account: prepaid balance (microdollars), trailing-30-day usage, your keys (display fields only, never the raw key), and any MSP tenants. Use it to monitor spend and decide when to top up.
Create a Stripe Checkout session to add prepaid credit. Amount is in US cents: $5 minimum (500) to $500 (50000) per checkout; credit applies when Stripe confirms payment. Standard-tier billed endpoints return 402 when the balance is exhausted. Top up to resume.
POST/api/v1/account/verify-phone/startVerify a business number (step 1)
Step 1 of binding a business number to your account: send a one-time code by voice (default) or sms to a number your account controls. Account-level keys only. A verified business number is what raises your pooled rate limits (+60/min, +2,000/day lookups, +100/day reports), unlocks the accountable report lane, and enables pre-call enrollment. Returns 429 with Retry-After on cooldown/velocity.
POST/api/v1/account/verify-phone/confirmVerify a business number (step 2)
Step 2: submit the code to verify and bind the number to your account. Free accounts may bind exactly one number (402 if you already have one and none is paid); a number already claimed by another account returns 409 (the Sybil floor). On success the number counts toward your pooled limits and can be enrolled for call-provenance.
Phone number parsing and validation. Free on every tier.
POST/api/v1/parseParse a phone number
Parse and validate a single number, returning format variants, country, line type, carrier and validity. (/api/parse remains as a frozen legacy alias with a {success:} envelope.)
Parse up to 100 numbers in one request. Returns a result per number plus a summary. (/api/parse/bulk remains as a frozen legacy alias with a {success:} envelope.)
Number lookup: line type, range carrier, CNAM, verstat, and a supplementary spam signal.
GET/api/v1/lookup/{e164}Look up a number
Single-number lookup: validity, formats, line type, range carrier (a supplementary signal, not porting-aware), country, CNAM, normalized STIR/SHAKEN verstat, and a low-confidence supplementary spam signal. Invalid numbers return 200 with valid:false and are not billed. Billed per dip: $0.004 with a fresh CNAM dip, $0.002 when served from cache or without a CNAM supplier; free tier is unbilled (rate-limited). Optional ?verstat= and ?max_cache_age= query params; Idempotency-Key header for at-most-once billing.
Bulk lookup for list processing: submit up to 100 numbers and receive the same shape as the single lookup per number (in input order) plus a billing summary. This is a list-processing surface, not a call-path surface. Large batches dip suppliers with bounded concurrency and can take seconds. Billed per valid number ($0.004 fresh CNAM dip / $0.002 otherwise); invalid numbers are free. Optional verstat / max_cache_age; Idempotency-Key header for at-most-once billing.
GET/api/v1/cid/{number}Plain-text caller-id for PBXs
Caller-name (CNAM) lookup that ALWAYS returns text/plain so a PBX can paste the body verbatim as the caller name. Built for FreeSWITCH mod_cidlookup and similar header-less clients. The body is the resolved name (ACME CORP), the name prefixed with an operator-chosen tag when a spam_tag is set and the signal crosses spam_threshold (Spam? ACME CORP), or the literal UNAVAILABLE sentinel. Like the other header-less integration endpoints (SBC redirect, Retell, Vapi), it also accepts the key as a ?key= query param (use a dedicated, rotated key). Optional ?country, ?spam_tag, ?spam_threshold, ?max_cache_age. Billed like /api/v1/lookup, and fail-open: a slow or failing supplier yields UNAVAILABLE, never an error on the call path. See the integrations page.
Outbound pre-call check (a verified-owner do-not-contact preference scrub, plus a separate government/licensed compliance signal) and owner enrollment for spoofing defence. Fail-open, bundled, not metered.
Call right before you dial. Returns a first-party do-not-contact preference scrub on the destination `to` number (the verified owner’s own preference held by us, not the government/licensed do-not-call registry), one of SUPPRESS (a verified owner asked not to be marketed to), NO_MATCH (no suppression on record, NOT a consent grant), or UNKNOWN, plus a separate supplementary government/licensed compliance signal. When the `from` is one of your own enrolled, OTP-verified business numbers, a hashed (from→to) call-provenance edge is recorded for 7 days; at report time it lets us attribute calls you actually placed and shield your number from reports about calls you did not (likely spoofing). Free/bundled, not metered. Account-pooled on its own pre-call budget. Requires a key with the precall use case. context is outbound_voice | outbound_sms and selects which suppression list is scrubbed (echoed back as dnc_channel). Fail-open. The original /api/v1/precall/lookup path stays a permanent alias of this endpoint.
