PHP SDK · Feature

Fraud Detection & Risk Scoring in PHP

Collapse every signal — geolocation, proxy/VPN/Tor flags, datacenter hosting, disposable email, syntax — into a single 0–100 risk score you can act on at sign-up, checkout, or login. Or pull the raw ipReputation record when you want to build your own rules.

Get free API key PHP SDK overview
Trusted by thousands of businesses
Fast JSON API responses
Real-time validation
Simple integration, SDKs & examples
What it does

One score from every signal

Individual flags are powerful, but acting on each one is fiddly. riskScore weighs geolocation, anonymizer flags, datacenter hosting, and email quality into a single number with a bucketed level, so you can make a block / review / allow decision in one comparison — and still drill into the contributing factors when you need to explain a decision.

Prerequisites

1

Score an IP with riskScore

Returns a score (0–100) and a human risk_level, plus the factors that drove it. Omit the argument to score the caller's own IP. 

<?php

use IpApiIo\Client;

$client = new Client(apiKey: getenv('IP_API_IO_KEY'));

$risk = $client->riskScore('185.220.101.1');

echo $risk['score'];                                  // 88
echo $risk['risk_level'];                             // "high"
var_dump($risk['factors']['ip_factors']['is_tor_node']);   // true
var_dump($risk['factors']['ip_factors']['is_datacenter']); // true

if ($risk['score'] >= 75) {
    // block, or send to manual review / step-up auth
}
2

Score an email with emailRiskScore

Same 0–100 scale, driven by email signals (disposable provider, invalid syntax). Use it to grade leads or gate sign-ups by address quality. 

$risk = $client->emailRiskScore('user@mailinator.com');

echo $risk['score'], ' ', $risk['risk_level'];                 // 90 "high"
var_dump($risk['factors']['email_factors']['is_disposable']);  // true
3

Raw signals with ipReputation

Returns the underlying reputation data for an IP as an associative array — use it when you want the source signals rather than a computed score. 

$reputation = $client->ipReputation('185.220.101.1');
print_r($reputation);
Reference

Response reference

riskScore / emailRiskScore response

FieldTypeDescription
scoreintRisk score, 0 (safe) – 100 (high risk)
risk_levelstringBucketed level, e.g. "low", "medium", "high"
ipstring | nullScored IP (when applicable)
emailstring | nullScored email (when applicable)
factorsarrayip_factors and/or email_factors

ip_factors: is_proxy, is_vpn, is_tor_node, is_spam, is_datacenter, risk_contribution. email_factors: is_disposable, is_valid_syntax, risk_contribution.

FAQ

Frequently asked questions

How do I score an IP for fraud risk in PHP?

Call $client->riskScore($ip). It returns a score from 0 (safe) to 100 (high risk), a human risk_level, and the factors that drove it. Omit the argument to score the caller's own IP.

Can I score an email address too?

Yes. $client->emailRiskScore($email) returns the same 0–100 scale driven by email signals such as disposable provider and invalid syntax — use it to grade leads or gate sign-ups by address quality.

What's the difference between riskScore and ipReputation?

riskScore gives you a computed 0–100 score and bucketed level you can act on directly. ipReputation($ip) returns the underlying reputation record as an associative array — use it when you want the source signals to build your own rules.

What threshold should I block at?

A common pattern is to allow low scores, send medium scores to step-up verification, and block or manually review high scores (e.g. $risk['score'] >= 75). Tune the cutoffs to your own fraud tolerance and false-positive budget.

Related

Keep exploring

VPN, proxy & Tor detection
The individual checks behind the score, on every lookup.
Learn more
Email validation
Deliverability and disposable checks before you score.
Learn more
Fraud Detection API
The product page for fraud detection and risk scoring.
Learn more

Start building with the ip-api.io PHP SDK

Run composer require ip-api-io/ipapi-php, drop in your free API key, and ship in minutes — one zero-dependency client for geolocation, fraud detection, and email validation.

Get free API key PHP SDK overview

Need support?

Explore how IP-API.io can enhance your security, provide robust bot protection, and improve IP geolocation accuracy for your applications.

Contact Support

Found a bug in the SDK?

The ip-api-io/ipapi-php package is open source. Open an issue or pull request on GitHub and we'll take a look.

Open on GitHub