ScamAI
Pricing
Learn
Log InBook a demo
Developer9 min read·

How to integrate deepfake detection into your app (API guide)

Integrating deepfake detection into your application requires three things: a production-grade detection API, a clear understanding of how to interpret confidence scores, and a thoughtful integration pattern for your specific use case. ScamAI's REST API integrates in under 10 minutes and handles images, videos, and audio. This guide walks through the full integration from authentication to production deployment.

When your application needs deepfake detection

Not every application needs deepfake detection. The use cases where it provides clear value share a common pattern: your application accepts media from external sources (users, customers, documents) where a synthetic or manipulated submission would represent fraud, safety risk, or authenticity failure.

  • KYC / identity verification — selfies, ID photos, and liveness checks can be bypassed with deepfakes
  • Dating and social platforms — AI-generated profile photos enable catfishing and romance scam operations
  • Content moderation — platforms with user-generated content face AI-generated propaganda, spam, and disinformation
  • Insurance claims processing — AI-edited photos are increasingly used to fabricate or exaggerate damage claims
  • HR / remote hiring — candidates use real-time deepfake tools in video interviews to impersonate other people
  • Call centers and banking — voice clones are used to bypass voice authentication and authorize fraudulent transactions

If one of these patterns matches your application, adding deepfake detection is a meaningful fraud and trust layer. The engineering investment is minimal — the ScamAI API returns a result in under 4 seconds from a single HTTP request.

Authentication and getting started

All ScamAI API requests are authenticated with a Bearer token in the Authorization header. Sign up at app.scam.ai to get an API key. The free tier provides 200 detections per month — enough for integration testing and threshold calibration on real data.

bash
# Test your API key
curl -X POST https://api.scam.ai/v1/detect \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"image_url": "https://example.com/test-image.jpg"}'

The base URL is https://api.scam.ai/v1. All endpoints accept JSON request bodies and return JSON responses. HTTP status codes follow standard conventions: 200 for success, 400 for invalid input, 401 for authentication failure, 429 for rate limiting.

Image and video deepfake detection

The /v1/detect endpoint handles both images and video. Submit a publicly accessible URL or a base64-encoded file payload. For video files, the API analyzes key frames and returns an aggregate confidence score along with per-frame scores.

javascript
// Image detection via URL
const response = await fetch('https://api.scam.ai/v1/detect', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer YOUR_API_KEY',
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    image_url: 'https://example.com/profile-photo.jpg',
    model: 'eva-v1-pro',  // or 'eva-v1-fast' for speed
  }),
});

const result = await response.json();
// {
//   "is_deepfake": true,
//   "confidence": 0.94,
//   "model": "eva-v1-pro",
//   "processing_time_ms": 1847,
//   "detection_type": "face_swap"
// }

Two model variants are available. eva-v1-fast processes in under 2 seconds and is suited for real-time onboarding flows and high-volume content moderation. eva-v1-pro processes in under 4 seconds and achieves the highest accuracy — recommended for KYC and high-stakes identity verification where accuracy outweighs a 2-second difference in latency.

Audio and voice clone detection

The /v1/detect/audio endpoint accepts MP3, WAV, M4A, FLAC, and OGG files. For call center use cases, submit call recordings or streaming audio chunks. The response includes whether the audio is synthetically generated and, when detectable, which synthesis platform was used.

python
import requests

# Audio detection
response = requests.post(
    "https://api.scam.ai/v1/detect/audio",
    headers={"Authorization": "Bearer YOUR_API_KEY"},
    json={
        "audio_url": "https://example.com/call-recording.mp3",
        "model": "eva-v1-pro"
    }
)

result = response.json()
# {
#   "is_synthetic": true,
#   "confidence": 0.97,
#   "detected_tool": "elevenlabs",
#   "processing_time_ms": 2103
# }

Handling responses in your application

The confidence field is the most important field in the response. It is a float between 0 and 1 representing the model's certainty that the media is synthetic. A confidence of 0.94 means the model is 94% confident the image is AI-generated.

Your application logic determines what to do with that confidence score. Three patterns cover most use cases.

  • Hard reject — confidence > 0.90 → reject the submission automatically
  • Queue for review — confidence 0.60–0.90 → flag for manual human review
  • Accept — confidence < 0.60 → proceed normally
javascript
function handleDetectionResult(result) {
  const { confidence } = result;

  if (confidence > 0.90) {
    return { action: 'reject', reason: 'AI-generated content detected' };
  }

  if (confidence > 0.60) {
    return { action: 'review', reason: 'Low-confidence detection — manual review required' };
  }

  return { action: 'accept' };
}

Thresholds are not universal. Use the free tier to analyze a sample of your real data and observe the distribution of confidence scores for both genuine and AI-generated content before setting production thresholds.

Integration patterns by use case

KYC onboarding: Call /v1/detect synchronously during the selfie capture step. With eva-v1-fast's sub-2-second processing, this adds no perceptible friction to the user flow. A confidence score above your threshold triggers a second verification step before proceeding.

Content moderation at scale: Use an asynchronous pattern. Enqueue uploaded images to a processing queue, process with the ScamAI API, and update the moderation status in your database. This pattern scales to millions of daily uploads without blocking user-facing operations.

Call center voice authentication: Use the streaming audio endpoint. As each call arrives, stream the first 10–15 seconds of audio to the API. The detection result arrives before the call has reached a human agent, allowing automatic flagging for elevated authentication steps.

Production readiness and scaling

Before going to production, verify your error handling covers 400 (invalid input — check image format and size), 401 (expired API key), and 429 (rate limit exceeded). The ScamAI enterprise plan provides dedicated throughput with no rate limits and an SLA-backed uptime of 99.9%.

For latency-sensitive paths, consider caching detection results by image hash. If the same image is uploaded by multiple users (a common pattern with stock deepfake photos used across multiple fraud accounts), caching eliminates redundant API calls.

Pro Tip

Hash images by their content (MD5 or SHA-256 of the file bytes) before calling the API. Cache positive (deepfake detected) results aggressively — fraudsters reuse the same generated images across multiple accounts.

FAQ

Frequently asked questions

Start integrating deepfake detection today

200 free detections per month. Full API access. No credit card required.

Get API Access

Related articles

Deepfake detection accuracy: what the benchmarks actually mean

7 min read · Detection

How to detect AI-generated images (free tools + API)

7 min read · Detection

Voice cloning attacks: how they work and how to stop them

8 min read · Detection

← Back to all articles
How to integrate deepfake detection into your app (API guide) | ScamAI