I

Inkrata

Fraudulent Image Detection API

All endpoints require an API key passed via the Authorization header as a Bearer token. Join our Discord server to get a free key.


GET /api/v1/check/pdq

Check whether a PDQ hash matches a known scam image in our database. This is the recommended hash-based method, as PDQ is resilient to compression, resizing, and pixel changes.

Parameter Description
q PDQ hash string (query parameter, required)

Example request

GET https://api.inkrata.com/api/v1/check/pdq?q=ededcec2a1553939d2a4d6cab12915afd66adf42b170130bdeb283473ad11283
Authorization: Bearer YOUR_API_KEY

Response - 200 OK

{
  "status": "ok",
  "found": true,
  "pdq": "7e7c7aba1cae746ad6e56af4eb4ae541e595ab4121d0b58559912b8a51c19333",
  "sha256": [
    "8b9dea0f8f48e4059db9b4813db91adfe93759a351d888e68e6d79c1130364d3",
    "f8ed299b75e7eb497679ffbb601ac3a29bee7e5c48aa948f1b663c6da3ea012d"
  ],
  "score": 1.0,
  "indexed_at": "2026-07-10T10:32:45.792808Z"
}

Response - 404 NOT FOUND

{
  "status": "ok",
  "found": false
}

GET /api/v1/check/sha256

Check whether a SHA-256 hash matches a known scam image. Not recommended - even a single changed pixel or any compression in transit (e.g. Discord re-encoding) will produce a different hash. Use /api/v1/check/pdq or the upload endpoint instead.

Parameter Description
q SHA-256 hash string (query parameter, required)

Example request

GET https://api.inkrata.com/api/v1/check/sha256?q=8b9dea0f8f48e4059db9b4813db91adfe93759a351d888e68e6d79c1130364d3
Authorization: Bearer YOUR_API_KEY

Response - 200 OK

{
  "status": "ok",
  "found": true,
  "pdq": "7e7c7aba1cae746ad6e56af4eb4ae541e595ab4121d0b58559912b8a51c1948d",
  "sha256": [
    "8b9dea0f8f48e4059db9b4813db91adfe93759a351d888e68e6d79c1130364d3",
    "f8ed299b75e7eb497679ffbb601ac3a29bee7e5c48aa948f1b663c6da3ea012d"
  ],
  "score": 1.0,
  "indexed_at": "2026-07-10T10:32:45.792808Z"
}

Response - 404 NOT FOUND

{
  "status": "ok",
  "found": false
}

POST /api/v1/image

Upload an image for full analysis. This is the most effective method. The image is processed with PDQ hashing, OCR, and VLM analysis to detect scam content - even images not previously in our database. Uploaded images help grow the hash database for future lookups.

Images are not stored. Only derived hashes and identifiers are kept.

Field Description
file Image file (form field, required)
Content-Type multipart/form-data
Accepted formats PNG, JPG, WEBP, AVIF

Example request

POST https://api.inkrata.com/api/v1/image
Authorization: Bearer YOUR_API_KEY
Content-Type: multipart/form-data

--boundary
Content-Disposition: form-data; name="file"; filename="screenshot.png"
Content-Type: image/png

(binary data)
--boundary--

Response - 200 OK

{
"status": "ok",
"found": true,
"pdq": "ededcec2a1553939d2a4d6cab12915afd66adf42b170130bdeb283473ad11283",
"sha256": "8b9dea0f8f48e4059db9b4813db91adfe93759a351d888e68e6d79c1130364d3",
"score": 0.94,
"indexed_at": "2026-07-05T09:18:42Z"
}

Response - 404 NOT FOUND

{
  "status": "ok",
  "found": false,
  "action": "OCR",
  "score": 0.0
}

Response - 400 BAD REQUEST

{
  "status": "error",
  "message": "<ERROR MESSAGE>"
}

Response field reference

Field Description
status "ok" or "error"
found Whether the image matched a known scam in the database
action Analysis method used when not found: "OCR" or "VLM"
score Confidence score (0.0 - 1.0). Only meaningful when found is true
pdq PDQ hash of the matched image (only when found)
sha256 SHA-256 hash of the matched image (only when found) or a list of hashes
indexed_at ISO 8601 timestamp of when the image was first indexed (only when found)
message Appears on errors or if the image has a context message generated by an LLM.