Most “email validation” in the wild is a regex check against the syntax of the address, which catches typos but tells you nothing about whether the domain can actually receive mail. Most “phone validation” is a length check, which tells you nothing about whether the number is actually valid for that country's numbering plan. Here's what /email/validate and /phone/validate actually do differently.
Email validation: syntax, MX records, and a real disposable-domain list
/email/validate checks three independent things and combines them into one is_validresult: syntax validity, whether the domain actually has MX (mail-exchange) DNS records — meaning mail sent to it has somewhere to go — and whether the domain matches a curated list of 30+ known disposable/temp-mail providers. An address can pass syntax and still be useless if the domain has no MX records, and it can pass both of those and still be a one-time throwaway address you don't want signing up for your product.
fetch("https://aplicious.com/api/v1/email/validate?email=test@gmail.com", {
headers: { "X-API-Key": "lapi_live_••••" },
});The response includes the actual MX records found (exchange and priority), not just a boolean — useful if you want to log what mail server a domain is actually using.
Phone validation: a real numbering-plan library, not a length check
/phone/validate is built on libphonenumber-js, the JavaScript port of Google's libphonenumber — the same library Android uses internally for phone number parsing. It distinguishes between isPossiblePhoneNumber (the right length and shape for the country) and isValidPhoneNumber (matches a real, assigned numbering pattern for that country) — a number can be possible without being valid, which is the distinction a simple regex can never make.
fetch("https://aplicious.com/api/v1/phone/validate?number=%2B919876543210", {
headers: { "X-API-Key": "lapi_live_••••" },
});The response includes the detected country code, which matters for routing or cost-estimation logic downstream — you often need to know which country a number belongs to before you can do anything useful with it.
Why this matters for signup forms specifically
A signup form that only regex-validates email addresses will happily accept a disposable-domain throwaway address, leading to inflated signup counts and abuse of free tiers. A signup form that only length-checks phone numbers will accept obviously-fake numbers. Real validation at both layers is cheap to add and meaningfully reduces the junk that makes it into a user database in the first place.