Verify a message
Use POST /v1/verify/message for SMS, chat, or email content before acting on it. Faro
extracts links and runs the full URL pipeline on each (folding in the worst), then — when
text-only or inconclusive — reasons about scam tactics with the LLM.
curl https://api.farofinance.app/v1/verify/message \
-H "Authorization: Bearer $FARO_API_KEY" \
-H "Content-Type: application/json" \
-d '{"value": "URGENT: Your account is blocked. Share the OTP we just sent to reactivate."}'
{
"verdict": "yellow",
"confidence": 0.5,
"reason": "Pressures you to share a one-time passcode — a hallmark of account-takeover scams.",
"recommended_action": "warn"
}
What Faro calls (v1.1)
| Step | What runs | Typical signals |
|---|---|---|
| Link extraction | Up to 5 URLs per message; each runs the full URL verify pipeline | message_dangerous_link, message_suspicious_link (folded from link verdicts) |
| Per-link sources | Safe Browsing, RDAP, reputation, and LLM (if needed) — same as POST /v1/verify/url | Inherited from each link check |
| Scam-brain LLM (tier 3) | Urgency, impersonation, OTP/PIN solicitation when links alone are not decisive | llm_assessment |
| Reputation graph | Prior signals on this message hash (messages are keyed by content) | reputation_reports, … |
Wrong verdict? Submit a report.
See the API reference for the full schema.