Check whether an email address appears in known data breaches. Uses Have I Been Pwned (HIBP) — 13 billion+ compromised accounts. Returns breach count and details (breach name, date, exposed data classes). Use before allowing high-risk actions that depend on credential integrity. Pay-as-you-go: $0.10 USDC per check (x402 on Base). Subscription: rapidapi.com/relayshield

Detect whether a SIM swap or eSIM provisioning event has occurred on a phone number in the last 24 hours. Uses Twilio Lookup v2 with live carrier data. Returns swapped (bool), swap timestamp, and current carrier. Use when a user reports losing mobile service, or before completing a high-risk action that depends on SMS-based authentication. Pay-as-you-go: $0.25 USDC per check (x402 on Base). Subscription: rapidapi.com/relayshield

Detect typosquat and lookalike domains impersonating a brand. Generates hundreds of permutations (TLD swaps, character typos, homoglyphs, phishing prefixes/suffixes), resolves them in parallel via DNS, and enriches live results with Certificate Transparency data (cert count, recent issuance). Returns all lookalike domains that are currently registered and resolving. Use to find domains impersonating your brand, or before an employee clicks a link that resembles a company domain. Pay-as-you-go: $0.50 USDC per scan (x402 on Base). Subscription: rapidapi.com/relayshield

Check whether any high-risk OAuth-capable SaaS apps connected to an email account have appeared in recent data breaches. Monitors a curated watchlist of apps (Slack, Notion, GitHub, Zapier, Vercel, Loom, HubSpot, AI tools, and more). An attacker who breaches these services may obtain OAuth tokens granting access to your Google Workspace or Microsoft 365 without touching your password. Returns matched breached apps and recommended revocation steps. Pay-as-you-go: $0.15 USDC per check (x402 on Base). Subscription: rapidapi.com/relayshield

Submit a URL for malware and phishing analysis across 70+ security engines. Returns an analysis_id immediately (async). Call check_scan_result with the analysis_id every 5 seconds until verdict is returned. Verdicts: malicious | suspicious | clean | timeout. Use before navigating to an unfamiliar URL or when a user forwards a suspicious link. Requires subscription API key — coming soon for pay-as-you-go. Subscription: rapidapi.com/relayshield

Submit a file for binary malware analysis across 70+ AV engines. Provide a publicly accessible download URL — RelayShield handles the download. Returns an analysis_id immediately (async). Call check_scan_result with the analysis_id every 5 seconds until verdict is returned. Verdicts: malicious | suspicious | clean | timeout. Use when a user receives an email attachment and forwards the download link. Requires subscription API key — coming soon for pay-as-you-go. Subscription: rapidapi.com/relayshield

Poll for the result of a previously submitted URL or file scan. Call every 5 seconds after scan_url or scan_file until status is 'completed'. Returns verdict (malicious/suspicious/clean) and engine vote counts, or {status: pending} if the scan is still running. Free with a paid scan (no additional charge).