A REST API that classifies images as AI-generated or authentic with 99.1% accuracy. It returns model attribution across 25+ generators and produces region-level heatmaps in under 100ms. The free tier covers 500 scans per month with no credit card.
First detection request in under 2 minutes.
2 min readAll endpoints. Detect, batch, forensics, status.
ReferenceOfficial libraries for 7 languages.
Pick yoursThree steps from zero to your first verdict. The full walkthrough including SDK installation is in our 2-minute quickstart guide.
Sign up with email. No credit card required. Your API key is available in the dashboard immediately.
Official SDKs in Python, Node.js, Go, Ruby, PHP, Java, and .NET. Or hit the REST API directly.
Send the image as a URL or as a base64-encoded payload. Get back a verdict in under 100ms.
curl -X POST https://api.aiimagedetectorapi.com/v1/detect \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"image_url": "https://example.com/photo.jpg",
"include_attribution": true,
"include_heatmap": true
}'Every request requires a Bearer token in the Authorization header. API keys are scoped to a single project and can be rotated at any time from the dashboard.
Authorization: Bearer aidet_live_sk_5d8f23ab...aidet_test_* prefix and are for development.aidet_live_* prefix for production.Eight endpoints cover detection, batch, forensics, model attribution, and account utilities. Full reference at /docs/endpoints/.
| Method | Endpoint | Purpose |
|---|---|---|
| POST | /v1/detect | Single-image AI detection with attribution and heatmap |
| POST | /v1/detect/batch | Up to 100 images per request, returns array of verdicts |
| POST | /v1/detect/async | Async batch with webhook callback (Pro and above) |
| POST | /v1/forensics | Pixel-level forensics. ELA, frequency analysis, noise residual |
| POST | /v1/c2pa/verify | Verify Content Credentials manifest cryptographically |
| GET | /v1/jobs/{id} | Poll the status of an async batch job |
| GET | /v1/usage | Current period usage, quota remaining |
| GET | /v1/health | Service health and version info |
Submit images by URL, by file upload (multipart), or as a base64 string. The response is JSON and stable across versions.
{
"image_url": "https://example.com/photo.jpg",
"include_attribution": true,
"include_heatmap": true,
"include_forensics": false,
"model_threshold": 0.5,
"metadata": { "user_id": "u_123", "context": "claim_4598" }
}{
"verdict": "ai_generated",
"confidence": 0.978,
"model_attribution": {
"midjourney_v7": 0.84,
"flux_pro": 0.09,
"stable_diffusion_4": 0.05,
"dalle_4": 0.02
},
"heatmap_url": "https://cdn.aiimagedetectorapi.com/h/8a3f....png",
"c2pa_manifest_present": false,
"metadata": { "user_id": "u_123", "context": "claim_4598" },
"request_id": "req_01HXYZABC...",
"latency_ms": 87
}Stable contracts. We never remove fields from a v1 response. New fields may be added. Clients should ignore unknown keys.
Limits are per-project, computed on a sliding 60-second window. Bursts up to 2x the rate are allowed for short periods.
| Plan | Sustained RPS | Burst | Concurrent batches |
|---|---|---|---|
| Free | 2 req/s | 5 req/s | 1 |
| Pro | 200 req/s | 400 req/s | 10 |
| Enterprise | Custom | Custom | Unlimited |
X-RateLimit-Limit: 200
X-RateLimit-Remaining: 187
X-RateLimit-Reset: 1714780800
X-Request-Id: req_01HXYZABC...When you exceed the limit, the API returns 429 Too Many Requests with a Retry-After header. Our SDKs implement automatic exponential backoff with jitter.
Errors return a consistent JSON shape. Always inspect both the HTTP status and the code field. The code is stable across versions. The message may change.
{
"error": {
"code": "image_too_large",
"message": "Image exceeds 20 MB limit (got 24.3 MB)",
"param": "image_url",
"request_id": "req_01HXYZABC..."