POST/api/v1/outbound/enrollEnroll a number for call-provenance
Owner-only control: enroll (or revoke) one of your own OTP-verified business numbers for call-provenance. Enrolling attests that the number only ever places calls after a Numbers Online pre-call check, so the absence of a recorded edge becomes meaningful evidence a reported call was not yours. Account-level keys only (a tenant sub-key returns 403); the number must be a verified number bound to your account (else 404). This is a supplementary signal, never a block or a verdict. The original /api/v1/precall/enroll path stays a permanent alias; the same toggle is also available resource-shaped at PATCH /api/v1/account/phones/{e164}.
GET/api/v1/account/phonesList your verified numbers
The verified business numbers bound to your account — the inventory verify-phone writes into — each with its call-provenance enrollment state (e164, verified_at, precall_enrolled, precall_enrolled_at). Account-level keys only. Deliberately no POST and no DELETE: numbers enter exclusively via the OTP bind and leave via the reassignment lifecycle. PATCH /api/v1/account/phones/{e164} with {"precall_enrolled": true|false} flips enrollment on a bound number (strict update; 404 if the number is not yours).
Key-gated spam/scam reporting, the give-to-get half of the community sensor.
POST/api/v1/reportReport a number (community sensor)
Report a number with one or more tags using a single-use `receipt_id` from a prior POST /api/v1/inbound/lookup on the same number. Tags only, no free-text body. The receipt is an anti-replay nonce and rate control, not proof a call happened. Accounts with a verified business number report in the accountable lane (reporter-weighted, earns credibility); free/personal accounts report in the crowd lane (a bounded, deferring, credibility-firewalled supplementary signal that cannot sink a verified number on its own). You cannot report a number bound to your own account. Daily report quota is pooled per account: 10/day free, +100/day per verified business number. Returns { ok, lane, report_id }; a stale/used/mismatched receipt returns 409, an over-quota request 429.
Call-setup decisions for session border controllers (ClearIP-compatible SIP 603/302/503-404), operator HMAC request signing, and a signed FCC robocall-mitigation evidence bundle.
Call-setup decision for a SIP redirect server / SBC (Kamailio, OpenSIPS, dSIPRouter, Sansay, Oracle/Acme Packet, ProSBC), consumed by the operator-run shim recipe on the integrations page. Given the calling number it returns a ClearIP-compatible decision (allow / flag / redirect / block) plus the exact SIP code the shim maps to: 603 Decline, 302 redirect (you supply the Contact), or your allow code (503 default, or 404 route-advance). Optional verstat, spam_threshold, redirect_threshold, allow_code, block_reassigned, block_invalid; X-SBC-Budget-Ms header. Requires a key with the sbc_redirect use case (every lookup-entitled key has it). Billed $0.010 per decision on the standard tier; free tier rate-limited. A 603 block only ever follows a deterministic or authoritative fact; the low-confidence spam signal can only raise a flag/redirect. Fail-open: a timeout or error returns decision=allow. Supports opt-in operator HMAC signing (X-Operator-* headers).
Operator-grade HMAC request signing for the calling key. GET returns the key’s HKDF-derived signing secret (exposed only to the key holder, equivalent exposure to the key itself), the canonical scheme, and whether signing is currently required; the secret is never stored (re-derived on demand). POST /api/v1/account/signing {"enabled": true|false} toggles whether signed surfaces (e.g. /api/v1/sbc/redirect) require a valid X-Operator-Signature on this key. This management route is never itself signature-gated, so a key can always disable signing or re-fetch its secret.
A signed, PII-free, independently-verifiable record of the supplementary number-status checks this account performed over a window (aggregated from signed lookup receipts; numbers appear only as hashes). An operator can reference it in their OWN robocall-mitigation program documentation (47 CFR 64.6305). It is NOT an FCC certification and does not make anyone compliant; the operator signs their own attestation. Optional ?from / ?to (ISO 8601; window capped at 400 days). Account-level keys only. Verify each receipt signature, the bundle signature, and the Merkle root against /api/v1/publickey.
For resellers and PBX operators: per-tenant sub-keys, usage rollups, and suppression lists under one prepaid balance. Account-level keys only.
GET/api/v1/account/tenantsList tenants
List the account’s tenants (downstream customers / sites), each with a trailing-30-day usage rollup and sub-key count. Only account-level keys may manage tenants; a tenant sub-key cannot.
Create a tenant so per-customer usage, billing rollups, rate limits, and suppression lists are attributed separately while all spend draws on the one account balance. Read one tenant’s detail with GET /api/v1/account/tenants/{id}; enable/disable it with PATCH /api/v1/account/tenants/{id} {"status":"active"|"disabled"} (disabling also disables its sub-keys).
