Originality.ai scan/ai API: cURL, X-OAI-API-KEY & x-oai-api-key Fixes

curl -X POST "https://api.originality.ai/api/v1/scan/ai" \
  -H "X-OAI-API-KEY: $ORIGINALITY_API_KEY" \
  -H "Content-Type: application/json" \
  --data '{"content":"Text to check for AI-generated patterns."}'

A common failure mode in editorial, academic, and compliance workflows is not lack of awareness; it is lack of integration. Reviewers copy and paste selected documents into browser-based detectors, which makes screening slow, inconsistent, and hard to audit. The stronger pattern is to wire an AI detection API into intake so every eligible document receives the same structured triage signal before a human reviewer decides what to do next.

This is the standard problem that AI detector APIs solve: moving detection from a manual, ad-hoc check to an automated, systematic signal embedded in your existing workflow. The market for these APIs has matured significantly in 2025–2026. Multiple providers now offer stable, well-documented REST APIs with clear rate limits, competitive pricing, and accuracy suitable for production use. This guide covers how to evaluate them, what each offers, and how to implement detection in the workflows most likely to need it.

POST https://api.originality.ai/api/v1/scan/ai
X-OAI-API-KEY: <server-side-api-key>
Content-Type: application/json

{
  "content": "Text to check for AI-generated patterns"
}

curl -X POST "https://api.originality.ai/api/v1/scan/ai" \
  -H "X-OAI-API-KEY: $ORIGINALITY_API_KEY" \
  -H "Content-Type: application/json" \
  --data '{"content":"Paste the server-side text you want to scan."}'

Why Organizations Are Embedding AI Detection Into Their Pipelines

The shift from ad-hoc to systematic AI detection is being driven by three practical factors. First, the volume problem: editors, instructors, recruiters, and compliance teams cannot manually copy-paste every document into a detector without slowing the workflow or screening only the most suspicious cases.

Second, the consistency problem: manual spot checks create selection bias. An API can apply the same minimum-length rules, provider, threshold band, and escalation note to every eligible document, which makes the review trail more defensible than informal browser checks.

Third, the defensibility problem: in any context where detection results have formal consequences — academic integrity proceedings, publication rejections, employment decisions — documented, consistent, automated screening creates an audit trail that ad-hoc manual checks do not.

The Leading AI Detector APIs in 2026

Originality.ai API

Originality.ai offers one of the most developer-friendly AI detection APIs: documented scan endpoints, API-key authentication, credit-based usage, and combined AI detection plus plagiarism workflows. Pricing and plan gates change over time, so verify current access rules in the Originality.ai dashboard before building a production budget. Independent tests generally place Originality.ai among the stronger commercial detectors, but teams should still benchmark it against their own content before treating scores as a decision signal.

Originality.ai documents API access through its help center and full API documentation. Treat current endpoints, response fields, plan gates, quotas, and pricing as provider-controlled details that should be checked in the dashboard before production deployment. For implementation, the key safety point is simple: call the endpoint from backend code, keep X-OAI-API-KEY in server secrets, and log sanitized status codes rather than full request headers.

GPTZero API

GPTZero's API is a strong option for academic institution deployments. GPTZero's support documentation says the API accepts files and text input, returns probabilities at document, paragraph, and sentence level, and supports batched inference. The classification model includes human, mixed, and AI outcomes, which is useful for educational contexts where students may submit partially AI-assisted work.

The GPTZero API accepts both raw text and file uploads, enabling LMS integration where student submissions arrive as documents rather than extracted text. Batch processing is supported, significantly reducing integration complexity for high-volume assignment review. GPTZero also documents confidence categories and recommends caution when tuning thresholds for academic use because false positives can cause disproportionate harm.

Copyleaks API

Copyleaks provides a mature API surface for AI detection and plagiarism workflows, including raw-text submission, file/URL handling in broader API flows, sandbox mode for testing, and documented rate-limit behavior. For international publishers or universities with non-English submission pipelines, Copyleaks' cross-language and governance tooling can address gaps in English-dominant detection stacks. Their public pricing currently lists Personal and Pro web plans, while API, LMS, education, and enterprise deployments may require a custom plan.

For high-stakes integrity workflows, benchmark Copyleaks against your own content mix before setting thresholds. For first-pass triage at scale — identifying which submissions warrant human review — it can be useful when paired with clear escalation rules, reviewer notes, and a policy that prohibits automatic penalties from detector output alone.

Winston AI API

Winston AI is worth evaluating for smaller teams that want a lower-friction commercial detector and multimodal coverage. Confirm current API availability, quotas, and plan requirements directly before committing, because API access and monthly word limits are the parts of this market that change most often.

AI Detector API Comparison

Integration Patterns by Platform Type

CMS Integration (WordPress, Headless CMS)

The canonical CMS integration uses a pre-publish webhook that triggers an AI detection API call before content is marked published. In WordPress, this is implemented via the pre_post_update hook. In headless CMS platforms like Contentful or Strapi, it uses a serverless function triggered on content state changes.

Response handling should be non-blocking: the API call happens asynchronously, the detection score is stored as a content metadata field, and editors see the score on the review screen without it blocking publication. Automatic rejection on score thresholds is not recommended. Instead, your team should define confidence bands after testing the detector on your own content, then surface higher-risk bands as a warning banner requiring editorial acknowledgment before publication.