}
}| HTTP | Code | Meaning |
|---|---|---|
| 400 | invalid_request | Malformed body, missing field, or bad image URL |
| 400 | image_too_large | File exceeds 20 MB |
| 400 | image_unsupported_format | Only JPEG, PNG, WebP, HEIC, GIF, BMP, and TIFF are supported |
| 401 | unauthorized | Missing or invalid API key |
| 402 | payment_required | Subscription expired or quota exhausted |
| 403 | forbidden | Key lacks permission for this endpoint |
| 404 | not_found | Job ID not found or unsupported endpoint |
| 422 | image_unfetchable | URL did not return a valid image (timeout, 4xx, 5xx) |
| 429 | rate_limited | Too many requests. Honor Retry-After |
| 500 | internal_error | Transient. Retry with backoff. Logged with request_id |
| 503 | service_unavailable | Maintenance or capacity issue. Status page link in response |
For async batch jobs and high-volume detection pipelines, register a webhook URL and receive verdicts as they complete. Webhooks are signed with HMAC-SHA256.
Add a webhook URL in the dashboard or via the API. Each project supports up to 5 webhooks.
Every payload includes an X-Signature header. Verify with the shared secret before acting.
Failed deliveries retry 5 times with exponential backoff over 24 hours.
detection.completed, batch.completed, batch.failed
import crypto from "crypto";
function verify(rawBody, signature, secret) {
const expected = crypto
.createHmac("sha256", secret)
.update(rawBody)
.digest("hex");
return crypto.timingSafeEqual(
Buffer.from(expected),
Buffer.from(signature)
);
}Official SDKs are available in seven languages. All implement automatic retries, request signing, response parsing, and helpful error messages.
from aiimagedetector import Client
client = Client(api_key="aidet_live_sk_...")
result = client.detect(
image_url="https://example.com/photo.jpg",
include_attribution=True,
include_heatmap=True,
)
print(f"Verdict: {result.verdict} ({result.confidence:.0%})")
print(f"Most likely model: {result.top_model()}")
if result.heatmap_url:
print(f"Heatmap: {result.heatmap_url}")import { Client } from "@aiimagedetector/node";
const client = new Client({ apiKey: process.env.AIDET_KEY! });
const result = await client.detect({
imageUrl: "https://example.com/photo.jpg",
includeAttribution: true,
includeHeatmap: true,
});
console.log(`Verdict: ${result.verdict} (${(result.confidence * 100).toFixed(1)}%)`);
console.log(`Top model: ${result.topModel()}`);package main
import (
"fmt"
"github.com/aiimagedetector/go"
)
func main() {
client := aiimagedetector.NewClient("aidet_live_sk_...")
result, err := client.Detect(&aiimagedetector.DetectRequest{
ImageURL: "https://example.com/photo.jpg",
IncludeAttribution: true,
})
if err != nil {
panic(err)
}
fmt.Printf("Verdict: %s (%.1f%%)\n", result.Verdict, result.Confidence*100)
}URL-based requests are faster because we fetch in parallel and avoid the base64 inflation tax. Base64 is fine for ephemeral images you cannot host.
Single-image requests have per-call overhead. Batches up to 100 images are 30 to 50 percent faster end-to-end and cheaper per image at higher volume tiers.
Always request the raw confidence score and apply your business threshold downstream. Different workflows need different thresholds. Label, restrict, and remove are all valid actions.
Every response includes a request_id. Logging it makes support investigations 10x faster when you need them.
Identical images return identical verdicts. Cache by content hash to deduplicate near-duplicate uploads, which are 5 to 15 percent of real-world traffic.
Webhook delivery is faster and cheaper than polling. Reserve polling for cases where webhooks cannot reach you.
Do not rely solely on 429s. SDKs include token-bucket limiters that prevent burst-throttling under load.
We treat every image as sensitive. Encryption everywhere, configurable retention, and SOC 2 Type II certification on Enterprise.
TLS 1.2+ in transit. AES-256 at rest. Keys rotated every 90 days.
Free and Pro: 30 day log retention, images discarded after detection. Enterprise: configurable, including zero-retention.
SOC 2 Type II audited. GDPR-compliant. HIPAA available on Enterprise. EU regional endpoints available.
Role-based access in dashboard. SSO and SAML on Enterprise. IP allowlisting on Pro and above.
Every API request and dashboard action is logged. Exportable as CSV or via SIEM webhook on Enterprise.
Annual third-party pen tests. Reports available under NDA on request.
SOC 2 reports, pen test summaries, sub-processor lists, and DPA templates are available on request.
Get an API key in 30 seconds. 500 free scans every month, no credit card.