DisposableGuard

SvelteKit

import { fail } from '$app/forms';
import { DG_KEY } from '$env/static/private';

async function isDisposable(email: string) {
  try {
    const r = await fetch(
      `https://api.disposableguard.com/v1/check?email=${encodeURIComponent(email)}`,
      { headers: { Authorization: `Bearer ${DG_KEY}` } }
    );
    if (!r.ok) return false;
    const data = await r.json();
    return data.is_disposable === true;
  } catch {
    return false;
  }
}

export const actions = {
  default: async ({ request }) => {
    const data = await request.formData();
    const email = data.get('email');

    if (await isDisposable(String(email))) {
      return fail(400, { error: 'Please use a real email address.' });
    }

    // ...signup logic
    return { success: true };
  }
};

Notes

Uses `$env/static/private` for server-side env vars. The check runs in the server action.