📚 Guide client API

Ce guide couvre l'utilisation des Edge Functions actuelles et préfigure l'API REST v1 (Q2 2026).

Edge Functions actuelles

Base URL

https://lknpnomhfqcgkktxydui.supabase.co/functions/v1/

Authentification

curl -X POST \
  https://lknpnomhfqcgkktxydui.supabase.co/functions/v1/arcep-check \
  -H "Authorization: Bearer <SUPABASE_ANON_KEY>" \
  -H "Content-Type: application/json" \
  -d '{"action":"check","phoneNumber":"0612345678"}'

Exemples d'intégration

JavaScript / TypeScript

// Vérification d'un numéro ARCEP
const checkPhone = async (phoneNumber: string) => {
  const response = await fetch(
    'https://lknpnomhfqcgkktxydui.supabase.co/functions/v1/arcep-check',
    {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json',
        'Authorization': `Bearer ${process.env.SUPABASE_ANON_KEY}`,
      },
      body: JSON.stringify({ action: 'check', phoneNumber })
    }
  );
  return response.json();
};

// Analyse spam
const analyzeSpam = async (emailContent: string, spf: string) => {
  const response = await fetch(
    'https://lknpnomhfqcgkktxydui.supabase.co/functions/v1/analyze-spam',
    {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json',
        'Authorization': `Bearer ${process.env.SUPABASE_ANON_KEY}`,
      },
      body: JSON.stringify({ emailContent, spf })
    }
  );
  return response.json();
};

Python

import requests

SUPABASE_URL = "https://lknpnomhfqcgkktxydui.supabase.co"
ANON_KEY = "votre_anon_key"

def check_phone(phone_number: str) -> dict:
    response = requests.post(
        f"{SUPABASE_URL}/functions/v1/arcep-check",
        headers={
            "Authorization": f"Bearer {ANON_KEY}",
            "Content-Type": "application/json"
        },
        json={"action": "check", "phoneNumber": phone_number}
    )
    return response.json()

def analyze_spam(email_content: str, spf: str = "unknown") -> dict:
    response = requests.post(
        f"{SUPABASE_URL}/functions/v1/analyze-spam",
        headers={
            "Authorization": f"Bearer {ANON_KEY}",
            "Content-Type": "application/json"
        },
        json={"emailContent": email_content, "spf": spf}
    )
    return response.json()

# Exemple d'utilisation
result = check_phone("0612345678")
print(f"Bloqué: {result['isBlocked']}")
print(f"Patterns: {result['matchCount']}")

cURL

# Vérification numéro
curl -X POST \
  https://lknpnomhfqcgkktxydui.supabase.co/functions/v1/arcep-check \
  -H "Authorization: Bearer $SUPABASE_ANON_KEY" \
  -H "Content-Type: application/json" \
  -d '{"action":"info"}'

# Analyse spam simple
curl -X POST \
  https://lknpnomhfqcgkktxydui.supabase.co/functions/v1/analyze-spam \
  -H "Authorization: Bearer $SUPABASE_ANON_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "emailContent": "Congratulations! You have won a prize.",
    "subject": "You won!",
    "from": "winner@suspicious-domain.com",
    "spf": "fail"
  }'

Consommer le streaming SSE

L'endpoint analyze-email-headers utilise le streaming SSE. Voici comment le consommer :

Node.js

const { createParser } = require('eventsource-parser');

async function analyzeHeaders(emailHeaders) {
  const response = await fetch(
    'https://lknpnomhfqcgkktxydui.supabase.co/functions/v1/analyze-email-headers',
    {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json',
        'Authorization': `Bearer ${process.env.SUPABASE_ANON_KEY}`,
      },
      body: JSON.stringify({ emailHeaders })
    }
  );

  const parser = createParser((event) => {
    if (event.type === 'event' && event.data !== '[DONE]') {
      const step = JSON.parse(event.data);
      console.log(`[${step.progress}%] ${step.step}: ${step.data.message}`);
      
      if (step.step === 'complete') {
        console.log('Analyse terminée:', step.data.summary);
      }
    }
  });

  const reader = response.body.getReader();
  const decoder = new TextDecoder();
  
  while (true) {
    const { done, value } = await reader.read();
    if (done) break;
    parser.feed(decoder.decode(value));
  }
}

API REST v1 (Q2 2026)

Endpoints prévus

POST /api/v1/email/analyze    → Analyse complète d'en-têtes email
POST /api/v1/phone/check      → Vérification numéro ARCEP
GET  /api/v1/account/usage    → Consommation API du compte
GET  /api/v1/account/credits  → Crédits restants

Authentification v1 (Bearer token dédié)

curl -H "Authorization: Bearer bm_v1_xxxxxxxxxxxxxxxxxxxx" \
  https://api.spams.seb205.ovh/v1/phone/check \
  -d '{"phoneNumber":"0612345678"}'

Limites de taux prévues

Plan	req/min	req/jour
Free	10	100
Premium	60	5 000
PME Basic	100	10 000
PME Pro	1 000	100 000

Réponse en cas de quota dépassé

{
  "error": "rate_limit_exceeded",
  "message": "Quota journalier atteint",
  "retry_after": "2026-04-20T00:00:00Z"
}

Codes de réponse

Code	Signification
200	Succès
400	Données manquantes ou invalides
401	Non authentifié (clé API manquante ou expirée)
429	Quota dépassé
500	Erreur serveur
503	Service temporairement indisponible

Edge Functions actuelles​

Base URL​

Authentification​

Exemples d'intégration​

JavaScript / TypeScript​

Python​

cURL​

Consommer le streaming SSE​

Node.js​

API REST v1 (Q2 2026)​

Endpoints prévus​

Authentification v1 (Bearer token dédié)​

Limites de taux prévues​

Réponse en cas de quota dépassé​

Codes de réponse​

Edge Functions actuelles

Base URL

Authentification

Exemples d'intégration

JavaScript / TypeScript

Python

cURL

Consommer le streaming SSE

Node.js

API REST v1 (Q2 2026)

Endpoints prévus

Authentification v1 (Bearer token dédié)

Limites de taux prévues

Réponse en cas de quota dépassé

Codes de réponse