JavaScript SDK · Feature

Fraud Detection & Risk Scoring in Node.js

Q: How do I get a fraud risk score for an IP in Node.js?

Call await client.riskScore(ip). It returns a score from 0 (safe) to 100 (high risk), a bucketed risk_level such as low/medium/high, and a factors object explaining the score. Omit the argument to score the caller's own IP.

Q: Can I score an email address for fraud?

Yes. client.emailRiskScore(email) returns the same 0–100 scale driven by email signals such as disposable provider and invalid syntax — useful for grading leads or gating sign-ups by address quality.

Q: How is risk scoring different from the suspicious_factors flags?

suspicious_factors gives individual booleans to build your own rules. riskScore collapses those signals — plus geolocation and email quality — into one number you can act on directly. Use ipReputation when you want the raw source signals.

Collapse every signal — geolocation, proxy/VPN/Tor flags, datacenter hosting, disposable email, syntax — into a single 0–100 risk score you can act on at sign-up, checkout, or login. Or pull the raw IP reputation record when you want to build your own rules.

Get free API key JavaScript SDK overview

Trusted by thousands of businesses

Fast JSON API responses

Real-time validation

Simple integration, SDKs & examples

What it does

One number you can act on

Individual flags are powerful, but turning them into a decision means writing and maintaining rules. riskScore does that for you: it weighs geolocation, anonymizer flags, datacenter hosting, and email quality into a single score from 0 (safe) to 100 (high risk), with a human-readable risk_level and the factors that drove it — so you can gate sign-ups and checkouts in one line.

Prerequisites

Node.js 18+ with ip-api-io installed
A free ip-api.io API key

Returns a score (0–100) and a human risk_level, plus the factors that drove it. Omit the argument to score the caller's own IP.

import { IpApiClient } from "ip-api-io";

const client = new IpApiClient({ apiKey: process.env.IP_API_IO_KEY });

const risk = await client.riskScore("185.220.101.1");

console.log(risk.score);                              // 88
console.log(risk.risk_level);                         // "high"
console.log(risk.factors.ip_factors?.is_tor_node);    // true
console.log(risk.factors.ip_factors?.is_datacenter);  // true

if (risk.score >= 75) {
  // block, or send to manual review / step-up auth
}

Same 0–100 scale, driven by email signals (disposable provider, invalid syntax). Use it to grade leads or gate sign-ups by address quality.

const risk = await client.emailRiskScore("user@mailinator.com");

console.log(risk.score, risk.risk_level);                // 90 "high"
console.log(risk.factors.email_factors?.is_disposable);  // true

Returns the underlying reputation data for an IP as a plain object — use it when you want the source signals rather than a computed score.

const reputation = await client.ipReputation("185.220.101.1");
console.log(reputation);

Reference

Response reference

Field	Type	Description
`score`	number	Risk score, 0 (safe) – 100 (high risk)
`risk_level`	string	Bucketed level, e.g. `"low"`, `"medium"`, `"high"`
`ip`	string \| null	Scored IP (when applicable)
`email`	string \| null	Scored email (when applicable)
`factors`	object	`ip_factors` (`is_proxy`, `is_vpn`, `is_tor_node`, `is_spam`, `is_datacenter`, `risk_contribution`) and/or `email_factors` (`is_disposable`, `is_valid_syntax`, `risk_contribution`)

FAQ

Frequently asked questions

How do I get a fraud risk score for an IP in Node.js?

Call await client.riskScore(ip). It returns a score from 0 (safe) to 100 (high risk), a bucketed risk_level such as low/medium/high, and a factors object explaining the score. Omit the argument to score the caller's own IP.

Can I score an email address for fraud?

Yes. client.emailRiskScore(email) returns the same 0–100 scale driven by email signals such as disposable provider and invalid syntax — useful for grading leads or gating sign-ups by address quality.

What threshold should I block at?

A common pattern is to allow scores below 50, send 50–75 to manual review or step-up auth, and block 75 and above. Tune to your own fraud tolerance using the factors breakdown to understand each decision.

How is risk scoring different from the suspicious_factors flags?

suspicious_factors gives individual booleans to build your own rules. riskScore collapses those signals — plus geolocation and email quality — into one number you can act on directly. Use ipReputation when you want the raw source signals.

Start building with the ip-api.io JavaScript SDK

Install ip-api-io, drop in your free API key, and ship in minutes — one typed client for geolocation, fraud detection, and email validation.

Get free API key JavaScript SDK overview

Need support?

Explore how IP-API.io can enhance your security, provide robust bot protection, and improve IP geolocation accuracy for your applications.

Contact Support

Found a bug in the SDK?

The ip-api-io package is open source. Open an issue or pull request on GitHub and we'll take a look.

Open on GitHub

Fraud Detection & Risk Scoring in Node.js

One number you can act on

Prerequisites

Score an IP with `riskScore`

Score an email with `emailRiskScore`

Pull raw signals with `ipReputation`

Response reference

Frequently asked questions

Start building with the ip-api.io JavaScript SDK

Need support?

Found a bug in the SDK?

Fraud Detection & Risk Scoring in Node.js

One number you can act on

Prerequisites

Score an IP with riskScore

Score an email with emailRiskScore

Pull raw signals with ipReputation

Response reference

Frequently asked questions

Keep exploring

Start building with the ip-api.io JavaScript SDK

Need support?

Found a bug in the SDK?

Score an IP with `riskScore`

Score an email with `emailRiskScore`

Pull raw signals with `ipReputation`