← RETURN TO SKINCHEESE

API Documentation

Integrate enterprise phallic image detection into your platform. Two endpoints. Zero retention.

Authentication POST /api/v1/scan — Image Scan POST /api/v1/scan-url — URL Scan Response Format Threat Levels Email Filter Deployment Google Workspace Microsoft 365 / IMAP Rate Limits Error Codes

Authentication

All API requests require an API key passed via the x-api-key header.

curl -X POST https://skincheese.com/api/v1/scan \
  -H "x-api-key: sk_live_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"image": "base64..."}'

To obtain an API key, request access or subscribe to a tier on our pricing page.

Demo mode: If the API is deployed without keys configured, it operates in demo mode — all requests are accepted with a "tier": "demo" flag in the response. Configure SKINCHEESE_API_KEYS or SKINCHEESE_MASTER_KEY in your Netlify environment variables to enable authentication.

Image Scan

POST /api/v1/scan

Upload a base64-encoded image or multipart form file for analysis.

Request — JSON

FIELDTYPEDESCRIPTION
image requiredstringBase64-encoded image data. Data URI prefix (data:image/png;base64,) is optional and will be stripped.
curl -X POST https://skincheese.com/api/v1/scan \
  -H "x-api-key: sk_live_abc123" \
  -H "Content-Type: application/json" \
  -d '{
    "image": "/9j/4AAQSkZJRg..."
  }'

Request — Multipart

curl -X POST https://skincheese.com/api/v1/scan \
  -H "x-api-key: sk_live_abc123" \
  -F "image=@photo.jpg"

URL Scan

POST /api/v1/scan-url

Provide an image URL. Skincheese fetches and scans it server-side. Ideal for webhook integrations, content moderation pipelines, and email filters.

FIELDTYPEDESCRIPTION
url requiredstringHTTP/HTTPS URL of the image to scan. Must return a valid image. 10s fetch timeout.
curl -X POST https://skincheese.com/api/v1/scan-url \
  -H "x-api-key: sk_live_abc123" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://example.com/uploaded-image.jpg"
  }'

Response Format

Both endpoints return identical JSON response structures:

{
  "version": "4.0.0",
  "protocol": "SC-NUDENET-DETECT",
  "engine": "NudeNet YOLOv8 320n",
  "timestamp": "2026-02-22T15:30:00.000Z",
  "processingMs": 187,
  "tier": "standard",

  "verdict": {
    "threatLevel": "CRITICAL",
    "confidence": 94,
    "targetDetected": true,
    "targetScore": 0.9412,
    "description": "Phallic imagery detected with high confidence."
  },

  "detections": [
    {
      "class": 14,
      "label": "MALE_GENITALIA_EXPOSED",
      "confidence": 0.9412,
      "bbox": { "x1": 120, "y1": 85, "x2": 340, "y2": 410 }
    },
    {
      "class": 5,
      "label": "MALE_BREAST_EXPOSED",
      "confidence": 0.7801,
      "bbox": { "x1": 80, "y1": 30, "x2": 380, "y2": 180 }
    }
  ],
  "detectionCount": 2,
  "imageSize": { "width": 640, "height": 480 },

  "meta": {
    "model": "320n.onnx",
    "nmsModel": "nms-yolov8.onnx",
    "inputSize": 320,
    "threshold": 0.25,
    "classes": 18,
    "targetClass": 14,
    "targetLabel": "MALE_GENITALIA_EXPOSED",
    "retention": "zero — image purged from memory after processing"
  }
}

Response Headers

HEADERDESCRIPTION
X-Skincheese-ThreatThreat level: CRITICAL, ELEVATED, ADVISORY, or CLEAR
X-Skincheese-ConfidenceConfidence percentage (0–100)
X-Processing-TimeServer-side processing time in ms

Threat Levels

LEVELCONFIDENCEACTION
CRITICAL> 60%Target detected with high confidence. Automatic quarantine recommended.
ELEVATED40–60%Probable detection. Flag for human review.
ADVISORY25–40%Possible detection. Low confidence — monitor.
CLEAR0%No target detected. Image is clean.

Detection Classes

The NudeNet engine detects 18 anatomical classes. Only class 14 (MALE_GENITALIA_EXPOSED) triggers the threat verdict. All other detections are returned for context but do not affect the threat level.

Email Filter Deployment

Skincheese provides ready-to-deploy email filters that scan image attachments in real time. Flagged emails are automatically quarantined.

Google Workspace — Apps Script

Zero infrastructure required. Runs entirely within Google's platform.

Setup (5 minutes):

What it does:

// Test your connection
function testApiConnection() {
  // Creates a 1x1 white pixel, sends to API
  // Check Logs (View → Logs) for results
}

Microsoft 365 / IMAP — Node.js

Runs as a Node.js process. Deploy via cron, PM2, Azure Functions, or any server.

Setup:

# Install dependencies
npm install imapflow mailparser

# Configure
cp .env.example .env
# Edit .env with your IMAP credentials and Skincheese API key

# Run
node microsoft365-filter.js

# Production (via cron — every 5 minutes)
*/5 * * * * cd /opt/skincheese-filter && node microsoft365-filter.js

Supported providers:

What it does:

Rate Limits

TIERSCANS/MONTHBURST RATE
Tier I — Subscription ($69/yr)5,00010 req/min
Tier II — Sentinel ($2,400/yr)500,000100 req/min
Tier III — Sovereign (Custom)UnlimitedUnlimited
Demo (no key)1002 req/min

Rate limit headers are included in every response: X-RateLimit-Remaining, X-RateLimit-Reset.

Error Codes

CODEMEANING
400Bad request — missing or invalid image/URL field
401Unauthorized — invalid or missing API key
405Method not allowed — use POST
413Payload too large — image exceeds 25MB
422Unprocessable — could not fetch image from URL
429Rate limit exceeded — wait and retry
500Processing error — invalid image format or server error
Zero retention: All images are processed in volatile memory and purged immediately after the verdict is returned. No image data is written to disk, logged, or cached. Ever.
SKINCHEESE.COM  ·  © 2026 SKINCHEESE CORP