vrfymail
Get started
For Replit Agent — hosted full-stack scaffolding

Add email verification to Replit Agent apps in two steps.

Drop MAIL_VERIFIER_KEY into Replit Secrets. Paste the agent prompt below. The signup handler scaffolds with vrfymail wired in — Node, Python, whatever runtime your Repl is on.

Get an API key — free 5,000/mo See the API docs

Note: if you landed here looking for Replit Auth (login via email or passkey) or Clerk integration for your Repl, that's a different page — see Replit's auth docs. This page is for developers using Replit Agent to build apps that need to verify users' email at signup.

Step 2 — paste into Agent

The Replit Agent prompt

Step 1: add MAIL_VERIFIER_KEY to Replit Secrets (lock icon in sidebar). Step 2: open the Agent panel, paste this. The Agent generates the right runtime wrapper — Express for Node, FastAPI for Python.

replit-agent-prompt.txt
markdown 
Add email verification to the signup endpoint of this Repl.

Use vrfymail's API:

  POST https://vrfymail.com/v1/check
  Headers:
    Authorization: Bearer ${process.env.MAIL_VERIFIER_KEY}
    Content-Type: application/json
  Body: { "email": "<email>", "strict": true }

Response:
  result          "deliverable" | "undeliverable" | "risky" | "unknown"
  reason          machine code
  reason_message  end-user copy already mapped
  did_you_mean    typo correction or null

Handling:
  - did_you_mean non-null → 400 with the suggestion + one-click apply
  - undeliverable → 400 with reason_message verbatim
  - risky + role_account → 200 + soft warning, allow signup
  - deliverable | unknown → 200, proceed with account creation

The MAIL_VERIFIER_KEY is already in Replit Secrets — read it from process.env.
No SDK install — use fetch (or requests in Python, depending on the Repl).
Never inline the key.
Step 1 — Secrets

Click the lock icon in the Repl sidebar. Add MAIL_VERIFIER_KEY=vk_live_... Persists across restarts and Always-On waking.

Step 3 — deploy

Free Repls handle prototyping. For production traffic, promote to a Replit Deployment — secrets carry over, vrfymail keeps working.

What you get

The Express handler the Agent scaffolds

For a Node Repl, here's the diff. Python Repls get a near-identical FastAPI handler; the verdict-handling logic is verbatim across runtimes.

index.js
javascript 
// index.js (Express + Node 22)
import express from "express";
const app = express();
app.use(express.json());

app.post("/signup", async (req, res) => {
  const { email, password, name } = req.body;

  const r = await fetch("https://vrfymail.com/v1/check", {
    method: "POST",
    headers: {
      "Authorization": `Bearer ${process.env.MAIL_VERIFIER_KEY}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({ email, strict: true }),
  });
  const verdict = await r.json();

  if (verdict.did_you_mean) {
    return res.status(400).json({
      error: `Did you mean ${verdict.did_you_mean}?`,
      suggestion: verdict.did_you_mean,
    });
  }
  if (verdict.result === "undeliverable") {
    return res.status(400).json({ error: verdict.reason_message, code: verdict.reason });
  }
  if (verdict.result === "risky" && verdict.reason === "role_account") {
    return res.json({ ok: true, warn: verdict.reason_message });
  }
  // deliverable + unknown both pass.
  res.json({ ok: true });
});

app.listen(process.env.PORT || 3000);
Why Secrets + prompt beats inline: Replit's Agent reads project context each turn, but the prompt is the only signal that names your specific service contract. Once MAIL_VERIFIER_KEY is in Secrets and the prompt is in chat history, every future signup the Agent edits in this Repl gets the same wiring.
The pattern most tutorials skip

On unknown, accept the signup.

unknown is what you get when the verification pipeline couldn't reach a verdict in the time budget. DNS lookup failed. MX timed out. None of those are evidence the email is bad.

Replit's Agent sometimes scaffolds fail-closed handling by default. The prompt above patches that — deliverable and unknown both fall through to account creation.

On vrfymail the cost-side argument vanishes too: unknown verdicts don't bill. refundUsage() releases the slot when the pipeline can't reach a verdict.

Verdict handling cheat sheet
  • deliverableAccept.
  • unknownAccept. Log if you want a paper trail. Not billed.
  • riskyrole_account → soft warning, allow submit. Other reasons → block.
  • undeliverableBlock. Show reason_message verbatim.
  • did_you_meanNon-null → suggest the correction inline.
The compounding case

One Secret + one prompt, every future endpoint inherits.

Replit Agent works incrementally — you talk to it across many turns over a Repl's lifetime. The Secret + prompt combo above sets the durable signal: MAIL_VERIFIER_KEY is in env, the verdict contract is in chat history. Every email-touching endpoint the Agent generates next inherits both.

Same pattern works in other AI app builders — Bolt.new (project prompt), Lovable (reference URL), v0 (server-action prompt). The hub has all ten.

Frequently asked

Replit Agent + email verification, answered

How do I add MAIL_VERIFIER_KEY to Replit Secrets?
Open your Repl, click the lock icon in the sidebar (Secrets), add a new secret with key MAIL_VERIFIER_KEY and value vk_live_... Click Add Secret. Replit injects it as an environment variable on the next run — no code change needed. The Agent reads from process.env.MAIL_VERIFIER_KEY automatically.
Does the Agent leak my key if I include it in the prompt?
Only if you paste the literal vk_live_* value into the chat. The prompt above tells the Agent to read process.env.MAIL_VERIFIER_KEY — that's where Replit Secrets surface. Keep the bearer token in Secrets, not in chat, not in code. Replit's prompt history is retained for context; secrets aren't.
Will Replit's Always-On Repls preserve the secret across restarts?
Yes. Secrets persist for the Repl's lifetime — sleeping, waking, redeploying. The runtime re-injects them as env vars on every cold start. If you fork the Repl, secrets are NOT copied automatically; you re-add them in the fork.
Can I use Replit Agent for a production deployment, or is this only for prototyping?
Replit's Deployments tier handles production traffic. The Agent scaffolds the code; Deployments runs it with a real domain, autoscaling, and proper TLS. The vrfymail integration doesn't change — same fetch, same env var. The free tier covers prototyping; production traffic at meaningful volume needs a paid Deployment.
What runtimes does this work with? Replit supports Python and Node — does the prompt cover both?
The prompt is runtime-agnostic. Replit's Agent reads the existing project structure and uses the right idiom — Express for a Node Repl, FastAPI or Flask for a Python Repl. The vrfymail call shape is identical: fetch in Node, requests in Python, both reading os.environ['MAIL_VERIFIER_KEY']. The Agent generates the right wrapper.

Secret + prompt. Endpoint shipped.

vrfymail's /v1/check returns a verdict in 50ms p50. Free tier: 5,000 verifies/month, no card. Paid plans start at $9/mo — see pricing.

Get my API key