Java SDK · Feature

Fraud Detection & Risk Scoring in Java

Q: How do I score an IP for fraud risk in Java?

Call client.riskScore(ip). It returns a score() from 0 (safe) to 100 (high risk), a human riskLevel(), and the factors() that drove it. Use riskScore() to score the caller's own IP.

Q: Can I score an email address too?

Yes. client.emailRiskScore(email) returns the same 0–100 scale driven by email signals such as disposable provider and invalid syntax — use it to grade leads or gate sign-ups by address quality.

Q: What's the difference between riskScore and ipReputation?

riskScore gives you a computed 0–100 score and bucketed level you can act on directly. ipReputation(ip) returns the underlying reputation record — use it when you want the source signals to build your own rules.

Collapse every signal — geolocation, proxy/VPN/Tor flags, datacenter hosting, disposable email, syntax — into a single 0–100 risk score you can act on at sign-up, checkout, or login. Or pull the raw ipReputation record when you want to build your own rules.

Get free API key Java SDK overview

Trusted by thousands of businesses

Fast JSON API responses

Real-time validation

Simple integration, SDKs & examples

What it does

One score from every signal

Individual flags are powerful, but acting on each one is fiddly. riskScore weighs geolocation, anonymizer flags, datacenter hosting, and email quality into a single number with a bucketed level, so you can make a block / review / allow decision in one comparison — and still drill into the contributing factors when you need to explain a decision.

Prerequisites

A Java 17+ project with io.ip-api:ipapi added
A free ip-api.io API key

Returns a score() (0–100) and a human riskLevel(), plus the factors() that drove it. Use riskScore() for the caller's IP.

IpApiClient client = IpApiClient.builder()
        .apiKey(System.getenv("IP_API_IO_KEY"))
        .build();

RiskScore risk = client.riskScore("185.220.101.1");

System.out.println(risk.score());     // 88.0
System.out.println(risk.riskLevel()); // "high"
if (risk.factors().ip() != null) {
    var ip = risk.factors().ip();
    System.out.println(ip.isTorNode() + " " + ip.isDatacenter());
}

if (risk.score() >= 75) {
    // block, or send to manual review / step-up auth
}

Same 0–100 scale, driven by email signals (disposable provider, invalid syntax). Use it to grade leads or gate sign-ups by address quality.

RiskScore risk = client.emailRiskScore("user@mailinator.com");

System.out.println(risk.score() + " " + risk.riskLevel()); // 90.0 high
if (risk.factors().email() != null) {
    System.out.println(risk.factors().email().isDisposable()); // true
}

Returns the underlying reputation data for an IP — use it when you want the source signals rather than a computed score.

var reputation = client.ipReputation("185.220.101.1");
System.out.println(reputation);

Reference

Response reference

`RiskScore` (from `riskScore` / `emailRiskScore`)

Accessor	Type	Description
`score()`	double	Risk score, 0 (safe) – 100 (high risk)
`riskLevel()`	String	Bucketed level, e.g. "low", "medium", "high"
`ip()`	String	Scored IP (when applicable)
`email()`	String	Scored email (when applicable)
`factors()`	RiskScoreFactors	`ip()` and/or `email()` (nullable)

factors().ip(): isProxy(), isVpn(), isTorNode(), isSpam(), isDatacenter(), riskContribution(). factors().email(): isDisposable(), isValidSyntax(), riskContribution().

FAQ

Frequently asked questions

How do I score an IP for fraud risk in Java?

Call client.riskScore(ip). It returns a score() from 0 (safe) to 100 (high risk), a human riskLevel(), and the factors() that drove it. Use riskScore() to score the caller's own IP.

Can I score an email address too?

Yes. client.emailRiskScore(email) returns the same 0–100 scale driven by email signals such as disposable provider and invalid syntax — use it to grade leads or gate sign-ups by address quality.

What's the difference between riskScore and ipReputation?

riskScore gives you a computed 0–100 score and bucketed level you can act on directly. ipReputation(ip) returns the underlying reputation record — use it when you want the source signals to build your own rules.

What threshold should I block at?

A common pattern is to allow low scores, send medium scores to step-up verification, and block or manually review high scores (e.g. risk.score() >= 75). Tune the cutoffs to your own fraud tolerance and false-positive budget.

Start building with the ip-api.io Java SDK

Add io.ip-api:ipapi to your build, drop in your free API key, and ship in minutes — one client for geolocation, fraud detection, and email validation.

Get free API key Java SDK overview

Need support?

Explore how IP-API.io can enhance your security, provide robust bot protection, and improve IP geolocation accuracy for your applications.

Contact Support

Found a bug in the SDK?

The io.ip-api:ipapi library is open source. Open an issue or pull request on GitHub and we'll take a look.

Open on GitHub

Fraud Detection & Risk Scoring in Java

One score from every signal

Prerequisites

Score an IP with `riskScore`

Score an email with `emailRiskScore`

Raw signals with `ipReputation`

Response reference

`RiskScore` (from `riskScore` / `emailRiskScore`)

Frequently asked questions

Start building with the ip-api.io Java SDK

Need support?

Found a bug in the SDK?

Fraud Detection & Risk Scoring in Java

One score from every signal

Prerequisites

Score an IP with riskScore

Score an email with emailRiskScore

Raw signals with ipReputation

Response reference

RiskScore (from riskScore / emailRiskScore)

Frequently asked questions

Keep exploring

Start building with the ip-api.io Java SDK

Need support?

Found a bug in the SDK?

Score an IP with `riskScore`

Score an email with `emailRiskScore`

Raw signals with `ipReputation`

`RiskScore` (from `riskScore` / `emailRiskScore`)