// Example: Originality.ai API pre-publish check (Node.js)
async function checkAIBeforePublish(contentBody, apiKey) {
  const res = await fetch('https://api.originality.ai/api/v1/scan/ai', {
    method: 'POST',
    headers: {
      'X-OAI-API-KEY': apiKey,
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({ content: contentBody })
  })
  const { score } = await res.json()
  // score.ai is 0-1; score.original is 0-1
  return { aiProbability: score.ai, humanProbability: score.original }
}

LMS Integration (Canvas, Moodle, Blackboard)

LMS integration follows a different pattern: submissions arrive as file uploads (PDF or DOCX) rather than plain text, and the integration point is the assignment submission event rather than a publish action. GPTZero's file-upload API is the most practical choice for this workflow, as it accepts documents directly without requiring text extraction preprocessing.

The recommended architecture for LMS integration uses a webhook listener that subscribes to the LMS's assignment submission event, extracts the submission file, sends it to the detection API, and writes the result back to the grade book as a metadata tag visible to instructors. The entire flow should complete within 10–15 seconds for a standard essay submission. This gives instructors a detection score alongside the submission before they even open the document, enabling faster triage of high-volume submission windows like end-of-semester periods.

Canvas supports this pattern natively through its Submission API and webhook subscriptions. Moodle requires a custom plugin. Blackboard's Building Blocks framework supports REST-based integrations. Our guide to AI detection in education covers institutional deployment considerations in detail.

ATS Integration (Applicant Tracking Systems)

HR platforms and applicant tracking systems represent an emerging use case for AI detection APIs. As AI-generated resumes and cover letters become more common, organizations screening candidates at scale face the same volume and consistency problems as publishers. This is also one of the riskiest use cases, because a detector score can be misunderstood as proof rather than a signal requiring context.

ATS integration follows the CMS pattern: a webhook on application receipt triggers a detection API call, the score is stored in the candidate record, and recruiters see the score on the candidate review screen. The key difference in HR contexts is the legal and ethical framework — employment decisions based on AI detection flags require careful documentation and must not create disparate impact on protected classes. Organizations implementing detection in hiring workflows should consult legal counsel about disclosure obligations and document review protocols.

The platforms most commonly requesting AI detection API access in HR contexts are Greenhouse, Lever, and Workday. All three support webhook-based integrations that can feed detection scores into candidate records without requiring custom platform development.

Custom Publishing Workflows

For organizations with custom submission management systems — common in academic journal publishing, legal document review, and government content management — the most flexible pattern is a microservice wrapper around the detection API of choice. This service accepts document input in multiple formats, normalizes it to text, calls the detection API, and returns a standardized detection result schema regardless of which underlying provider is used.

This abstraction layer is valuable for two reasons: it allows switching detection providers without modifying the consuming applications, and it enables running multiple detectors on the same document and comparing or averaging results — an ensemble approach that can improve overall accuracy compared to any single detector. The Pangram Labs API, which offers a Python SDK alongside its REST interface, is specifically designed for this kind of programmatic integration and is worth evaluating for custom pipeline implementations.

Key Technical Considerations Before Integration

Troubleshooting Originality.ai API Requests

For the Originality.ai scan endpoint, most integration failures come from three places: sending the request from browser-side JavaScript, using the wrong key header, or passing content that is too short for a reliable detection score. Keep the request on your server, include the API key as X-OAI-API-KEY, and log sanitized status codes rather than full request headers. If your proxy lowercases the header to x-oai-api-key, that is normal HTTP behavior.

Minimum Text Length Requirements

AI detection APIs usually have minimum text-length guidance, and reliability drops sharply on short text because there is not enough writing signal to evaluate. Originality.ai's current public note says API AI detection scans have no word-count minimum, but accuracy is decreased for texts below 100 words. If your platform processes short-form content — social media posts, single-paragraph abstracts, cover email fields — either exclude those fields from automated detection or group eligible content into a larger review packet with a clear confidence warning.

Handling Multilingual and Code Content

Most AI detection APIs are optimized for English prose. Submitting non-English text to English-only APIs produces unreliable results — typically inflated AI probability scores — which can create false positive problems for international user bases. If your platform serves multilingual users, either restrict automated detection to English-language submissions (detecting language server-side before the API call) or use a multilingual-capable API like Copyleaks.

Code-heavy documents present a similar problem: code typically scores as high AI probability because its structure resembles the low-perplexity, high-predictability profile of AI-generated text. Submissions containing substantial code blocks should be processed with code sections stripped before detection, or detection should not be applied to code-heavy documents at all.

Rate Limiting and Batch Processing Design

API rate limits and quota rules vary by provider, plan, endpoint, and billing model. For real-time single-document checking, quota problems are usually manageable. For batch workflows — existing document archives, end-of-semester bulk submissions, or daily content intake queues — use queue-based processing with exponential backoff on 429 responses. Design batch jobs to run off-peak and implement retry jitter to avoid synchronized retry storms.

Responsible API Deployment: The Non-Negotiables

The ethical framework for AI detection applies with additional force when detection is automated at scale. Three practices are non-negotiable for any organization deploying an AI detection API:

1. Human review before consequences. Detection API scores should route to human review queues, not trigger automatic rejection, scoring penalties, or access restrictions. False positives are not theoretical: short text, formal prose, translated writing, non-native English, and heavily edited drafts can all trigger elevated scores. Automated consequences applied to false positives cause harm; human review catches them.

2. Transparency with submitters. Users whose content is being screened should know that AI detection is part of the evaluation process. Disclosure requirements vary by jurisdiction and context; in academic settings, institutional policy typically requires disclosure. In commercial contexts, privacy regulations in GDPR-governed jurisdictions may require notification. Consult legal counsel for your specific deployment context.

3. Regular accuracy auditing. AI models evolve, and the text detection models that detect them must evolve too. A detector that performs well on your validation set today can behave differently in 12 months as content patterns change. Implement periodic re-testing of your detection pipeline against a gold-standard corpus of known human and AI content, and set an alert threshold that triggers provider re-evaluation if accuracy drops below your acceptable floor.

Frequently Asked Questions