ToolsMatic
All tools

Regex Tester API & Integration Documentation

Power your applications with regex validation, scoring, diagnostics, batch checks, and webhook-ready integration patterns through the ToolsMatic REST API.

Implementation Guide for Reliable Regex API Integrations

A regex API can reduce duplication across services by centralizing validation logic, scoring, and compatibility checks into one controlled endpoint. Instead of embedding slightly different patterns in each microservice, teams can standardize request contracts and track behavior from a single operational surface. This improves consistency in data validation, reduces drift between frontend and backend implementations, and makes incident response easier when patterns need urgent updates.

For production environments, design integrations with observability from day one. Capture request IDs, endpoint latency, status code distribution, and regex evaluation timing so you can differentiate malformed requests from capacity or timeout issues. If your platform handles user-generated patterns, include guardrails around maximum length and runtime limits to prevent expensive expressions from degrading service performance.

Security posture should cover both outgoing API calls and incoming webhook events. Outgoing requests must use scoped tokens, HTTPS-only transport, and key rotation schedules. Incoming webhooks should verify signatures and reject stale timestamps. Store only required payload fields, and avoid logging sensitive user input in plain text. These practices are critical for privacy-focused validation pipelines and regulated systems.

When integrating into CI/CD, treat regex checks as contract tests. Build suites that include representative valid examples, known invalid cases, and adversarial strings. Verify outcomes across engine flavors when cross-runtime compatibility matters. This approach catches regression risks before deployment and prevents broken filters from reaching production forms, ingestion jobs, or content moderation workflows.

Finally, plan graceful failure handling. If a transient API error occurs, retry with exponential backoff and fallback behavior appropriate for the feature. For non-blocking analytics pipelines, queue and replay. For critical account creation flows, provide user-safe validation messages without exposing implementation details. A reliable integration is not just about successful calls; it is about predictable behavior during failure paths as well.

Authentication

All API requests require authentication via API token in the Authorization header:

Authorization: Bearer YOUR_API_TOKEN

Obtain your API token from your ToolsMatic Dashboard.

Core Endpoints

1. Validate Regex Pattern

Test and score a regex pattern against sample text.

POST/api/v1/regex/validate

Request Body:

{
  "pattern": "(?<email>[a-z0-9._%+-]+)@[a-z0-9.-]+\\.[a-z]{2,}",
  "flags": "gi",
  "testText": "Contact: admin@toolsmatic.me and support@example.com",
  "flavor": "javascript"
}

Response (200 OK):

{
  "valid": true,
  "score": 87,
  "matchCount": 2,
  "groupCount": 1,
  "timeMs": 0.42,
  "efficiency": "Great",
  "matches": [
    {
      "index": 9,
      "length": 21,
      "text": "admin@toolsmatic.me",
      "groups": [{ "name": "email", "value": "admin@toolsmatic.me" }]
    },
    {
      "index": 35,
      "length": 18,
      "text": "support@example.com",
      "groups": [{ "name": "email", "value": "support@example.com" }]
    }
  ],
  "compatibility": {
    "javascript": true,
    "python": false,
    "pcre": true
  }
}

2. Calculate Pattern Score

Get efficiency and complexity metrics for a pattern.

POST/api/v1/regex/score 
{
  "pattern": "[a-z0-9]+@[a-z0-9.]+",
  "complexity": "medium"
}

Response:

{
  "score": 72,
  "efficiency": "Good",
  "characterCount": 22,
  "complexity": "medium",
  "suggestions": [
    "Consider adding anchors (^ and $) for strict matching",
    "Use named groups for better maintainability"
  ]
}

3. Challenge Submission

Submit a solution to a regex challenge and receive scoring.

POST/api/v1/regex/challenge/submit 
{
  "challengeId": "golf_email_extract",
  "pattern": "([a-z]+)@[a-z.]+",
  "patternLength": 17,
  "testsPassed": 10,
  "testsTotal": 10,
  "timeSeconds": 45
}

Response:

{
  "success": true,
  "scorePoints": 500,
  "golfScore": 17,
  "testsPassed": 10,
  "testsTotal": 10,
  "feedback": ["Pattern passed all fixtures", "Review boundaries before production use"]
}

4. Batch Validate Patterns

Validate multiple patterns against fixtures in one request.

POST/api/v1/regex/batch

Request Body:

{
  "flavor": "javascript",
  "checks": [
    {
      "id": "email_basic",
      "pattern": "[a-z0-9._%+-]+@[a-z0-9.-]+\\.[a-z]{2,}",
      "flags": "i",
      "samples": ["admin@toolsmatic.me", "not-an-email"]
    }
  ]
}

Response:

{
  "results": [
    {
      "id": "email_basic",
      "valid": true,
      "matchCount": 1,
      "timeMs": 0.31,
      "warnings": []
    }
  ],
  "summary": {
    "totalChecks": 1,
    "passed": 1,
    "failed": 0
  }
}

5. Explain Pattern

Return a compact token-level explanation and risk summary for a regex pattern.

