Risk Score API
for IPs & Emails.
A fraud detection API that calculates real-time risk scores for IP addresses and email addresses. Detect proxies, VPNs, Tor nodes, and disposable emails to block malicious users before they reach your application.
Powerful Features for Complete Protection
Our Risk Score API combines advanced threat intelligence with machine learning to provide comprehensive risk assessment for both IP addresses and email addresses.
Advanced Risk Scoring
Machine learning algorithms analyze multiple risk factors to provide accurate risk scores from 0 to 1, with comprehensive risk level classification.
IP Threat Detection
Detect proxies, VPNs, Tor nodes, datacenter IPs, spam sources, and suspicious activity patterns in real-time with high accuracy.
Email Risk Assessment
Validate email syntax, detect disposable email services, and assess email reputation to prevent fraud and improve user quality.
Real-time Analysis
Get instant risk scores with sub-second response times. Our optimized infrastructure ensures fast processing for high-volume applications.
Detailed Factor Analysis
Understand the reasoning behind each risk score with detailed breakdowns of IP and email risk factors and their contributions.
Fraud Detection API
Integrate fraud detection into any stack via a simple JSON API. Block account abuse, payment fraud, and credential stuffing with a single request.
API Documentation & Code Examples
Three endpoints, one consistent JSON score. Integrate risk scoring into any signup, checkout, or lead flow in minutes.
GET /api/v1/risk-score/{ip}?api_key={key}
# Risk score for an IP address
curl "https://ip-api.io/api/v1/risk-score/185.220.101.45?api_key=YOUR_API_KEY"
# Risk score for an IP + email
curl "https://ip-api.io/api/v1/risk-score/185.220.101.45?email=user@tempmail.io&api_key=YOUR_API_KEY"
{
"score": 0.87,
"risk_level": "VERY_HIGH",
"ip": "185.220.101.45",
"factors": {
"ip_factors": {
"is_proxy": false,
"is_tor_node": true,
"is_spam": true,
"is_vpn": false,
"is_datacenter": true,
"risk_contribution": 0.35
},
"email_factors": {
"is_disposable": true,
"is_valid_syntax": true,
"risk_contribution": 0.40
}
}
}
GET /api/v1/risk-score/{ip}?api_key={key}
async function checkRiskScore(ip, email) {
const params = new URLSearchParams({ api_key: 'YOUR_API_KEY' });
if (email) params.append('email', email);
const res = await fetch(`https://ip-api.io/api/v1/risk-score/${ip}?${params}`);
const data = await res.json();
console.log(data.score); // 0.87
console.log(data.risk_level); // "VERY_HIGH"
return data;
}
{
"score": 0.87,
"risk_level": "VERY_HIGH",
"ip": "185.220.101.45",
"factors": {
"ip_factors": {
"is_proxy": false,
"is_tor_node": true,
"is_spam": true,
"is_vpn": false,
"is_datacenter": true,
"risk_contribution": 0.35
},
"email_factors": {
"is_disposable": true,
"is_valid_syntax": true,
"risk_contribution": 0.40
}
}
}
GET /api/v1/risk-score/{ip}?api_key={key}
import requests
res = requests.get(
"https://ip-api.io/api/v1/risk-score/185.220.101.45",
params={"api_key": "YOUR_API_KEY"}
)
data = res.json()
print(data["score"]) # 0.87
print(data["risk_level"]) # "VERY_HIGH"
{
"score": 0.87,
"risk_level": "VERY_HIGH",
"ip": "185.220.101.45",
"factors": {
"ip_factors": {
"is_proxy": false,
"is_tor_node": true,
"is_spam": true,
"is_vpn": false,
"is_datacenter": true,
"risk_contribution": 0.35
},
"email_factors": {
"is_disposable": true,
"is_valid_syntax": true,
"risk_contribution": 0.40
}
}
}
Built for Every Fraud Prevention Flow
One API call returns a composite risk score you can act on immediately — no custom scoring pipeline required.
Signup Fraud Prevention
Block high-risk registrations by scoring the IP and email at the moment of signup. Automatically challenge or reject users above your risk threshold.
Checkout & Payment Protection
Reduce chargebacks and payment fraud by scoring the buyer's IP before authorizing a transaction. Flag proxy and datacenter traffic for manual review.
Account Takeover Defense
Detect suspicious login attempts from datacenter IPs, Tor exit nodes, or known spam sources and require step-up authentication automatically.
Lead Quality Scoring
Score inbound leads by IP and email before they enter your CRM. Filter out disposable addresses and anonymizing proxies to protect ad spend.
Risk Score API FAQs
Common questions about ip-api.io's IP and email risk scoring API.
What is a risk score API?
A risk score API analyses an IP address and optionally an email address to produce a numeric fraud risk score and a risk level. Developers use it in signup, login, and checkout flows to decide in real time whether to allow, challenge, or block a request — without building their own threat intelligence pipeline.
What signals go into the risk score?
The score combines IP signals — VPN, proxy, Tor, datacenter, abuse history, and geolocation — with optional email signals: disposable provider detection and syntax validity. The result is a score between 0.0 and 1.0 and a risk_level of VERY_LOW, LOW, MEDIUM, HIGH, or VERY_HIGH.
How is this different from the Fraud Detection API?
The Risk Score API is the combined endpoint — it returns a single composite score aggregating all IP and email signals in one call. The Fraud Detection API exposes each individual signal (VPN, proxy, Tor, email disposable, etc.) as separate boolean fields. Use risk score when you want one number to act on; use fraud detection when you need to inspect individual signals.
Can I pass an email address to the risk score endpoint?
Yes. The /api/v1/risk-score endpoint accepts an optional email query parameter. When provided, the response includes email-specific fields — is_disposable, is_valid_syntax — that are factored into the overall risk score alongside the IP signals.
What risk score threshold should I use to block users?
Thresholds depend on your use case and acceptable false-positive rate. As a starting point: block at risk_level: HIGH or VERY_HIGH, challenge (CAPTCHA or email verification) at MEDIUM, and allow through at LOW or VERY_LOW. Review your false-positive rate against real traffic and adjust accordingly.
Simple, transparent pricing
Start small, scale as you grow. No hidden fees.
Block risky users before they reach your app
Real-time risk scores for IPs and emails. Detect proxies, VPNs, Tor nodes, and disposable emails in milliseconds.