Fraud Detection API
for IP & Email Risk.
Detect risky users before signup, checkout, or account abuse. VPN, proxy, Tor, datacenter, IP reputation, disposable email, and combined risk scoring — all in one API response.
Core Fraud Detection Signals
Six IP and email intelligence signals combined into a single risk score your application can act on.
VPN, Proxy & Tor Detection
Identify masked traffic from VPNs, public proxies, Tor exit nodes, and anonymization networks commonly used to bypass fraud controls.
Datacenter IP Detection
Flag non-residential IPs belonging to hosting providers, cloud infrastructure, and datacenters — a strong signal for automated abuse and fake accounts.
IP Reputation & Abuse History
Score IP addresses using reputation signals, reported abuse indicators, and known malicious network behavior from continuously updated threat feeds.
Disposable Email Detection
Block temporary and burner email addresses from entering your user base. Updated continuously from a comprehensive list of known disposable providers.
Email Syntax & Disposable Detection
Validate email syntax and detect disposable or temporary email addresses. Returns is_valid_syntax and is_disposable flags alongside the IP risk score in a single response.
Combined Fraud Risk Score
Aggregate all IP and email signals into a single score (0.0–1.0) and a risk_level of VERY_LOW, LOW, MEDIUM, HIGH, or VERY_HIGH your app can act on directly.
API Documentation & Code Examples
Three endpoints, one consistent JSON response. Integrate fraud detection into any signup, checkout, or lead flow in minutes.
GET /api/v1/risk-score/{ip}?api_key={key}
# Risk score for an IP address
curl "https://ip-api.io/api/v1/risk-score/185.220.101.45?api_key=YOUR_API_KEY"
# Risk score for an IP + email
curl "https://ip-api.io/api/v1/risk-score/185.220.101.45?email=user@tempmail.io&api_key=YOUR_API_KEY"
{
"score": 0.87,
"risk_level": "VERY_HIGH",
"ip": "185.220.101.45",
"factors": {
"ip_factors": {
"is_proxy": false,
"is_tor_node": true,
"is_spam": true,
"is_vpn": false,
"is_datacenter": true,
"risk_contribution": 0.35
},
"email_factors": {
"is_disposable": true,
"is_valid_syntax": true,
"risk_contribution": 0.40
}
}
}
GET /api/v1/risk-score/{ip}?api_key={key}
async function checkFraudRisk(ip, email) {
const params = new URLSearchParams({ api_key: 'YOUR_API_KEY' });
if (email) params.append('email', email);
const res = await fetch(`https://ip-api.io/api/v1/risk-score/${ip}?${params}`);
const data = await res.json();
console.log(data.score); // 0.87
console.log(data.risk_level); // "VERY_HIGH"
return data;
}
{
"score": 0.87,
"risk_level": "VERY_HIGH",
"ip": "185.220.101.45",
"factors": {
"ip_factors": {
"is_proxy": false,
"is_tor_node": true,
"is_spam": true,
"is_vpn": false,
"is_datacenter": true,
"risk_contribution": 0.35
},
"email_factors": {
"is_disposable": true,
"is_valid_syntax": true,
"risk_contribution": 0.40
}
}
}
GET /api/v1/risk-score/{ip}?api_key={key}
import requests
res = requests.get(
"https://ip-api.io/api/v1/risk-score/185.220.101.45",
params={"api_key": "YOUR_API_KEY"}
)
data = res.json()
print(data["score"]) # 0.87
print(data["risk_level"]) # "VERY_HIGH"
{
"score": 0.87,
"risk_level": "VERY_HIGH",
"ip": "185.220.101.45",
"factors": {
"ip_factors": {
"is_proxy": false,
"is_tor_node": true,
"is_spam": true,
"is_vpn": false,
"is_datacenter": true,
"risk_contribution": 0.35
},
"email_factors": {
"is_disposable": true,
"is_valid_syntax": true,
"risk_contribution": 0.40
}
}
}
Fraud Detection API Use Cases
Unlike payment-only or document-only fraud tools, ip-api.io targets the flows where IP and email risk matter most.
Signup Fraud Prevention
Check IP and email risk before creating accounts. Block VPN and proxy users, reject disposable email addresses, and score the signup in real time to prevent fake account creation at the source.
Checkout & Payment Risk
Add IP and email risk signals before payment authorization. Flag transactions from Tor exit nodes, high-risk IPs, or disposable email addresses and route them to manual review automatically.
Account Abuse Detection
Flag suspicious login patterns from datacenter IPs, VPNs, or Tor. Detect multi-account abuse by correlating IP reputation and email quality signals across login events.
Lead Quality & Form Protection
Filter low-quality leads before they hit your CRM. Check IP reputation, identify disposable emails, and validate email syntax to ensure only genuine prospects enter your pipeline.
Fraud Detection API FAQs
Common questions about ip-api.io's fraud detection and IP risk scoring API.
What is a fraud detection API?
A fraud detection API is a service that analyzes signals like IP address risk, VPN or proxy usage, email validity, and behavioral patterns to return a risk score. Developers integrate it into signup, login, checkout, or form flows to block or flag suspicious users in real time — without building and maintaining their own threat intelligence infrastructure.
How does IP fraud detection work?
IP fraud detection works by checking an IP address against continuously updated threat databases and behavioral signals: whether it belongs to a VPN, proxy, Tor exit node, or datacenter; its reported abuse history; its reputation score; and its geolocation. ip-api.io combines these into a score between 0.0 and 1.0 alongside a risk_level of VERY_LOW, LOW, MEDIUM, HIGH, or VERY_HIGH.
Can I detect VPNs, proxies, and Tor exit nodes with this API?
Yes. Every API response includes dedicated boolean fields — is_vpn, is_proxy, is_tor_node, and is_datacenter — for each IP address lookup. These are updated continuously from multiple threat intelligence sources and have no additional cost per call.
Does the API check disposable email addresses?
Yes. When you pass an email address to the risk score endpoint, the API checks whether it belongs to a disposable or temporary email provider and validates the email syntax — returning is_disposable and is_valid_syntax flags alongside the IP risk data in a single response.
What is the best fraud detection API for IP and email risk scoring?
ip-api.io provides a developer-friendly fraud detection API that combines IP intelligence (VPN, proxy, Tor, datacenter, spam history) with email validation (disposable detection, syntax validation) into a single risk score endpoint. Unlike payment-only fraud tools (Stripe Radar) or document-only solutions, it is designed specifically for signup, login, checkout, and lead qualification flows where IP and email quality are the primary fraud signals.
Simple, transparent pricing
Start small, scale as you grow. No hidden fees.
Detect fraud before it reaches your product
VPN, proxy, Tor, datacenter, IP reputation, and disposable email signals — combined into one actionable risk score.