POST/api/v1/regex/explain

Request Body:

{
  "pattern": "^(?<slug>[a-z0-9-]+)$",
  "flavor": "javascript"
}

Response:

{
  "tokens": [
    { "token": "^", "meaning": "Start of string anchor" },
    { "token": "(?<slug>...)", "meaning": "Named capture group" },
    { "token": "[a-z0-9-]+", "meaning": "One or more lowercase slug characters" },
    { "token": "$", "meaning": "End of string anchor" }
  ],
  "risk": "low",
  "notes": ["Anchored pattern is suitable for full-string slug validation."]
}

Webhooks

Receive real-time notifications of events via webhooks.

Webhook Events

Webhook Example: Challenge Completed

Request to your webhook URL:

POST https://your-app.com/webhooks/regex-events
Content-Type: application/json
X-Webhook-Signature: sha256=abc123...
X-Webhook-ID: wh_abc123xyz

{
  "event": "regex.challenge_completed",
  "timestamp": "2026-02-24T14:30:00Z",
  "data": {
    "runId": "run_abc123",
    "challengeId": "golf_email_extract",
    "golfScore": 17,
    "testsPassed": 10,
    "testsTotal": 10
  }
}

Code Examples

JavaScript/Node.js

const fetch = require('node-fetch');

async function validateRegex(pattern, testText) {
  const response = await fetch('https://toolsmatic.me/api/v1/regex/validate', {
    method: 'POST',
    headers: {
      'Authorization': `Bearer ${process.env.TOOLSMATIC_API_TOKEN}`,
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      pattern,
      flags: 'g',
      testText,
      flavor: 'javascript'
    })
  });
  
  return await response.json();
}

validateRegex('[a-z0-9]+@[a-z]+\\.[a-z]+', 'admin@example.com')
  .then(result => console.log(`Pattern Score: ${result.score}/100`))
  .catch(err => console.error(err));

Python

import requests
import os

def validate_regex(pattern, test_text):
  headers = {
    'Authorization': f"Bearer {os.getenv('TOOLSMATIC_API_TOKEN')}",
    'Content-Type': 'application/json'
  }
  
  payload = {
    'pattern': pattern,
    'flags': 'g',
    'testText': test_text,
    'flavor': 'python'
  }
  
  response = requests.post(
    'https://toolsmatic.me/api/v1/regex/validate',
    headers=headers,
    json=payload
  )
  
  return response.json()

result = validate_regex(r'[a-z0-9]+@[a-z]+\.[a-z]+', 'admin@example.com')
print(f"Pattern Score: {result['score']}/100")

cURL

curl -X POST https://toolsmatic.me/api/v1/regex/validate \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "pattern": "[a-z0-9]+@[a-z]+\\.[a-z]+",
    "flags": "g",
    "testText": "admin@example.com",
    "flavor": "javascript"
  }'

Rate Limits

Tier Requests/Min Max Pattern Length
Free 10/min 500 chars
Pro 100/min 5,000 chars
Enterprise 1000+/min Unlimited

Regex API Integration Options Comparison

Approach Pros Tradeoffs Best For
Central Regex API Consistent logic, central monitoring, easier updates Adds network dependency and rate-limit planning Multi-service platforms and shared validation standards
Embedded In-App Regex Low latency, no external calls Pattern drift across codebases, harder governance Small apps with limited validation scope
Hybrid with Local Fallback Resilience during outages, controlled behavior More complex implementation and sync strategy Mission-critical flows and enterprise reliability

Error Responses

// 400 Bad Request
{
  "error": "invalid_pattern",
  "message": "Regex pattern syntax error: Unexpected token",
  "statusCode": 400
}

// 401 Unauthorized
{
  "error": "invalid_token",
  "message": "API token is invalid or expired",
  "statusCode": 401
}

// 429 Too Many Requests
{
  "error": "rate_limit_exceeded",
  "message": "Exceeded rate limit of 10 requests/min",
  "retryAfter": 37,
  "statusCode": 429
}

SDK Libraries

Support & Documentation

For questions, issues, or feature requests:

Frequently Asked Questions

How do I choose between API validation and local regex validation?

Use API validation when multiple applications need identical behavior and centralized governance. Use local validation for simple low-risk checks where latency and offline behavior are top priorities.

What is the best way to handle API rate limits?

Implement client-side throttling, cache repeated pattern evaluations, and add retry logic with exponential backoff for temporary rate-limit responses. For sustained high traffic, move to a higher plan tier.

Can I trust one regex pattern across all engines?

Not always. Feature support differs between engines, so compatibility checks are important. Validate patterns against your target runtime and test fixtures before promoting them to production.

How should webhook events be validated securely?

Verify webhook signatures using shared secrets, enforce HTTPS, reject expired timestamps, and process events idempotently to avoid duplicate side effects during retries.