All endpoints require an API key passed via the Authorization header as a Bearer token.
Join our Discord server to get a free key.
Check whether a PDQ hash matches a known scam image in our database. This is the recommended hash-based method, as PDQ is resilient to compression, resizing, and pixel changes.
q
PDQ hash string (query parameter, required)
Example request
GET https://api.inkrata.com/api/v1/check/pdq?q=ededcec2a1553939d2a4d6cab12915afd66adf42b170130bdeb283473ad11283
Authorization: Bearer YOUR_API_KEY
Response - 200 OK
{
"status": "ok",
"found": true,
"pdq": "7e7c7aba1cae746ad6e56af4eb4ae541e595ab4121d0b58559912b8a51c19333",
"sha256": [
"8b9dea0f8f48e4059db9b4813db91adfe93759a351d888e68e6d79c1130364d3",
"f8ed299b75e7eb497679ffbb601ac3a29bee7e5c48aa948f1b663c6da3ea012d"
],
"score": 1.0,
"indexed_at": "2026-07-10T10:32:45.792808Z"
}
Response - 404 NOT FOUND
{
"status": "ok",
"found": false
}
Check whether a SHA-256 hash matches a known scam image.
Not recommended - even a single changed pixel or any compression
in transit (e.g. Discord re-encoding) will produce a different hash.
Use /api/v1/check/pdq or the upload endpoint instead.
q
SHA-256 hash string (query parameter, required)
Example request
GET https://api.inkrata.com/api/v1/check/sha256?q=8b9dea0f8f48e4059db9b4813db91adfe93759a351d888e68e6d79c1130364d3
Authorization: Bearer YOUR_API_KEY
Response - 200 OK
{
"status": "ok",
"found": true,
"pdq": "7e7c7aba1cae746ad6e56af4eb4ae541e595ab4121d0b58559912b8a51c1948d",
"sha256": [
"8b9dea0f8f48e4059db9b4813db91adfe93759a351d888e68e6d79c1130364d3",
"f8ed299b75e7eb497679ffbb601ac3a29bee7e5c48aa948f1b663c6da3ea012d"
],
"score": 1.0,
"indexed_at": "2026-07-10T10:32:45.792808Z"
}
Response - 404 NOT FOUND
{
"status": "ok",
"found": false
}
Upload an image for full analysis. This is the most effective method. The image is processed with PDQ hashing, OCR, and VLM analysis to detect scam content - even images not previously in our database. Uploaded images help grow the hash database for future lookups.
Images are not stored. Only derived hashes and identifiers are kept.
file
Image file (form field, required)
multipart/form-data
Example request
POST https://api.inkrata.com/api/v1/image
Authorization: Bearer YOUR_API_KEY
Content-Type: multipart/form-data
--boundary
Content-Disposition: form-data; name="file"; filename="screenshot.png"
Content-Type: image/png
(binary data)
--boundary--
Response - 200 OK
{
"status": "ok",
"found": true,
"pdq": "ededcec2a1553939d2a4d6cab12915afd66adf42b170130bdeb283473ad11283",
"sha256": "8b9dea0f8f48e4059db9b4813db91adfe93759a351d888e68e6d79c1130364d3",
"score": 0.94,
"indexed_at": "2026-07-05T09:18:42Z"
}
Response - 404 NOT FOUND
{
"status": "ok",
"found": false,
"action": "OCR",
"score": 0.0
}
Response - 400 BAD REQUEST
{
"status": "error",
"message": "<ERROR MESSAGE>"
}
Response field reference
status
"ok" or "error"
found
Whether the image matched a known scam in the database
action
Analysis method used when not found: "OCR" or "VLM"
score
Confidence score (0.0 - 1.0). Only meaningful when found is true
pdq
PDQ hash of the matched image (only when found)
sha256
SHA-256 hash of the matched image (only when found) or a list of hashes
indexed_at
ISO 8601 timestamp of when the image was first indexed (only when found)
message
Appears on errors or if the image has a context message generated by an LLM.