POST/api/v1/account/tenants/{id}/keysIssue a tenant sub-key
Mint an API key scoped to one tenant. The sub-key inherits the account’s tier and bills against the account’s single prepaid balance; it can perform lookups only (a PBX credential, not an account credential, so it cannot manage tenants or top up). The raw key is returned exactly once.
Add a number to a tenant’s suppression list (POST), list entries (GET, which returns labels + timestamps only; numbers are stored as SHA-256 hashes and never returned), or remove one (DELETE the same number). A suppressed number gets no enrichment (no CNAM dip, no spam score) and no charge when looked up through that tenant’s sub-keys.
Signed, privacy-safe lookup receipts (Ed25519) and the public signing key. No key required.
GET/api/v1/receipts/{id}Retrieve a signed receiptNO KEY
Fetch a signed, privacy-safe lookup receipt by its unguessable id. The id is the capability, so no API key is needed and the evidence can be shared with counsel. PII-free: the number appears only as number_hash = sha256(E.164). Verify response_signature over signed_payload with the Ed25519 key from /api/v1/publickey, then recompute sha256(your number) and match number_hash. A supplementary signal, not a compliance assertion.
GET/api/v1/publickeyEd25519 signing public keyNO KEY
The Ed25519 public key (SPKI PEM) used to sign inbound-lookup responses and lookup receipts, so any verifier can check a signature without out-of-band key exchange. public_key_pem is null when no signing key is configured (responses ship "unsigned"). No key required.
Example request
curl https://numbers.online/api/v1/publickey
Inbound caller intelligence
Signed, privacy-safe caller intelligence for an inbound call or message event. Fail-open on the call path.
The flagship inbound endpoint: signed, privacy-safe caller intelligence for an inbound call/message event. It returns identity type, a 0-100 risk score (higher = worse), PII-free evidence signals, and a recommended action, with a signed receipt id. The receipt id is a single-use, anti-replay nonce you can later spend once via POST /api/v1/report to attach a community report to this number. It is not proof the call occurred. A verified individual returns only "Verified & online", never a name. Optional STIR/SHAKEN verstat / attestation folds into the score. Requires an API key with the inbound_lookup use case. Billed $0.004 per dip on the standard tier; free tier rate-limited. Known and unknown numbers return the same 200 shape (anti-enumeration).
An MCP server and Vapi/Retell webhooks exposing read-only phone-intelligence tools. Fail-open on the call path.
POST/api/v1/mcpMCP server for AI voice agents
Model Context Protocol over Streamable HTTP (JSON-RPC 2.0). Stateless and read-only. Methods: initialize, ping, tools/list (public discovery) and tools/call (requires a key with the "mcp" use case). Five tools: phone_lookup, line_type, caller_risk, dnc_check, reassigned_check. dnc_check and reassigned_check return "unknown" (and are unbilled) until a licensed data partner is configured. Each billable call meters the bundled mcp_call rate ($0.015). All output is a supplementary, low-confidence signal, and the agent keeps every routing and dialing decision. GET returns 405 (response-only, no server-initiated SSE). Client configs and copy-paste system prompts are at /ai-agents.
Adapter for Retell’s call_inbound webhook: resolves the inbound caller and returns dynamic_variables (caller_name, caller_line_type, caller_spam_score, caller_risk, caller_on_dnc, caller_reassigned, caller_signal) for the agent prompt, plus a receipt_id. It ALWAYS returns HTTP 200 with a (possibly empty) variables block (a non-2xx would keep the caller ringing), so auth failure or a supplier timeout degrade to neutral variables (fail-open). Authenticate via Authorization: Bearer or ?key= on the webhook URL.
Adapter for a Vapi custom function tool (an alternative to pointing Vapi at /api/v1/mcp). Accepts Vapi’s tool-calls payload and returns the phone_lookup bundle as a JSON-stringified result per toolCallId, with a signed receipt id. Each call meters the bundled mcp_call rate. Fail-open: a bad argument or supplier hiccup yields a graceful result string. Authenticate via Authorization: Bearer or ?key=.
Consent-first do-not-contact preference scrubbing against verified-owner suppression lists — not the government/licensed do-not-call registry.
POST/api/v1/scrubScrub a calling list
A consent-first do-not-contact preference scrub against verified owners’ own preferences held by us — not the government/licensed do-not-call registry, which you still check yourself. For each number, returns SUPPRESS (verified owner has a suppression preference, so remove it), NO_MATCH (no suppression preference on record), or UNKNOWN (not resolvable). Optional channel: voice (default) | sms | whatsapp. Up to 1,000 per request. Billed $0.001 per number on the standard tier; the free tier draws from an account-pooled allowance counted in numbers (1,000/min, 5,000/day floor; verified business numbers scale it). This is a compliance aid, not a legal determination. Requires an API key. (/api/scrub remains as a frozen legacy alias.)