How it works
Each detected reference is sorted into one of two categories, and each category is validated differently:| Reference type | How Copyleaks validates it | What you get back |
|---|---|---|
| Academic (papers, journal articles) | Looked up in the Copyleaks academic citation index by title, then corroborated on year and authors. | Parsed fields plus matching source suggestions with per-field signals. |
| Non-academic (web pages, docs, blogs, encyclopedias) | The cited URL is fetched live and its title, year, and authors are compared to what was cited. | Parsed fields plus the fetched source as a suggestion with per-field signals. |
Get started
Before you begin
Before you start, ensure you have the following:
- An active Copyleaks account. If you don’t have one, sign up for free.
- You can find your API key on the API Dashboard.
Installation
Choose your preferred method for making API calls.
HTTP needs no installation - call the API with any standard HTTP client, or import our Postman collection for a quicker start.
Login
To perform a scan, we first need to generate an access token. For that, we will use the login endpoint.
The API key can be found on the Copyleaks API Dashboard.Upon successful authentication, you will receive a token that must be attached to subsequent API calls via the
Authorization: Bearer <TOKEN> header.
This token remains valid for 48 hours.Response
Save this token. It is valid for 48 hours and can be reused for subsequent API calls.
Submit a scan with reference validation
Submit a document for scanning and turn reference validation on. Use the top-level
properties.references.validate field and set it to true.If you omit the section entirely, validation defaults to false.This example also disables internet plagiarism scanning (scanning.internet: false) so the scan runs references-only.Keep track of the
scanId (in this case my-scan-id). You will need it to fetch the full per-reference results once the scan completes.Read the summary from the completed webhook
When the scan finishes, Copyleaks sends the completed webhook to the The summary fields are:
status URL you provided. The payload reports that validation ran via scannedDocument.enabled.referencesValidation, and adds a top-level referencesValidation.summary with the counts.Completed webhook (excerpt)
total- total references detected in the document.academic- how many of those were academic.academicValidated- academic references that were fully corroborated.nonAcademicValidated- non-academic references that were fully corroborated.
The completed webhook carries the summary only. To see each individual reference, what was parsed, and which sources corroborated it, fetch the crawled version in the next step.
Fetch the per-reference results
The completed webhook gives you the summary only. The full per-reference results live in the crawled version of the scan.Retrieve it with the Export method, using the
scanId from your submission. The exported crawled version contains a top-level referencesValidation block: the same summary plus a results array with one entry per reference.For the full field-by-field response schema, including how a reference counts as validated and the strict year matching rule, see the References Validation results data type.Next steps
How References Validation Works
Understand the concepts behind reference detection, parsing, and corroboration before you build.
References Validation Results
The full field reference for the summary and per-reference results, including signals and suggestions.
Detect AI-Generated Content
Run AI detection on uploaded documents as part of a full authenticity scan.
Check for Plagiarism
Submit text or files and get a plagiarism report with matched sources.

