Detect risky users before signup, checkout, or account abuse. VPN, proxy, Tor, datacenter, IP reputation, disposable email, SMTP, and catch-all signals — all in one API response.
{ "risk_score": 87, "risk_level": "high", "recommendation": "block", "ip": { "is_vpn": false, "is_proxy": false, "is_tor": true, "is_datacenter": true, "abuse_score": 92 }, "email": { "is_disposable": true, "smtp_valid": false, "is_catch_all": false } }
Six IP and email intelligence signals combined into a single risk score your application can act on.
Identify masked traffic from VPNs, public proxies, Tor exit nodes, and anonymization networks commonly used to bypass fraud controls.
Flag non-residential IPs belonging to hosting providers, cloud infrastructure, and datacenters — a strong signal for automated abuse and fake accounts.
Score IP addresses using reputation signals, reported abuse indicators, and known malicious network behavior from continuously updated threat feeds.
Block temporary and burner email addresses from entering your user base. Updated continuously from a comprehensive list of known disposable providers.
Verify whether an email address can actually receive mail via real-time SMTP checks. Catch unreachable inboxes, catch-all domains, and role-based accounts.
Aggregate all IP and email signals into a single 0–100 fraud risk score with a block, review, or allow recommendation your app can act on directly.
Unlike payment-only or document-only fraud tools, ip-api.io targets the flows where IP and email risk matter most.
Check IP and email risk before creating accounts. Block VPN and proxy users, reject disposable email addresses, and score the signup in real time to prevent fake account creation at the source.
Add IP and email risk signals before payment authorization. Flag transactions from Tor exits, high-abuse IPs, or unverifiable email addresses and route them to manual review automatically.
Flag suspicious login patterns from datacenter IPs, VPNs, or Tor. Detect multi-account abuse by correlating IP reputation and email quality signals across login events.
Filter low-quality leads before they hit your CRM. Check IP reputation, identify disposable emails, and validate mailbox reachability to ensure only genuine prospects enter your pipeline.
Three endpoints cover every api fraud detection use case. All return JSON with consistent field names.
{
"risk_score": 87,
"risk_level": "high",
"recommendation": "block",
"ip": {
"address": "185.220.101.45",
"is_vpn": false,
"is_proxy": false,
"is_tor": true,
"is_datacenter": true,
"abuse_score": 92,
"country": "DE",
"asn": "AS4134"
},
"email": {
"address": "user@tempmail.io",
"is_disposable": true,
"smtp_valid": false,
"is_catch_all": false,
"is_role_account": false
}
}Drop-in code for the most common api fraud detection patterns — signup checks, payment flows, and lead qualification.
# Risk score for an IP address
curl "https://ip-api.io/api/v1/risk-score/185.220.101.45?api_key=YOUR_API_KEY"
# Risk score for an IP + email
curl "https://ip-api.io/api/v1/risk-score/185.220.101.45?email=user@tempmail.io&api_key=YOUR_API_KEY"
# Risk score for an email only
curl "https://ip-api.io/api/v1/risk-score/email/user@tempmail.io?api_key=YOUR_API_KEY"async function checkFraudRisk(ip, email) {
const params = new URLSearchParams({ api_key: 'YOUR_API_KEY' });
if (email) params.append('email', email);
const url = `https://ip-api.io/api/v1/risk-score/${ip}?${params}`;
const response = await fetch(url);
const data = await response.json();
if (data.recommendation === 'block') {
throw new Error('High fraud risk detected');
}
return data;
}
// Example: check IP + email on signup
checkFraudRisk('185.220.101.45', 'user@example.com')
.then(result => console.log(`Risk score: ${result.risk_score}`))
.catch(err => console.error(err.message));import requests
def check_fraud_risk(ip: str, email: str = None, api_key: str = "YOUR_API_KEY"):
params = {"api_key": api_key}
if email:
params["email"] = email
url = f"https://ip-api.io/api/v1/risk-score/{ip}"
response = requests.get(url, params=params)
response.raise_for_status()
return response.json()
# Example usage
result = check_fraud_risk("185.220.101.45", "user@example.com")
print(f"Risk Score: {result['risk_score']}")
print(f"Recommendation: {result['recommendation']}")
print(f"Is Tor: {result['ip']['is_tor']}")
print(f"Disposable Email: {result['email']['is_disposable']}")Start using IP-API.io to make your website safer and more user-friendly. Keep out unwanted bots, show visitors content that's relevant to where they are, and spot risky IP addresses quickly. It's perfect for making online shopping more personal and keeping your site secure. Get started today with one of the plans!
Common questions about ip-api.io's fraud detection and IP risk scoring API.
A fraud detection API is a service that analyzes signals like IP address risk, VPN or proxy usage, email validity, and behavioral patterns to return a risk score. Developers integrate it into signup, login, checkout, or form flows to block or flag suspicious users in real time — without building and maintaining their own threat intelligence infrastructure.
IP fraud detection works by checking an IP address against continuously updated threat databases and behavioral signals: whether it belongs to a VPN, proxy, Tor exit node, or datacenter; its reported abuse history; its reputation score; and its geolocation. ip-api.io combines these into a 0–100 fraud risk score with a block, review, or allow recommendation.
Yes. Every API response includes dedicated boolean fields — is_vpn, is_proxy, is_tor, and is_datacenter — for each IP address lookup. These are updated continuously from multiple threat intelligence sources and have no additional cost per call.
Yes. When you pass an email address to the risk score endpoint, the API checks whether it belongs to a disposable or temporary email provider, verifies the mailbox is reachable via SMTP, and flags catch-all and role-based accounts — all fraud signals in a single response alongside the IP data.
ip-api.io provides a developer-friendly fraud detection API that combines IP intelligence (VPN, proxy, Tor, datacenter, abuse history) with email validation (disposable detection, SMTP verification, catch-all) into a single risk score endpoint. Unlike payment-only fraud tools (Stripe Radar) or document-only solutions, it is designed specifically for signup, login, checkout, and lead qualification flows where IP and email quality are the primary fraud signals.
Explore how IP-API.io can enhance your security, provide robust bot protection, and improve IP geolocation accuracy for your applications.
Contact SupportCustomize your experience with tailored plans that fit your IP security and geolocation needs.
Email Us