NAV Navbar

  Please scroll down to see the code for your Auth0 rule. 

Email Hippo and Auth0 integration


The purpose of this function is to prevent new users from signing up to your Auth0 authenticated services with bad or disposable email addresses. Allowing use of email addresses which will hard bounce or are disposable will mean any subsequent attempt at contact with the user after sign-up will fail. Disposable email addresses are an early indicator of fraud.

About Email Hippo

Email Hippo is an email validation service and data services provider you can trust.

We provide accurate, guaranteed cloud-based email validation technology globally under ISO 27001 standards.

Businesses use Email Hippo to get cleaner email data, sort bad email addresses from lists and sign-ups and prevent disposable and other bad email addresses getting onto systems.

You can be up and running with MORE, the Email Hippo API in fifteen minutes or less. MORE delivers 74 datapoints about every email address, so you can filter sign-ups, spot disposable emails and keep your data clean.

Link to Email Hippo

About Auth0

Auth0, the identity platform for application builders, provides thousands of customers in every market sector with the only identity solution they need for their web, mobile, IoT, and internal applications.

Its extensible platform seamlessly authenticates and secures more than 2.5 billion logins per month, making it loved by developers and trusted by global enterprises.

The company's U.S. headquarters in Bellevue, WA, and additional offices in Buenos Aires, London, Tokyo, and Sydney, support its global customers that are located in 70+ countries.

What is Auth0?

Auth0 helps you to easily:

Why Auth0?

Link to Why Auth0

Link to Auth0



  1. An Auth0 account with a tenant setup

  2. An Email Hippo account with a MORE API subscription and access to your API key.

To create an account and purchase a subscription for the MORE API please visit

Configuration on Email Hippo

Once you have a subscription set up and your API key there is no further setup required within Email Hippo.

For further information on the MORE API please visit

Configuration on Auth0

  1. Go to the Rules option on the menu

  2. Under Settings on this page add a new key value

  3. Set the key as 'HIPPO_API_KEY' and the value as your Email Hippo API key

  4. Click on ‘+ Create Rule’

  5. Select the ‘Empty Rule’ template

  6. Name your rule - for example ‘Email Hippo Email Address Validation’

  7. Replace the code displayed in Auth0 with the JavaScript shown here

  8. Click on ‘Save’ or ‘Try this rule’ to use the function within your Auth0 sign up form and prevent sign ups with bad or disposable email addresses.

The MORE API (Edition2/Version3) contains multiple data points which you may wish to incorporate in your function, for example for prompting re-input of mis-spelled email addresses.

Our function uses the simple ‘result’ and ‘additional status’ to identify the email addresses which should not be accepted.

function (user, context, callback) {

  user.app_metadata = user.app_metadata || {};

  // Users with the emailhippo_valid will return an error on login
  // Setting emailhippo_valid to true will allow the user to log back in
  const valid = user.app_metadata.emailhippo_valid;
  if (valid !== undefined) {
    return valid ? callback(null, user, context) : callback('Email address is not valid');

  if(! {
    return callback(null, user, context);

  const request = require('request');

  const key = configuration.HIPPO_API_KEY;

  // Sign up at
  const url = ''+ key +'/' +;

  request({ url: url }, function (err, resp, body) {
    if (err) {
        return callback(null, user, context);
    if (resp.statusCode !== 200) {
        return callback(null, user, context);

    const hippo_resonse = JSON.parse(body);

    const result = hippo_resonse.emailVerification.mailboxVerification.result;
    const reason = hippo_resonse.emailVerification.mailboxVerification.reason;

    user.app_metadata = user.app_metadata || {};

    // Any email address that is either bad or a Disposable email address
    // will be flagged as invalid. You can add your own custom logic if you want.
    let valid = true;
    if (result === 'Bad' || (result === 'Unverifiable' && reason === 'DomainIsWellKnownDea')){
        valid = false;

    user.app_metadata.emailhippo_result = result;
    user.app_metadata.emailhippo_reason = reason;
    user.app_metadata.emailhippo_valid = valid;

    auth0.users.updateAppMetadata(user.user_id, user.app_metadata)
        return valid ? callback(null, user, context) : callback('Email address is not valid');
        callback(null, user, context);